Ctrlk

About the MCP Server

The SonarQube MCP Server is a Model Context Protocol (MCP) server that connects your AI coding agent to SonarQube's code quality and security data.

The SonarQube MCP Server gives your AI coding agent access to SonarQube's code quality and security data. It's a tool bag: a set of tools your agent can call to analyze code, retrieve issues, check quality gates, inspect security hotspots, measure coverage, and more.

It works with Claude Code, Codex CLI, Cursor, Gemini CLI, GitHub Copilot CLI, GitHub Copilot Cloud Agent, Kiro, VS Code, Windsurf, and Zed.

It also powers the SonarQube agent through GitHub agent apps.

Overview of the SonarQube MCP Server setup.

Tools

The server exposes tools in these categories:

  • Analysis: analyze code snippets or files directly in the agent context

  • Issues: search, review, and update code issues

  • Quality gates: check quality gate status for a project

  • Security Hotspots: search and review security hotspots

  • Coverage: find under-covered files and get line-by-line coverage details

  • Projects: search projects and pull requests

  • Dependency risks: SCA issues found in a project

  • Context Augmentation: code architecture search, call flows, coding guidelines, and SCA dependency checks (SonarQube Cloud)

See the Tools page for the full reference.

Some tools require SonarQube Cloud add-ons: Agentic Analysis and Context Augmentation. To set these up, the recommended methods are the SonarQube plugin or SonarQube CLI. See the Make your agent verify its code and Add context to generate better code pages.

Data and telemetry

The SonarQube MCP Server collects anonymous usage data and sends it to Sonar to help improve the product. Sonar doesn't collect your IP address, your source code, or share data with anyone else.

Collection of telemetry can be disabled with: TELEMETRY_DISABLED=true. For a sample of the data collected, see telemetry-sample.md in the source repository.

License

Licensed under the SONAR Source-Available License v1.0. Using the SonarQube MCP Server in compliance with this documentation is a Non-Competitive Purpose and so is allowed under the SSAL.

Your use of SonarQube via MCP is governed by the SonarQube Cloud Terms of Service or SonarQube Server Terms and Conditions, including use of the Results Data solely for your internal software development purposes.

Next steps

Read the Environment considerations to find the setup that matches your needs and follow the quickstart guides to quickly get started with your favorite IDE or CLI.

PreviousMCP ServerNextSetup

Last updated

Was this helpful?