# Environment variables The environment variables you need depend on your Sonar product and deployment type. Variables are grouped into four main categories based on your environment. ## Common variables *Common variables* are required for all configuration typologies and must be defined before starting the server. To enable full functionality regardless of your [transport mode](/agent-centric-development-cycle/developer-tools/mcp-server/setup/self-hosted.md), use these variables to initialize and authenticate your SonarQube MCP Server: ### SONARQUBE\_ORG For SonarQube Cloud only. Your SonarQube Cloud organization [key](https://sonarcloud.io/account/organizations). ### SONARQUBE\_TOKEN Your SonarQube Cloud token (see [Managing Personal Access Tokens](/sonarqube-cloud/managing-your-account/managing-tokens.md)) or your SonarQube Server token (see [Managing your tokens](/sonarqube-server/2026.1/user-guide/managing-tokens.md)). > **Deprecation notice (HTTP(S) transport):** Passing the token via a `SONARQUBE_TOKEN` HTTP header is deprecated. Use the `Authorization: Bearer ` header instead. For stdio transport, `SONARQUBE_TOKEN` as an environment variable is unchanged. See [HTTPS](/agent-centric-development-cycle/developer-tools/mcp-server/setup/self-hosted.md#https) for details. ### SONARQUBE\_URL * **SonarQube Server or SonarQube Community Build:** Set to your [Server base URL](/sonarqube-server/2026.1/instance-administration/server-base-url.md). * **SonarQube Cloud, US region:** Set to `https://sonarqube.us`. * **SonarQube Cloud, EU region:** Not required — the default value is `https://sonarcloud.io`. ## Base variables *Base variables* are used when building and running the MCP server locally. The server needs to know how to identify the client and where the local storage location can be found. These variables may or may not be required depending on your configuration—for example, if you're running the container image: | Environment variable | Description | | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SONARQUBE\_DEBUG\_ENABLED | When set to `true`, enables debug logging. Debug logs are written to both the log file and STDERR. Default: `false`. Use this variable to troubleshoot connectivity or configuration issues. | | SONARQUBE\_IDE\_PORT | Optional port number between 64120 and 64130 used to connect SonarQube MCP Server with SonarQube for IDE. | | SONARQUBE\_LOG\_TO\_FILE\_DISABLED | When set to `true`, disables writing logs to disk. No log files are created under `STORAGE_PATH/logs/`. Default: `false`. Typical use case: containerized or ephemeral environments where log files on disk are not needed. | | STORAGE\_PATH | An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence). This path is automatically provided when using the container image. | | SONARQUBE\_PROJECT\_KEY | Optional default project key used by all tools that require a project key. When set, the `projectKey` parameter is removed from the schemas of relevant tools. Typical use case: working on a single project. | ## HTTP variables *HTTP variables* are used when multiple clients are connecting to a shared MCP server. Each client provides its own user token. | Environment variable | Description | Default | | --------------------- | ------------------------------------------------- | ------------------- | | SONARQUBE\_TRANSPORT | Set to `http` to enable HTTP transport | not defined (stdio) | | SONARQUBE\_HTTP\_HOST | Host to bind (defaults to localhost for security) | 127.0.0.1 | | SONARQUBE\_HTTP\_PORT | Port number for HTTP server: 1024-65535 | 8080 | If needed, information about HTTP and HTTPS [proxy settings](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md#proxy) is available on the [Environment considerations](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md) page. ## HTTPS variables *HTTPS variables* are the same as [#http-variables](#http-variables) but with TLS encryption. HTTPS variables require an [#ssl-certificate](#ssl-certificate) however, redefining the keystore parameter default values is optional. | Environment variable | Description | Default | | --------------------- | --------------------------------------------------------------------------------------- | ------------------- | | SONARQUBE\_TRANSPORT | Set to `https` to enable HTTPS transport | not defined (stdio) | | SONARQUBE\_HTTP\_HOST | Host to bind. Use `127.0.0.1` for localhost. Use `0.0.0.0` for for the container image. | 127.0.0.1 | | SONARQUBE\_HTTP\_PORT | Typically port 8443 for HTTPS. | 8080 | If needed, information about HTTP and HTTPS [proxy settings](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md#proxy) is available on the [Environment considerations](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md) page. ## SSL certificate | Environment variable | Description | Default | | ----------------------------------- | ------------------------------------------------------------------------------- | --------------------------- | | `SONARQUBE_HTTPS_KEYSTORE_PASSWORD` | Keystore password. Redefining the