SkillAgentSearch skills...

Sonarless

SonarQube Scan CLI + GitHub Action without a need of a dedicated hosted SonarQube Server

GenerateConvertImprove

Install / Use

/learn @gitricko/Sonarless
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Test Codacy GitHub License GitHub Release GitHub commits since latest release

Sonarless v1.3

This developer-friendly CLI and GitHub Action enable SonarQube scanning for your repository without the need for a dedicated hosted SonarQube server. It starts a SonarQube Docker instance, allowing developers to scan code, check results, and generate a JSON metrics file for automation. This ensures you can easily assess and maintain the quality of your code.

What's new

Please refer to the release page for the latest release notes.

Use Sonarless in your Local Dev

To install CLI, paste and run the following in a terminal:

curl -s "https://raw.githubusercontent.com/gitricko/sonarless/main/install.sh" | bash

                                               _ 
               ___   ___   _ __    __ _  _ __ | |  ___  ___  ___ 
              / __| / _ \ | "_ \  / _` || "__|| | / _ \/ __|/ __| 
              \__ \| (_) || | | || (_| || |   | ||  __/\__ \\__ \ 
              |___/ \___/ |_| |_| \__,_||_|   |_| \___||___/|___/ 


                                                                        Now attempting installation...

Looking for a previous installation of SONARLESS...
Looking for docker...
Looking for jq...
Looking for sed...
Installing Sonarless helper scripts...
* Downloading...

######################################################################## 100.0%

Please open a new terminal, or run the following in the existing one:

    alias sonarless='/home/runner/.sonarless/makefile.sh' 

Then issue the following command:

    sonarless help

Enjoy!!!

To understand CLI sub-commands, just run sonarless help

Usually, you only need to know 2 sub-commands

  • sonarless scan: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via http://localhost:9234 to get details from SonarQube. The default password for admin is Son@rless123

  • sonarless results: to generate sonar-metrics.json metrics file in your current directory

To clean up your sonar instance, just run sonarless docker-clean. SonarQube docker instance will be stop and all images removed.

This CLI works perfectly with Github CodeSpace

GitHub Action Usage

<!-- start usage --> 
- uses: gitricko/sonarless@v1.3
  with:
    # Folder path to scan from git-root
    # Default: . 
    sonar-source-path: ''

    # Path to SonarQube metrics json from git-root
    # Default: ./sonar-metrics.json 
    sonar-metrics-path: ''

    # SonarQube Project Name
    # Default: ${{ github.event.repository.name }}
    sonar-project-name: ''

    # SonarQube Project Key
    # Default: ${{ github.event.repository.name }}
    sonar-project-key: ''
<!-- end usage -->

Scenarios

Sonar scan all files from git root directory

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/sonarless@v1.3

Scan particular folder from git root directory

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/sonarless@v1.3
        with:
          sonar-source-path: 'src'

Scan code and fail build if metrics is below expectation

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/sonarless@v1.3
        with:
          sonar-source-path: 'src'
          sonar-metrics-path: './sonar-mymetrics.json'

      - name: Check Sonar Metrics - No Vulnerabilities
        run: |
          echo "Checking for any vulnerabilities in Sonar Metrics JSON"
          VULN=$(cat ./sonar-mymetrics.json | jq -r '.component.measures[] | select(.metric == "vulnerabilities").value')
          echo "# of vulnerabilities = ${VULN}"
          [ ${VULN} -eq "0" ]

Options to change local sonarqube server port

Just in case your local machine/GHA container need to use the default port of 9234

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/sonarless@v1.3
        with:
          sonar-instance-port: '1234'

Coffee

If you find this small helper script and action helpful, buy me a sip of coffee here to show your appreciation (only if you want to)

Related Skills

imsg

346.4k

iMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.

node-connect

346.4k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

oracle

346.4k

Best practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).

lobster

346.4k

Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (s

gitricko

View profile

View on GitHub
GitHub Stars46
CategoryDevelopment
Updated2d ago
Forks4
gitricko/sonarless

Languages

Shell

Security Score

95/100

Audited on Apr 1, 2026

No findings