search
Ctrlk
Developer Guides
Developer

Environment variables

Environment variables reference for the SonarQube MCP Server.

The environment variables you need depend on your Sonar product and deployment type. Variables are grouped into four main categories based on your environment.

hashtag
Common variables

Common variables are required for all configuration typologies and must be defined before starting the server. To enable full functionality regardless of your transport mode, use these variables to initialize and authenticate your SonarQube MCP Server:

hashtag
SONARQUBE_ORG

For SonarQube Cloud only. Your SonarQube Cloud organization keyarrow-up-right.

hashtag
SONARQUBE_TOKEN

Your SonarQube Cloud token (see Managing Personal Access Tokens) or your SonarQube Server token (see Managing your tokens).

Deprecation notice (HTTP(S) transport): Passing the token via a SONARQUBE_TOKEN HTTP header is deprecated. Use the Authorization: Bearer <YourSonarQubeUserToken> header instead. For stdio transport, SONARQUBE_TOKEN as an environment variable is unchanged. See HTTPS for details.

hashtag
SONARQUBE_URL

  • SonarQube Server or SonarQube Community Build: Set to your Server base URL.

  • SonarQube Cloud, US region: Set to https://sonarqube.us.

  • SonarQube Cloud, EU region: Not required — the default value is https://sonarcloud.io.

hashtag
Base variables

Base variables are used when building and running the MCP server locally. The server needs to know how to identify the client and where the local storage location can be found. These variables may or may not be required depending on your configuration—for example, if you're running the container image:

Environment variable
Description

SONARQUBE_DEBUG_ENABLED

When set to true, enables debug logging. Debug logs are written to both the log file and STDERR. Default: false. Use this variable to troubleshoot connectivity or configuration issues.

SONARQUBE_IDE_PORT

Optional port number between 64120 and 64130 used to connect SonarQube MCP Server with SonarQube for IDE.

SONARQUBE_LOG_TO_FILE_DISABLED

When set to true, disables writing logs to disk. No log files are created under STORAGE_PATH/logs/. Default: false. Typical use case: containerized or ephemeral environments where log files on disk are not needed.

STORAGE_PATH

An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence). This path is automatically provided when using the container image.

SONARQUBE_PROJECT_KEY

Optional default project key used by all tools that require a project key. When set, the projectKey parameter is removed from the schemas of relevant tools. Typical use case: working on a single project.

hashtag
HTTP variables

HTTP variables are used when multiple clients are connecting to a shared MCP server. Each client provides its own user token.

Environment variable
Description
Default

SONARQUBE_TRANSPORT

Set to http to enable HTTP transport

not defined (stdio)

SONARQUBE_HTTP_HOST

Host to bind (defaults to localhost for security)

127.0.0.1

SONARQUBE_HTTP_PORT

Port number for HTTP server: 1024-65535

8080

If needed, information about HTTP and HTTPS proxy settings is available on the Environment considerations page.

hashtag
HTTPS variables

HTTPS variables are the same as #http-variables but with TLS encryption. HTTPS variables require an #ssl-certificate however, redefining the keystore parameter default values is optional.

Environment variable
Description
Default

SONARQUBE_TRANSPORT

Set to https to enable HTTPS transport

not defined (stdio)

SONARQUBE_HTTP_HOST

Host to bind. Use 127.0.0.1 for localhost. Use 0.0.0.0 for for the container image.

127.0.0.1

SONARQUBE_HTTP_PORT

Typically port 8443 for HTTPS.

8080

If needed, information about HTTP and HTTPS proxy settings is available on the Environment considerations page.

hashtag
SSL certificate

Environment variable
Description
Default

SONARQUBE_HTTPS_KEYSTORE_PASSWORD

Keystore password. Redefining the default value is optional.

sonarlint

SONARQUBE_HTTPS_KEYSTORE_PATH

Path to keystore file (.p12 or .jks). Redefining the default value is optional.

/etc/ssl/mcp/keystore.p12

SONARQUBE_HTTPS_KEYSTORE_TYPE

Keystore type (PKCS12 or JKS). Redefining the default value is optional.

PKCS12

See also the Custom certificates article for information about supported formats and using the container image with custom configurations of your certificate.

hashtag
SOCKS5 proxy

SOCKS5 proxies are supported.

Property
Description
Default
Example

socksProxyHost

SOCKS5 proxy hostname

localhost

socksProxyPort

SOCKS5 proxy port

1080

1080

java.net.socks.username

SOCKS5 username (if auth required)

myuser

java.net.socks.password

SOCKS5 password (if auth required)

mypassword

hashtag
Tool enablement

By default, only important toolsets are enabled to reduce context overhead. Enable additional toolsets as needed.

hashtag
SONARQUBE_TOOLSETS

Comma-separated list of toolsets to enable. When defined, only the listed toolsets are available. If not defined, the following toolsets are enabled by default: analysis, issues, projects, quality-gates, rules, duplications, measures, security-hotspots, dependency-risks, coverage, cag.

Note: The projects toolset is always enabled because it's required to find project keys for other operations.

hashtag
SONARQUBE_READ_ONLY

When set to true, enables read-only mode and disables all write operations (for example, changing issue status). This filter is cumulative with SONARQUBE_TOOLSETS if both are defined. Default: false.

hashtag
Available toolsets

Toolset
Key
Description

Analysis

analysis

Code analysis tools (analyze code snippets and files)

Context Augmentation

cag

Context Augmentation tools for guiding AI agents with architectural awareness and coding guidelines

Coverage

coverage

Test coverage analysis and improvement tools

Dependency Risks

dependency-risks

Analyze dependency risks and security issues (SCA)

Duplications

duplications

Find code duplications across projects

Issues

issues

Search and manage SonarQube issues

Languages

languages

List supported programming languages

Measures

measures

Retrieve metrics and measures (includes both measures and metrics tools)

Portfolios

portfolios

Manage portfolios and enterprises (SonarQube Cloud and Server)

Projects

projects

Browse and search SonarQube projects

Quality Gates

quality-gates

Access quality gates and their status

Rules

rules

Browse and search SonarQube rules

Security Hotspots

security-hotspots

Search and review security hotspots

Sources

sources

Access source code and SCM information

System

system

System administration tools (SonarQube Server only)

Webhooks

webhooks

Manage webhooks

Toolset examples

Note: Although the examples below use docker, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace docker with commands specific to your preferred tool.

Warning: User tokens are required when setting up connected mode or an MCP Server between SonarQube Server and SonarQube for IDE. Binding won't work if you use project tokens, global tokens, or scoped organization tokens during the setup process.

Enable analysis, issues, and quality gates toolsets (using Docker with SonarQube Cloud):

Note: The projects toolset is always enabled automatically, so you don't need to include it in SONARQUBE_TOOLSETS.

Note: SONARQUBE_URL should be defined as https://sonarqube.us each time you use a SonarQube Cloud configuration (SONARQUBE_TOKEN + SONARQUBE_ORG) and want to connect to a US-region instance. See the Connecting to SonarQube Cloud in the US region section for details.

Enable read-only mode (using Docker with SonarQube Cloud):

PreviousReferenceNextTools

Last updated

Was this helpful?