SonarQube MCP Server enables integration with SonarQube for code quality and security.

Created 3 months ago

development documentation public

What is SonarQube MCP Server enables integration with SonarQube for code quality and security.?

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It supports the analysis of code snippets directly within the agent context.

Documentation

SonarQube MCP Server

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.

Quick setup

The simplest method is to rely on our Docker image hosted at mcp/sonarqube. Read below for how to build locally.

VS Code

You can use the following buttons to simplify the installation process within VS Code.

Cursor

To connect with SonarQube Cloud:

To connect with SonarQube Server:

Windsurf

SonarQube MCP Server is available as a Windsurf plugin. Follow these instructions:

Click on the Plugins button at the top right of the Cascade view
Search for sonarqube on the Plugin store
Click Install
Add the required SonarQube token. Then add the organization key if you want to connect with SonarQube Cloud, or the SonarQube URL if you want to connect to SonarQube Server or Community Build.

Manual installation

You can manually install the SonarQube MCP server by copying the following snippet in the MCP servers configuration file:

To connect with SonarQube Cloud:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_ORG",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}

To connect with SonarQube Server:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Build

SonarQube MCP Server requires a Java Development Kit (JDK) version 21 or later to build.

Run the following Gradle command to clean the project and build the application:

./gradlew clean build -x test

The JAR file will be created in build/libs/.

You will then need to manually copy and paste the MCP configuration, as follows:

To connect with SonarQube Cloud:

{
  "sonarqube": {
    "command": "java",
    "args": [
      "-jar",
      "<path_to_sonarqube_mcp_server_jar>"
    ],
    "env": {
      "STORAGE_PATH": "<path_to_your_mcp_storage>",
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}

To connect with SonarQube Server:

{
  "sonarqube": {
    "command": "java",
    "args": [
      "-jar",
      "<path_to_sonarqube_mcp_server_jar>"
    ],
    "env": {
      "STORAGE_PATH": "<path_to_your_mcp_storage>",
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Configuration

Depending on your environment, you should provide specific environment variables.

Mandatory

You should add the following variable when running the MCP Server:

Environment variable	Description
`STORAGE_PATH`	An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence)

SonarQube Cloud

To enable full functionality, the following environment variables must be set before starting the server:

Environment variable	Description
`SONARQUBE_TOKEN`	Your SonarQube Cloud token
`SONARQUBE_ORG`	Your SonarQube Cloud organization key

SonarQube Server

Environment variable	Description
`SONARQUBE_TOKEN`	Your SonarQube Server USER token
`SONARQUBE_URL`	Your SonarQube Server URL

Custom Certificates

If your SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the Docker container that will automatically be installed.

Using Docker Volume Mount

Mount a directory containing your certificates when running the container:

docker run -i --rm \
- v /path/to/your/certificates/:/usr/local/share/ca-certificates/:ro \
- e SONARQUBE_TOKEN="<token>" \
- e SONARQUBE_URL="<url>" \
  mcp/sonarqube

Supported Certificate Formats

The container supports the following certificate formats:

.crt files (PEM or DER encoded)
.pem files (PEM encoded)

MCP Configuration with Certificates

When using custom certificates, you can modify your MCP configuration to mount the certificates:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-v",
      "/path/to/your/certificates/:/usr/local/share/ca-certificates/:ro",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Tools# Analysis

analyze_code_snippet - Analyze a code snippet with SonarQube analyzers to find SonarQube issues in it.
codeSnippet - Code snippet or full file content - Required String
language - Optional language of the code snippet - String

Languages

list_languages - List all programming languages supported in this instance
q - Optional pattern to match language keys/names against - String

Issues

change_sonar_issue_status - Change the status of a SonarQube issue to "accept", "falsepositive" or to "reopen" an issue
key - Issue key - Required String
status - New issue's status - Required Enum {"accept", "falsepositive", "reopen"}
search_sonar_issues_in_projects - Search for SonarQube issues in my organization's projects
projects - Optional list of Sonar projects - String[]
pullRequestId - Optional Pull Request's identifier - String
p - Optional page number (default: 1) - Integer
ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

Measures

get_component_measures - Get measures for a component (project, directory, file)
component - Optional component key to get measures for - String
branch - Optional branch to analyze for measures - String
metricKeys - Optional metric keys to retrieve (e.g. nloc, complexity, violations, coverage) - String[]
pullRequest - Optional pull request identifier to analyze for measures - String

Metrics

search_metrics - Search for metrics
p - Optional page number (default: 1) - Integer
ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

Projects

search_my_sonarqube_projects - Find Sonar projects in my organization
page - Optional page number - String

Quality Gates

get_project_quality_gate_status - Get the Quality Gate Status for the project
analysisId - Optional analysis ID - String
branch - Optional branch key - String
projectId - Optional project ID - String
projectKey - Optional project key - String
pullRequest - Optional pull request ID - String
list_quality_gates - List all quality gates in the organization

Rules

list_rule_repositories - List rule repositories available in SonarQube
language - Optional language key - String
q - Optional search query - String
show_rule - Shows detailed information about a SonarQube rule
key - Rule key - Required String

Sources

get_raw_source - Get source code as raw text. Require 'See Source Code' permission on file
key - File key - Required String
branch - Optional branch key - String
pullRequest - Optional pull request id - String
get_scm_info - Get SCM information of source files. Require See Source Code permission on file's project
key - File key - Required String
commits_by_line - Group lines by SCM commit if value is false, else display commits for each line - String
from - First line to return. Starts at 1 - Number
to - Last line to return (inclusive) - Number

System

Note: System tools are only available when connecting to SonarQube Server.

get_system_health - Get the health status of SonarQube Server instance
get_system_info - Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions
get_system_logs - Get SonarQube Server system logs in plain-text format. Requires system administration permission
name - Optional name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app - String
ping_system - Ping the SonarQube Server system to check if it's alive
get_system_status - Get state information about SonarQube Server

Troubleshooting

Applications logs will be written to the STORAGE_PATH/logs/mcp.log file.

Data and telemetry

This server collects anonymous usage data and sends it to SonarSource to help improve the product. No source code or IP address is collected, and SonarSource does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. Click here to see a sample of the data that are collected.

License

Licensed under the SONAR Source-Available License v1.0

Server Config

{
  "mcpServers": {
    "sonarqube-mcp-server-enables-integration-with-sonarqube-for-code-quality-and-security.-server": {
      "command": "npx",
      "args": [
        "sonarqube-mcp-server-enables-integration-with-sonarqube-for-code-quality-and-security."
      ]
    }
  }
}

Links & Status

Repository: github.com

Hosted: Yes

Global: Yes

Official: Yes

Project Info

Hosted Featured

Created At: Aug 07, 2025

Updated At: Aug 07, 2025

Author: SonarSource

Category: MCP Server

License: SONAR Source-Available License v1.0

Tags:

development documentation public