The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.
Security best practices
🔒 Important: Your SonarQube token is a sensitive credential. Follow these security practices:
When using CLI commands: - Avoid hardcoding tokens in command-line arguments – they get saved in shell history - Use environment variables – set tokens in environment variables before running commands
When using configuration files: - Never commit tokens to version control - Use environment variable substitution in config files when possible
The fastest way to get started is the SonarQube MCP Server Configuration Generator – an interactive tool that produces a ready-to-use configuration for your preferred AI agent client.
If you prefer to configure things yourself, the simplest method is to use our container image at sonarsource/sonarqube-mcp. Use sonarsource/sonarqube-mcp for automatic updates (with --pull=always), or pin to a version tag (e.g., sonarsource/sonarqube-mcp:1.19.0.2785) for reproducible deployments. Read below if you want to build it locally.
Note: While the examples below use
docker, any OCI-compatible container runtime works (e.g., Podman, nerdctl). Simply replacedockerwith your preferred tool.
Antigravity
SonarQube MCP Server is available in the Antigravity MCP Store. Follow these instructions:
SonarQube and select InstallFor SonarQube Cloud US, set the URL to https://sonarqube.us.
Alternatively, you can manually configure the server via mcp_config.json:
In the Agent Side Panel, click the three dots (...) -> MCP Store -> Manage MCP Servers -> View raw config, and add the following:
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"],
"env": {
"SONARQUBE_TOKEN": "<YOUR_TOKEN>",
"SONARQUBE_ORG": "<YOUR_ORG>"
}
}
}
}
For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"],
"env": {
"SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
"SONARQUBE_URL": "<YOUR_SERVER_URL>"
}
}
}
}
Claude Code
claude mcp add sonarqube \
--env SONARQUBE_TOKEN=$SONAR_TOKEN \
--env SONARQUBE_ORG=$SONAR_ORG \
-- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG sonarsource/sonarqube-mcp
For SonarQube Cloud US, add --env SONARQUBE_URL=https://sonarqube.us to the command.
claude mcp add sonarqube \
--env SONARQUBE_TOKEN=$SONAR_USER_TOKEN \
--env SONARQUBE_URL=$SONAR_URL \
-- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_URL sonarsource/sonarqube-mcp
Codex CLI
Manually edit the configuration file at ~/.codex/config.toml and add the following configuration:
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_USER_TOKEN>", "SONARQUBE_ORG" = "<YOUR_ORG>" }
For SonarQube Cloud US, add "SONARQUBE_URL" = "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_TOKEN>", "SONARQUBE_URL" = "<YOUR_SERVER_URL>" }
Cursor
For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section in your MCP configuration after installation.
Gemini CLI
Note: The Gemini CLI extension has moved to the sonarqube-agent-plugins repository. Please install it from there going forward.
You can install our MCP server extension by using the following command:
gemini extensions install https://github.com/SonarSource/sonarqube-agent-plugins
You will need to set the required environment variables before starting Gemini:
Environment Variables Required:
SONARQUBE_TOKEN - Your SonarQube Cloud tokenSONARQUBE_ORG - Your organization keySONARQUBE_URL - (Optional) Set to https://sonarqube.us for SonarQube Cloud US
For SonarQube Server:
SONARQUBE_TOKEN - Your SonarQube Server USER tokenSONARQUBE_URL - Your SonarQube Server URLOnce installed, the extension will be installed under <home>/.gemini/extensions/sonarqube/gemini-extension.json.
GitHub Copilot CLI
After starting Copilot CLI, run the following command to add the SonarQube MCP server:
/mcp add
You will have to provide different information about the MCP server, you can use tab to navigate between fields.
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_TOKEN>,SONARQUBE_ORG=<YOUR_ORG>
Tools: *
For SonarQube Cloud US, add -e, SONARQUBE_URL to Arguments and SONARQUBE_URL=https://sonarqube.us to Environment Variables.
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_URL, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_USER_TOKEN>,SONARQUBE_URL=<YOUR_SERVER_URL>
Tools: *
The configuration file is located at ~/.copilot/mcp-config.json.
GitHub Copilot coding agent
GitHub Copilot coding agent can leverage the SonarQube MCP server directly in your CI/CD.
To add the secrets to your Copilot environment, follow the Copilot documentation. Only secrets with names prefixed with COPILOT_MCP_ will be available to your MCP configuration.
In your GitHub repository, navigate under Settings -> Copilot -> Coding agent, and add the following configuration in the MCP configuration section:
{
"mcpServers": {
"sonarqube": {
"type": "local",
"command": "docker",
"args": [
"run",
"--init",
"--pull=always",
"--rm",
"-i",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"sonarsource/sonarqube-mcp"
],
"env": {
"SONARQUBE_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
"SONARQUBE_ORG": "COPILOT_MCP_SONARQUBE_ORG"
},
"tools": ["*"]
}
}
}
For SonarQube Cloud US, add "-e", "SONARQUBE_URL" to the args array and "SONARQUBE_URL": "COPILOT_MCP_SONARQUBE_URL" to the env section, then set the secret COPILOT_MCP_SONARQUBE_URL=https://sonarqube.us.
{
"mcpServers": {
"sonarqube": {
"type": "local",
"command": "docker",
"args": [
"run",
"--init",
"--pull=always",
"--rm",
"-i",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_URL",
"sonarsource/sonarqube-mcp"
],
"env": {
"SONARQUBE_TOKEN": "COPILOT_MCP_SONARQUBE_USER_TOKEN",
"SONARQUBE_URL": "COPILOT_MCP_SONARQUBE_URL"
},
"tools": ["*"]
}
}
}
Kiro
Create a .kiro/settings/mcp.json file in your workspace directory (or edit if it already exists), add the following configuration:
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"--init",
"--pull=always",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"sonarsource/sonarqube-mcp"
],
"env": {
"SONARQUBE_TOKEN": "<YOUR_TOKEN>",
"SONARQUBE_ORG": "<YOUR_ORG>"
},
"disabled": false,
"autoApprove": []
}
}
}
For SonarQube Cloud US, add "-e", "SONARQUBE_URL" to the args array and "SONARQUBE_URL": "https://sonarqube.us" to the env section.
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"--init",
"--pull=always",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_URL",
"sonarsource/sonarqube-mcp"
],
"env": {
"SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
"SONARQUBE_URL": "<YOUR_SERVER_URL>"
},
"disabled": false,
"autoApprove": []
}
}
}
VS Code
You can use the following buttons to simplify the installation process within VS Code.
For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section in your MCP configuration after installation.
[](https://insiders.vscode.dev/redirect/mcp/install?name=sonarqube&inputs=%5B%7B%22id%22%3A%22SONARQUBE_TOKEN%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Server%20User%20Token%22%2C%22password%22%3Atrue%7D%2C%7B%22id%22%3A%22SONARQUBE_URL%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Server%20URL%22%2C%22password%22%3Afalse%7D%5D&config=%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22--init%22%2C%22--pull%3Dalways%22%2C%22-i%22%2C%22--rm%22%2C%22-e%22%2C%22SONARQUBE_TOKEN%22%2C%22-e%22%2C%22SONARQUBE_URL%22%2C%22mcp%2Fsonarqube%22%5D%2C%22env%22%3A%7B%22SONARQUBE_TOKEN%22%3A%22%24%7Binput%3ASONARQUBE_TOKEN%7D%22%2C%22SONARQUBE_U
$ claude mcp add sonarqube-mcp-server \
-- python -m otcore.mcp_server <graph>