# SonarQube MCP Server

## Overview <a href="#overview" id="overview"></a>

The SonarQube MCP Server is a [Model Context Protocol](https://modelcontextprotocol.io/introduction) (MCP) server that provides seamless integration with SonarQube Server or SonarQube Cloud for code quality and code security. It enables the analysis of code snippets directly within the agent context and allows you to retrieve information and perform actions on your SonarQube Server instance or SonarQube Cloud organization. In addition, SonarQube Cloud offers an embedded version of the MCP server to help your agentic software development life cycle.&#x20;

Use the SonarQube MCP Server with Sonar's [context-augmentation](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/context-augmentation "mention") and [agentic-analysis](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/agentic-analysis "mention") to guide and verify your AI-generated code in a continuous loop.

<figure><img src="https://2223713658-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FB4UT2GNiZKjtxFtcFAL7%2Fuploads%2F4FOqNV210CPy3aPLBrEb%2Fsonarqube-mcp-server-embedded.png?alt=media&#x26;token=69fe4f8b-1172-4b78-a520-0895d6e923ef" alt=""><figcaption></figcaption></figure>

## MCP Server in SonarQube Cloud

To always use the most up to date version of the SonarQube MCP Server, connect directly to SonarQube Cloud's embedded MCP server.

Add this configuration to your mcp.json file in your AI-enabled config folder:

```json
"sonarqube": {
  "type": "http",
  "url": "https://api.sonarcloud.io/mcp",
  "headers": {
    "Authorization": "Bearer <YourSonarQubeUserToken>",
    "SONARQUBE_ORG": "<YourSonarQubeOrganization>"
    //"SONARQUBE_READ_ONLY": "false" //Default value is true.
    //"SONARQUBE_TOOLSETS": "<YourOptionalToolset>" //Using this optional header refines the default toolsets.
  }
}
```

{% hint style="info" %}
Replace your `"url"` with `https://api.sonarqube.us/mcp` if you're connecting to a SonarQube Cloud organization in the US region
{% endhint %}

Optional headers include:

* SONARQUBE\_READ\_ONLY: Boolean, `true` or `false` to enable READ ONLY
* SONARQUBE\_TOOLSETS: The embedded MCP server includes a default list of toolsets. A subset of of this list can be defined:
  * `analysis`,`coverage`,`dependency-risks`,`duplications`,`quality-gates`,`issues`,`measures`,`projects`,`rules`,`security-hotspots`
  * The `analysis` toolset is only available to subscribers of the [agentic-analysis](https://docs.sonarsource.com/sonarqube-cloud/ai-capabilities/agentic-analysis "mention") add-on.
  * For more details about the tools in each toolset, find your toolset on the SonarQube MCP Server [Tools](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/using/tools "mention") page.

{% hint style="warning" %}
Using the optional headers replaces the default configuration. For example, when you add `"SONARQUBE_TOOLSETS": "issues,projects"`, you will no longer load the `security-hotspots` and `quality-gates` toolsets.
{% endhint %}

### Tool availability with SonarQube Cloud

When using the SonarQube MCP Server through SonarQube Cloud, you get a smaller, fixed set of tools compared to running the MCP Server yourself. This is expected and cannot be configured:

* Heavy analysis tools are disabled to protect the shared SonarQube Cloud infrastructure.
* [context-augmentation](https://docs.sonarsource.com/sonarqube-cloud/ai-capabilities/context-augmentation "mention") tools are not available because they require a local filesystem mount, which the hosted environment cannot provide. To use Context Augmentation tools, set up a local MCP Server using [Configure your SonarQube MCP server #Stdio](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/build-and-configure/configure#stdio "mention").
* Rarely used, non-default tools are excluded to keep the MCP context small and focused.

For the complete list of tools supported by a self-hosted SonarQube MCP Server, see the [Tools](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/using/tools "mention") page in the SonarQube MCP Server documentation.

## Setting up a local MCP Server <a href="#setting-up-the-sonarqube-server-with-docker" id="setting-up-the-sonarqube-server-with-docker"></a>

See the SonarQube MCP Server [Quickstart guide](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/quickstart-guide "mention") for the easiest way to get going with the local MCP server.

If you are connecting the SonarQube MCP Server to a SonarQube Cloud organization in the [US region](https://docs.sonarsource.com/sonarqube-cloud/getting-started/getting-started-in-us-region), be sure to review the special configuration that is required as described in [Configure your SonarQube MCP server #Connecting to SonarQube Cloud in the US region](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/build-and-configure/configure#connecting-to-sonarqube-cloud-in-the-us-region "mention").

Use a self-hosted SonarQube MCP Server with [context-augmentation](https://docs.sonarsource.com/sonarqube-cloud/ai-capabilities/context-augmentation "mention") and [agentic-analysis](https://docs.sonarsource.com/sonarqube-cloud/ai-capabilities/agentic-analysis "mention") to guide and verify your AI-generated code in a continuous loop.

## Tools <a href="#tools" id="tools"></a>

Check the bullet points above for a list of default toolsets available with the embedded SonarQube MCP Server; a subset of of this list can be defined. The current list of all tools available with the SonarQube MCP Server are on the [Tools](https://app.gitbook.com/s/xNksbUaDXyfRoTpHP0vQ/using/tools "mention") page.

For complete details please see the [SonarQube MCP Server](https://app.gitbook.com/o/2ibCvzwZt86Nlk2zloB7/s/xNksbUaDXyfRoTpHP0vQ/ "mention") documentation.