MCPcopy Index your code
hub / github.com/SonarSource/sonarqube-mcp-server

github.com/SonarSource/sonarqube-mcp-server @1.21.0.2975

Chat with this repo
repository ↗ · DeepWiki ↗ · release 1.21.0.2975 ↗ · + Follow
2,291 symbols 10,080 edges 365 files 115 documented · 5%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

SonarQube MCP Server

Build Quality Gate Status

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.

Quick setup

Security best practices

🔒 Important: Your SonarQube token is a sensitive credential. Follow these security practices:

When using CLI commands: - Avoid hardcoding tokens in command-line arguments – they get saved in shell history - Use environment variables – set tokens in environment variables before running commands

When using configuration files: - Never commit tokens to version control - Use environment variable substitution in config files when possible

🚀 Generate your configuration

The fastest way to get started is the SonarQube MCP Server Configuration Generator – an interactive tool that produces a ready-to-use configuration for your preferred AI agent client.

Manual setup

If you prefer to configure things yourself, the simplest method is to use our container image at sonarsource/sonarqube-mcp. Use sonarsource/sonarqube-mcp for automatic updates (with --pull=always), or pin to a version tag (e.g., sonarsource/sonarqube-mcp:1.19.0.2785) for reproducible deployments. Read below if you want to build it locally.

Note: While the examples below use docker, any OCI-compatible container runtime works (e.g., Podman, nerdctl). Simply replace docker with your preferred tool.

Antigravity

SonarQube MCP Server is available in the Antigravity MCP Store. Follow these instructions:

  1. Open the Agent Side Panel
  2. Click the three dots (...) at the top right and select MCP Servers
  3. Search for SonarQube and select Install
  4. Provide the required SonarQube User token. You can also provide your organization key for SonarQube Cloud or the SonarQube URL if connecting to SonarQube Server.

For SonarQube Cloud US, set the URL to https://sonarqube.us.

Alternatively, you can manually configure the server via mcp_config.json:

  • To connect with SonarQube Cloud:

In the Agent Side Panel, click the three dots (...) -> MCP Store -> Manage MCP Servers -> View raw config, and add the following:

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_TOKEN>",
        "SONARQUBE_ORG": "<YOUR_ORG>"
      }
    }
  }
}

For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.

  • To connect with SonarQube Server:
{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
        "SONARQUBE_URL": "<YOUR_SERVER_URL>"
      }
    }
  }
}

Claude Code

  • To connect with SonarQube Cloud:
claude mcp add sonarqube \
  --env SONARQUBE_TOKEN=$SONAR_TOKEN \
  --env SONARQUBE_ORG=$SONAR_ORG \
  -- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG sonarsource/sonarqube-mcp

For SonarQube Cloud US, add --env SONARQUBE_URL=https://sonarqube.us to the command.

  • To connect with SonarQube Server:
claude mcp add sonarqube \
  --env SONARQUBE_TOKEN=$SONAR_USER_TOKEN \
  --env SONARQUBE_URL=$SONAR_URL \
  -- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_URL sonarsource/sonarqube-mcp

Codex CLI

Manually edit the configuration file at ~/.codex/config.toml and add the following configuration:

  • To connect with SonarQube Cloud:
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_USER_TOKEN>", "SONARQUBE_ORG" = "<YOUR_ORG>" }

For SonarQube Cloud US, add "SONARQUBE_URL" = "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.

  • To connect with SonarQube Server:
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_TOKEN>", "SONARQUBE_URL" = "<YOUR_SERVER_URL>" }

Cursor

  • To connect with SonarQube Cloud:

Install for SonarQube Cloud

For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section in your MCP configuration after installation.

  • To connect with SonarQube Server:

Install for SonarQube Server

Gemini CLI

Note: The Gemini CLI extension has moved to the sonarqube-agent-plugins repository. Please install it from there going forward.

You can install our MCP server extension by using the following command:

gemini extensions install https://github.com/SonarSource/sonarqube-agent-plugins

You will need to set the required environment variables before starting Gemini:

Environment Variables Required:

  • For SonarQube Cloud:
  • SONARQUBE_TOKEN - Your SonarQube Cloud token
  • SONARQUBE_ORG - Your organization key
  • SONARQUBE_URL - (Optional) Set to https://sonarqube.us for SonarQube Cloud US

  • For SonarQube Server:

  • SONARQUBE_TOKEN - Your SonarQube Server USER token
  • SONARQUBE_URL - Your SonarQube Server URL

Once installed, the extension will be installed under <home>/.gemini/extensions/sonarqube/gemini-extension.json.

GitHub Copilot CLI

After starting Copilot CLI, run the following command to add the SonarQube MCP server:

/mcp add

You will have to provide different information about the MCP server, you can use tab to navigate between fields.

  • To connect with SonarQube Cloud:
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_TOKEN>,SONARQUBE_ORG=<YOUR_ORG>
Tools: *

For SonarQube Cloud US, add -e, SONARQUBE_URL to Arguments and SONARQUBE_URL=https://sonarqube.us to Environment Variables.