default value is optional. | `sonarlint` | | `SONARQUBE_HTTPS_KEYSTORE_PATH` | Path to keystore file (.p12 or .jks). Redefining the default value is optional. | `/etc/ssl/mcp/keystore.p12` | | `SONARQUBE_HTTPS_KEYSTORE_TYPE` | Keystore type (PKCS12 or JKS). Redefining the default value is optional. | `PKCS12` | See also the [Custom certificates](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md#custom-certificates) article for information about supported formats and using the container image with custom configurations of your certificate. ## SOCKS5 proxy SOCKS5 proxies are supported. | Property | Description | Default | Example | | ------------------------- | ---------------------------------- | ------- | ------------ | | `socksProxyHost` | SOCKS5 proxy hostname | — | `localhost` | | `socksProxyPort` | SOCKS5 proxy port | `1080` | `1080` | | `java.net.socks.username` | SOCKS5 username (if auth required) | — | `myuser` | | `java.net.socks.password` | SOCKS5 password (if auth required) | — | `mypassword` | ## Tool enablement By default, only important toolsets are enabled to reduce context overhead. Enable additional toolsets as needed. ### SONARQUBE\_TOOLSETS Comma-separated list of toolsets to enable. When defined, only the listed toolsets are available. If not defined, the following toolsets are enabled by default: `analysis`, `issues`, `projects`, `quality-gates`, `rules`, `duplications`, `measures`, `security-hotspots`, `dependency-risks`, `coverage`, `cag`. > **Note:** The `projects` toolset is always enabled because it's required to find project keys for other operations. ### SONARQUBE\_READ\_ONLY When set to `true`, enables read-only mode and disables all write operations (for example, changing issue status). This filter is cumulative with `SONARQUBE_TOOLSETS` if both are defined. Default: `false`. ### Available toolsets | Toolset | Key | Description | | ------------------------ | ------------------- | --------------------------------------------------------------------------------------------------- | | **Analysis** | `analysis` | Code analysis tools (analyze code snippets and files) | | **Context Augmentation** | `cag` | Context Augmentation tools for guiding AI agents with architectural awareness and coding guidelines | | **Coverage** | `coverage` | Test coverage analysis and improvement tools | | **Dependency Risks** | `dependency-risks` | Analyze dependency risks and security issues (SCA) | | **Duplications** | `duplications` | Find code duplications across projects | | **Issues** | `issues` | Search and manage SonarQube issues | | **Languages** | `languages` | List supported programming languages | | **Measures** | `measures` | Retrieve metrics and measures (includes both measures and metrics tools) | | **Portfolios** | `portfolios` | Manage portfolios and enterprises (SonarQube Cloud and Server) | | **Projects** | `projects` | Browse and search SonarQube projects | | **Quality Gates** | `quality-gates` | Access quality gates and their status | | **Rules** | `rules` | Browse and search SonarQube rules | | **Security Hotspots** | `security-hotspots` | Search and review security hotspots | | **Sources** | `sources` | Access source code and SCM information | | **System** | `system` | System administration tools (SonarQube Server only) | | **Webhooks** | `webhooks` | Manage webhooks | **Toolset examples** > **Note:** Although the examples below use `docker`, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace `docker` with commands specific to your preferred tool. > **Warning:** *User tokens* are required when setting up connected mode or an MCP Server between SonarQube Server and SonarQube for IDE. Binding won't work if you use *project tokens*, *global tokens*, or *scoped organization tokens* during the setup process. **Enable analysis, issues, and quality gates toolsets (using Docker with SonarQube Cloud):** ```bash docker run -i --init --pull=always --name sonarqube-mcp-server --rm \ -e SONARQUBE_TOKEN="" \ -e SONARQUBE_ORG="" \ -e SONARQUBE_TOOLSETS="analysis,issues,quality-gates" \ mcp/sonarqube ``` > **Note:** The `projects` toolset is always enabled automatically, so you don't need to include it in `SONARQUBE_TOOLSETS`. > **Note:** `SONARQUBE_URL` should be defined as `https://sonarqube.us` each time you use a SonarQube Cloud configuration (`SONARQUBE_TOKEN` + `SONARQUBE_ORG`) and want to connect to a US-region instance. See the [Connecting to SonarQube Cloud in the US region](/agent-centric-development-cycle/developer-tools/mcp-server/setup/environment-considerations.md#connecting-to-sonarqube-cloud-in-the-us-region) section for details. **Enable read-only mode (using Docker with SonarQube Cloud):** ```bash docker run -i --init --pull=always --name sonarqube-mcp-server --rm \ -e SONARQUBE_TOKEN="" \ -e SONARQUBE_ORG="" \ -e SONARQUBE_READ_ONLY="true" \ mcp/sonarqube ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/agent-centric-development-cycle/developer-tools/mcp-server/reference/environment-variables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.