Skip to content

GitHub Action

Sonarless Code Scan

v1.2 Latest version

Sonarless Code Scan


Sonarless Code Scan

SonarQube Scan GitHub Action without a dedicated hosted SonarQube Server


Copy and paste the following snippet into your .yml file.


- name: Sonarless Code Scan

uses: gitricko/[email protected]

Learn more about this action in gitricko/sonarless

Choose a version

Test Codacy GitHub License GitHub Release GitHub commits since latest release

Sonarless v1.2

This developer-friendly CLI and GitHub Action enable SonarQube scanning for your repository without the need for a dedicated hosted SonarQube server. It starts a SonarQube Docker instance, allowing developers to scan code, check results, and generate a JSON metrics file for automation. This ensures you can easily assess and maintain the quality of your code.

What's new

Please refer to the release page for the latest release notes.

Use Sonarless in your Local Dev

To install CLI, paste and run the following in a terminal:

curl -s "" | bash

               ___   ___   _ __    __ _  _ __ | |  ___  ___  ___ 
              / __| / _ \ | "_ \  / _` || "__|| | / _ \/ __|/ __| 
              \__ \| (_) || | | || (_| || |   | ||  __/\__ \\__ \ 
              |___/ \___/ |_| |_| \__,_||_|   |_| \___||___/|___/ 

                                                                        Now attempting installation...

Looking for a previous installation of SONARLESS...
Looking for docker...
Looking for jq...
Looking for sed...
Installing Sonarless helper scripts...
* Downloading...

######################################################################## 100.0%

Please open a new terminal, or run the following in the existing one:

    alias sonarless='/home/runner/.sonarless/' 

Then issue the following command:

    sonarless help


To understand CLI sub-commands, just run sonarless help

Usually, you only need to know 2 sub-commands

  • sonarless scan: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via http://localhost:9234 to get details from SonarQube. The default password for admin is sonarless

  • sonarless results: to generate sonar-metrics.json metrics file in your current directory

To clean up your sonar instance, just run sonarless docker-clean. SonarQube docker instance will be stop and all images removed.

This CLI works perfectly with Github CodeSpace

GitHub Action Usage

- uses: gitricko/[email protected]
    # Folder path to scan from git-root
    # Default: . 
    sonar-source-path: ''

    # Path to SonarQube metrics json from git-root
    # Default: ./sonar-metrics.json 
    sonar-metrics-path: ''

    # SonarQube Project Name
    # Default: ${{ }}
    sonar-project-name: ''

    # SonarQube Project Key
    # Default: ${{ }}
    sonar-project-key: ''


Sonar scan all files from git root directory

    runs-on: ubuntu-latest
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]

Scan particular folder from git root directory

    runs-on: ubuntu-latest
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
          sonar-source-path: 'src'

Scan code and fail build if metrics is below expectation

    runs-on: ubuntu-latest
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
          sonar-source-path: 'src'
          sonar-metrics-path: './sonar-mymetrics.json'

      - name: Check Sonar Metrics - No Vulnerabilities
        run: |
          echo "Checking for any vulnerabilities in Sonar Metrics JSON"
          VULN=$(cat ./sonar-mymetrics.json | jq -r '.component.measures[] | select(.metric == "vulnerabilities").value')
          echo "# of vulnerabilities = ${VULN}"
          [ ${VULN} -eq "0" ]

Options to change local sonarqube server port

Just in case your local machine/GHA container need to use the default port of 9234

    runs-on: ubuntu-latest
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
          sonar-instance-port: '1234'


If you find this small helper script and action helpful, buy me a sip of coffee here to show your appreciation (only if you want to)