  • To connect with SonarQube Server:
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_URL, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_USER_TOKEN>,SONARQUBE_URL=<YOUR_SERVER_URL>
Tools: *

The configuration file is located at ~/.copilot/mcp-config.json.

GitHub Copilot coding agent

GitHub Copilot coding agent can leverage the SonarQube MCP server directly in your CI/CD.

To add the secrets to your Copilot environment, follow the Copilot documentation. Only secrets with names prefixed with COPILOT_MCP_ will be available to your MCP configuration.

In your GitHub repository, navigate under Settings -> Copilot -> Coding agent, and add the following configuration in the MCP configuration section:

  • To connect with SonarQube Cloud:
{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "sonarsource/sonarqube-mcp"
      ],
      "env": {
        "SONARQUBE_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONARQUBE_ORG": "COPILOT_MCP_SONARQUBE_ORG"
      },
      "tools": ["*"]
    }
  }
}

For SonarQube Cloud US, add "-e", "SONARQUBE_URL" to the args array and "SONARQUBE_URL": "COPILOT_MCP_SONARQUBE_URL" to the env section, then set the secret COPILOT_MCP_SONARQUBE_URL=https://sonarqube.us.

  • To connect with SonarQube Server:
{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_URL",
        "sonarsource/sonarqube-mcp"
      ],
      "env": {
        "SONARQUBE_TOKEN": "COPILOT_MCP_SONARQUBE_USER_TOKEN",
        "SONARQUBE_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}

Kiro

Create a .kiro/settings/mcp.json file in your workspace directory (or edit if it already exists), add the following configuration:

  • To connect with SonarQube Cloud:
{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "-i",
        "--rm",
        "-e", 
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "sonarsource/sonarqube-mcp"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_TOKEN>",
        "SONARQUBE_ORG": "<YOUR_ORG>"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

For SonarQube Cloud US, add "-e", "SONARQUBE_URL" to the args array and "SONARQUBE_URL": "https://sonarqube.us" to the env section.

  • To connect with SonarQube Server:
{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "-i",
        "--rm",
        "-e", 
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_URL",
        "sonarsource/sonarqube-mcp"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
        "SONARQUBE_URL": "<YOUR_SERVER_URL>"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

VS Code

You can use the following buttons to simplify the installation process within VS Code.

Install for SonarQube Cloud

For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section in your MCP configuration after installation.

[Install for SonarQube Server](https://insiders.vscode.dev/redirect/mcp/install?name=sonarqube&inputs=%5B%7B%22id%22%3A%22SONARQUBE_TOKEN%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Server%20User%20Token%22%2C%22password%22%3Atrue%7D%2C%7B%22id%22%3A%22SONARQUBE_URL%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Server%20URL%22%2C%22password%22%3Afalse%7D%5D&config=%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22--init%22%2C%22--pull%3Dalways%22%2C%22-i%22%2C%22--rm%22%2C%22-e%22%2C%22SONARQUBE_TOKEN%22%2C%22-e%22%2C%22SONARQUBE_URL%22%2C%22mcp%2Fsonarqube%22%5D%2C%22env%22%3A%7B%22SONARQUBE_TOKEN%22%3A%22%24%7Binput%3ASONARQUBE_TOKEN%7D%22%2C%22SONARQUBE_U

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Method 1,750
Class 521
Enum 8
Function 7
Interface 5

Languages

Java100%
Python1%
Kotlin1%

Modules by API surface

src/main/java/org/sonarsource/sonarqube/mcp/configuration/McpServerLaunchConfiguration.java49 symbols
src/test/java/org/sonarsource/sonarqube/mcp/tools/ToolArgumentsTest.java45 symbols
src/test/java/org/sonarsource/sonarqube/mcp/configuration/McpServerLaunchConfigurationTest.java45 symbols
src/main/java/org/sonarsource/sonarqube/mcp/SonarQubeMcpServer.java38 symbols
src/main/java/org/sonarsource/sonarqube/mcp/tools/Tool.java33 symbols
src/test/java/org/sonarsource/sonarqube/mcp/tools/issues/SearchIssuesToolTests.java28 symbols
src/main/java/org/sonarsource/sonarqube/mcp/serverapi/ServerApi.java28 symbols
src/test/java/org/sonarsource/sonarqube/mcp/transport/McpSecurityFilterTest.java27 symbols
src/test/java/org/sonarsource/sonarqube/mcp/SonarQubeMcpServerGenericTest.java27 symbols
src/main/java/org/sonarsource/sonarqube/mcp/slcore/McpSonarLintRpcClient.java27 symbols
src/test/java/org/sonarsource/sonarqube/mcp/configuration/McpServerLaunchConfigurationHttpTest.java26 symbols
src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedToolsLoaderMediumTest.java26 symbols

For agents

$ claude mcp add sonarqube-mcp-server \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page