Kiro

SonarQube for VS Code helps bring analysis of AI-generated code to your IDE. This page has installation and migration instructions in addition to features designed specifically for Kiro.

Installation

Kiro uses the OpenVSX extension registry. Install SonarQube for VS Code from there.

To install the SonarQube for VS Code extension in Kiro:

Open the Extensions view by pressing Ctrl + Shift + X (or Cmd + Shift + X on Mac).
Search for sonarqube.
Finish the installation by choosing SonarQube for IDE and selecting the Install button

Once installed, we recommended using connected mode and setting up the SonarQube MCP Server with SonarQube Server or SonarQube Cloud to strengthen your AI integration with SonarQube.

Migrate extensions from VS Code

Kiro provides a workflow to complete a Profile migration from VS Code.

If you were using connected mode or the SonarQube MCP Server, your SonarQube token will not be migrated but you will be prompted to reauthenticate any connections you created in VS Code.

Only extensions available in the OpenVSX registry can be imported. VS Code Marketplace exclusives may be unavailable in Kiro. See Kiro’s documentation on Extension compatibility for more details.

SonarQube MCP Server

The SonarQube MCP Server is a Model Context Protocol (MCP) server that runs locally and enables a seamless connection between your AI agents and your SonarQube platform. The tools are designed to bridge the divide between productivity and quality. Please see the full details in the https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/about-the-mcp-server documentation.

See the https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/setup/quickstart-guides/kiro instructions in our SonarQube MCP Server documentation for full details.

Setup the SonarQube MCP Server

When you're using an AI-enabled IDE such as Cursor, Windsurf, or VS Code with Copilot enabled, and have already completed your Connected mode setup in SonarQube for IDE with SonarQube Server or SonarQube Cloud, a quick select button is available.

Select the icon, Configure MCP Server from the CONNECTED MODE view window to use your connected mode credentials to start using the SonarQube MCP Server. The same workflow is available in the AI AGENTS CONFIGURATION view.

If you've connected to a SonarQube Cloud organization in the US region, the configuration details will be shared.

Select the MCP Server icon and use your connected mode credentials to populate the MCP environment variables.

If you prefer to set up your MCP server manually, a detailed quickstart guide is available for https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/setup/quickstart-guides/kiro. In addition, more information about the available tools can be found in the SonarQube MCP Server documentation, on the https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/reference/tools page.

Configure your AI agent

The AI AGENTS CONFIGURATION view is only available when running an AI-enabled agent and offers two tools to help your AI agent engage with SonarQube (Server, Cloud).

Select Configure SonarQube MCP Server to use your connected mode credentials to install the SonarQube MCP Server. You will be prompted to complete your Connected mode setup if none exists.
Available in Cursor, Kiro, and Windsurf: Select Introduce SonarQube Rules File to create explicit instructions for your AI-powered IDE to produce secure, reliable, and maintainable code.
- The file provides SonarQube MCP Server instructions to your AI agent. As an example, it instructs the agent to disable SonarQube automatic analysis before starting code generation, and to enable it after the generation is complete. It also asks the agent to analyze changed files in batches, once the changes are done.

Install the Kiro power

Kiro powers give your agent specialized tools and knowledge refinement to minimize context overload. In addition to configuration details and troubleshooting tips, the SonarQube Code Quality & Security Power provides tools to help your agent complete these tasks:

Analyze code: Scan files or snippets for bugs, vulnerabilities, code smells, and technical debt across 30+ languages.
Security scanning: Detect security vulnerabilities, hotspots, and risks in third-party dependencies with SonarQube Advanced Security (SCA).
Quality metrics: Track coverage, complexity, duplication, and maintainability ratings; check quality gate status before deployment.
Issue management: Search, filter, and triage issues by severity or type; mark false positives or accept issues with documentation.
Project insights: Browse projects, view portfolios, and get quality dashboards for making informed decisions.

You can find the Sonar power entry listed on the Kiro website. Here's the direct launch link: https://kiro.dev/launch/powers/sonarqube. Complete details are available on our GitHub page.

AI CodeFix
SonarQube and AI agents in your IDE
Getting started with other Supported IDEs
Connected mode setup

PreviousCursor NextWindsurf

Last updated 3 days ago

Was this helpful?