# Codex CLI [Codex CLI](https://github.com/openai/codex) is OpenAI's terminal-based AI coding assistant. Use this MCP server setup when you want to use Sonar tools from within a Codex CLI workflow. If you prefer using the [SonarQube Cloud-hosted MCP server](#sonarqube-cloud-hosted-mcp-server) instead, see below. ## Use the configuration generator Use the official [SonarQube MCP Server configuration generator](https://mcp.sonarqube.com/config-generator.html) to get a configuration code snippet for your setup: 1. Identify the target MCP Client. 2. Find your [#common-variables](/sonarqube-developer-tools/sonarqube-mcp-server/reference/environment-variables.md#common-variables). 3. Choose a [hosting method](/sonarqube-developer-tools/sonarqube-mcp-server/setup/environment-considerations.md#hosting-method). 4. Enter the information into the configuration generator. 5. Paste the generated configuration into your configuration file. ## Manual setup ### Environment variables The following [common variables](/sonarqube-developer-tools/sonarqube-mcp-server/reference/environment-variables.md#common-variables) are required. `SONARQUBE_TOKEN` applies to stdio transport only. For HTTP, HTTPS, or the embedded SonarQube Cloud MCP server, use the `Authorization: Bearer ` header instead. * `SONARQUBE_TOKEN`: Your SonarQube user token (stdio transport). * `SONARQUBE_ORG`: Your SonarQube Cloud organization key. Required for SonarQube Cloud only. * `SONARQUBE_URL`: Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (`https://sonarqube.us`). Not needed for SonarQube Cloud in the EU region. > **Important:** Your SonarQube token is a sensitive credential. Use environment variables to pass tokens rather than hardcoding them in configuration files. Never commit tokens to version control. ### Transport options The SonarQube MCP Server supports three transport modes. Use [Stdio](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#local-server-stdio) for local development and most use cases, [HTTPS](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#https) for production and team deployments, and [HTTP](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#http) only on trusted internal networks. #### Stdio (recommended) Use [Stdio](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#local-server-stdio) for local development or when you're the only user. It's also the transport mode used in your [Agentic Analysis](/agent-centric-development-cycle/features/agentic-analysis.md) and [Context Augmentation](/agent-centric-development-cycle/features/context-augmentation.md) workflows. In your `~/.codex/config.toml` file, add the following configuration: > **Warning:** *User tokens* are required when setting up connected mode or an MCP server between SonarQube Server and SonarQube for IDE. Your binding won't function properly if you use *project tokens*, *global tokens*, or *scoped organization tokens* during setup. > **Note:** This code sample configures the MCP server using [Stdio](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#local-server-stdio) transport, where `SONARQUBE_TOKEN` is passed as an environment variable. > > For [HTTPS](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#https), [HTTP](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#http), or the [SonarQube Cloud-hosted MCP server](#sonarqube-cloud-hosted-mcp-server), the `SONARQUBE_TOKEN` header is deprecated. Pass the token using the `"Authorization": "Bearer "` header instead. > **Tip:** SONARQUBE\_URL should be defined as `https://sonarqube.us` each time you use a SonarQube Cloud configuration (`SONARQUBE_TOKEN` + `SONARQUBE_ORG`) and want to connect to a US-region instance. See the [Connecting to SonarQube Cloud in the US region](/sonarqube-developer-tools/sonarqube-mcp-server/setup/environment-considerations.md#connecting-to-sonarqube-cloud-in-the-us-region) section for details. **Codex CLI with SonarQube Cloud** ```toml [mcp_servers.sonarqube] command = "docker" args = ["run", "--rm", "-i", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"] env = { "SONARQUBE_TOKEN" = "", "SONARQUBE_ORG" = "" } ``` **Codex CLI with SonarQube Server** ```toml [mcp_servers.sonarqube] command = "docker" args = ["run", "--rm", "-i", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "mcp/sonarqube"] env = { "SONARQUBE_TOKEN" = "", "SONARQUBE_URL" = "" } ``` > **Tip:** To verify the connection, ask your AI agent to call the SonarQube MCP `ping_system` tool. For example: *"Ping the SonarQube MCP server."* > **Note:** Restart Codex CLI for the new MCP server configuration to take effect. #### HTTPS Use HTTPS when connecting Codex CLI to a shared MCP server deployed for a team. This requires an [HTTPS transport server](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#https) to be running and accessible. Add the following to your `~/.codex/config.toml` file: ```toml [mcp_servers.sonarqube] type = "https" url = "https://:8443/mcp" headers = { "Authorization" = "Bearer " } ``` > **Tip:** To verify the connection, ask your AI agent to call the SonarQube MCP `ping_system` tool. For example: *"Ping the SonarQube MCP server."* > **Note:** Restart Codex CLI for the new MCP server configuration to take effect. #### HTTP > **Important:** The [HTTP](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#http) transport mode is not recommended. Use [Stdio](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#stdio) for local development or [HTTPS](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#https) for multi-user production deployments. Use HTTP only on a trusted internal network or for local testing. This requires an [HTTP transport server](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#http) to be running. Add the following to your `~/.codex/config.toml` file: ```toml [mcp_servers.sonarqube] type = "http" url = "http://:8080/mcp" headers = { "Authorization" = "Bearer " } ``` > **Tip:** To verify the connection, ask your AI agent to call the SonarQube MCP `ping_system` tool. For example: *"Ping the SonarQube MCP server."* > **Note:** Restart Codex CLI for the new MCP server configuration to take effect. ## Agentic analysis and context augmentation When using Agentic Analysis and Context Augmentation services, your `SONARQUBE_TOKEN` lets your local MCP server configured for [Stdio](/sonarqube-developer-tools/sonarqube-mcp-server/setup/self-hosted.md#local-server-stdio) mode authenticate to the SonarQube Cloud API. See [Agentic Analysis](/agent-centric-development-cycle/features/agentic-analysis.md) and [Context Augmentation](/agent-centric-development-cycle/features/context-augmentation.md) for more information. ## SonarQube Cloud-hosted MCP server Use the SonarQube Cloud-hosted MCP server to avoid running and maintaining your own MCP infrastructure while always using the current server version. The embedded server exposes a smaller, fixed subset of tools; for the available toolsets and configuration details, see the [SonarQube Cloud-hosted](/sonarqube-developer-tools/sonarqube-mcp-server/setup/sonarqube-cloud-hosted.md) page. ## Use Sonar tools from Codex CLI Once connected, Codex CLI can call SonarQube MCP tools on your behalf. See the [tools](/sonarqube-developer-tools/sonarqube-mcp-server/reference/tools.md) page for the full list of available tools. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-developer-tools/sonarqube-mcp-server/setup/quickstart-guides/codex-cli.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.