search
Start FreeLogin

SonarQube MCP Server

The SonarQube MCP Server is designed to integrate code quality and code security tools with your favorite MCP clients.

For complete details please see the SonarQube MCP Server documentation.

hashtag
Overview

The SonarQube MCP Server is a Model Context Protocolarrow-up-right (MCP) server that provides seamless integration with SonarQube Server or SonarQube Cloud for code quality and code security. It enables the analysis of code snippets directly within the agent context and allows you to retrieve information and perform actions on your SonarQube Server instance or SonarQube Cloud organization. In addition, SonarQube Cloud offers an embedded version of the MCP server to help your agentic software development life cycle. Check the SonarQube MCP Server for compatibility details.

Use the SonarQube MCP Server with Sonar's Context Augmentation and Agentic Analysis to guide and verify your AI-generated code in a continuous loop.

hashtag
MCP Server in SonarQube Cloud

To always use the most up to date version of the SonarQube MCP Server, connect directly to SonarQube Cloud's embedded MCP server.

Add this configuration to your mcp.json file in your AI-enabled config folder:

"sonarqube": {
  "type": "http",
  "url": "https://api.sonarcloud.io/mcp",
  "headers": {
    "Authorization": "Bearer <YourSonarQubeUserToken>",
    "SONARQUBE_ORG": "<YourSonarQubeOrganization>"
    //"SONARQUBE_READ_ONLY": "false" //Default value is true.
    //"SONARQUBE_TOOLSETS": "<YourOptionalToolset>" //Using this optional header refines the default toolsets.
  }
}
circle-info

Replace your "url" with https://api.sonarcloud.us/mcp if you’re connecting to a SonarQube Cloud organization in the US region

Optional headers include:

  • SONARQUBE_READ_ONLY: Boolean, true or false to enable READ ONLY

  • SONARQUBE_TOOLSETS: The embedded MCP server includes a default list of toolsets. A subset of of this list can be defined:

    • analysis,coverage,dependency-risks,duplications,quality-gates,issues,measures,projects,rules,security-hotspots

    • The analysis toolset is only available to subscribers of the Agentic Analysis add-on.

    • For more details about the tools in each toolset, find your toolset on the SonarQube MCP Server Tools page.

circle-exclamation

Using the optional headers replaces the default configuration. For example, when you add "SONARQUBE_TOOLSETS": "issues,projects", you will no longer load the security-hotspots and quality-gates toolsets.

hashtag
Setting up a local MCP Server

See the SonarQube MCP Server Quickstart guide for the easiest way to get going.

If you are connecting the SonarQube MCP Server to a SonarQube Cloud organization in the US region, be sure to review the special configuration that is required as described in Connecting to SonarQube Cloud in the US region.

hashtag
Tools

Check the bullet points above for a list of default toolsets available with the embedded SonarQube MCP Server; a subset of of this list can be defined. The current list of all tools available with the SonarQube MCP Server are on the Tools page.

For complete details please see the SonarQube MCP Server documentation.

PreviousAutodetect AI codeNextAI CodeFix

Last updated

Was this helpful?