macOS
brew install sonar-scannerlocal Homebrew formula metadata
brew
Launcher to analyze a project with SonarQube. Version 8.1.0.6389 via Homebrew; verified 2026-04-21.
install
brew install sonar-scannerlocal Homebrew formula metadata
sudo apk add sonar-scannerAlpine Linux edge package indexes · sonar-scanner · source: dl-cdn.alpinelinux.org
scoop install main/sonar-scannerScoop official bucket manifest trees · bucket/sonar-scanner.json · source: api.github.com
overview
Launcher to analyze a project with SonarQube
history
SonarScanner CLI is SonarSource's command-line scanner for running SonarQube Server and SonarQube Cloud code analysis when there is no build-system-specific scanner. It is a CI/CD staple because it turns a checked-out source tree plus `sonar-project.properties` into an analysis uploaded to a Sonar service.
The public GitHub repository is the official scanner CLI source tree, and its tags include older 2.x releases. Current SonarSource documentation presents a maintained release line from 4.x through 8.x, with the README stating that project configuration is read from `sonar-project.properties` or passed on the command line.
Notable documented release changes include the 4.3 release using the SonarScanner name in logs, the 4.4 release adding a supported Docker image, the 5.0 release embedding Java 17, the 6.0 release adding a new bootstrapping mechanism and JRE provisioning for SonarQube 10.6+ and SonarCloud, and the 8.0.1 release updating embedded JREs to Java 21.
The scanner is distributed as OS-specific downloads, a Docker image, a generic JVM zip, and package-manager formulae. Homebrew analytics show tens of thousands of yearly installs, which fits its role as a common CI dependency rather than a library used inside application code.
Users create `sonar-project.properties` in the project root, run `sonar-scanner`, and provide server/project credentials through scanner parameters, CI secrets, or environment configuration rather than a dedicated credentials file. SonarSource warns users to prefer dedicated Maven, Gradle, or .NET scanners for those build systems.
SonarScanner CLI matters to package maintainers because CI images and developer machines need a reproducible scanner binary with the right Java behavior. Changes such as embedded JRE updates, Docker distribution, and auto-provisioning affect whether a package works in minimal runners, corporate networks, and long-lived build pipelines.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
sonar-project.properties${scanner.home}/conf/sonar-scanner.propertiesexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
sonar-scanner | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
install metadata
| Package key | brew:sonar-scanner |
|---|---|
| Version | 8.1.0.6389 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/sonar-scanner |
| Homepage | https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/ |
| Repository | https://github.com/SonarSource/sonar-scanner-cli |
| Upstream docs | https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-cli |
| License | LGPL-3.0-or-later |
| Source archive | https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.1.0.6389.zip |
| Last updated | 2026-04-21T09:37:00Z |
| Pulse | updated |
| Dependencies | openjdk |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | sonar-scanner |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
sonar-scanner 8.1.0.6389-r0
Scanner CLI for SonarQube and SonarCloud
https://github.com/SonarSource/sonar-scanner-cli
sudo apk add sonar-scannermain/sonar-scanner
scoop install main/sonar-scannersource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.