Codex CLI

Set up the SonarQube MCP Server with Codex CLI and start using Sonar tools with your agent.

Codex CLI is OpenAI's terminal-based AI coding assistant. Use this MCP server setup when you want to use Sonar tools from within a Codex CLI workflow.

If you prefer using the SonarQube-hosted MCP server instead, see below.

Use the configuration generator

Use the official SonarQube MCP Server configuration generator to get a configuration code snippet for your setup:

Identify the target MCP Client.
Find your #common-variables.
Choose a hosting method.
Enter the information into the configuration generator.
Paste the generated configuration into your configuration file.

Manual setup

Environment variables

The following common variables are required. SONARQUBE_TOKEN applies to stdio transport only. For HTTP, HTTPS, or the embedded SonarQube Cloud MCP server, use the Authorization: Bearer <YourSonarQubeUserToken> header instead.

SONARQUBE_TOKEN: Your SonarQube user token (stdio transport).
SONARQUBE_ORG: Your SonarQube Cloud organization key. Required for SonarQube Cloud only.
SONARQUBE_URL: Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (https://sonarqube.us). Not needed for SonarQube Cloud in the EU region.

Important: Your SonarQube token is a sensitive credential. Use environment variables to pass tokens rather than hardcoding them in configuration files. Never commit tokens to version control.

Transport options

The SonarQube MCP Server supports three transport modes. Use Stdio for local development and most use cases, HTTPS for production and team deployments, and HTTP only on trusted internal networks.

Stdio (recommended)

Use Stdio for local development or when you're the only user. It's also the transport mode used in your Agentic Analysis and Context Augmentation workflows.

In your ~/.codex/config.toml file, add the following configuration:

Warning: User tokens are required when setting up connected mode or an MCP server between SonarQube Server and SonarQube for IDE. Your binding won't function properly if you use project tokens, global tokens, or scoped organization tokens during setup.

Note: This code sample configures the MCP server using Stdio transport, where SONARQUBE_TOKEN is passed as an environment variable.
For HTTPS, HTTP, or the SonarQube-hosted MCP server, the SONARQUBE_TOKEN header is deprecated. Pass the token using the "Authorization": "Bearer <YourSonarQubeUserToken>" header instead.

Tip: SONARQUBE_URL should be defined as https://sonarqube.us each time you use a SonarQube Cloud configuration (SONARQUBE_TOKEN + SONARQUBE_ORG) and want to connect to a US-region instance. See the Connecting to SonarQube Cloud in the US region section for details.

Codex CLI with SonarQube Cloud

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YourSonarQubeUserToken>", "SONARQUBE_ORG" = "<YourOrganizationName>" }

Codex CLI with SonarQube Server

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YourSonarQubeUserToken>", "SONARQUBE_URL" = "<YourSonarQubeServerURL>" }

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: Restart Codex CLI for the new MCP server configuration to take effect.

HTTPS

Use HTTPS when connecting Codex CLI to a shared MCP server deployed for a team. This requires an HTTPS transport server to be running and accessible.

Add the following to your ~/.codex/config.toml file:

[mcp_servers.sonarqube]
type = "https"
url = "https://<YourSonarQubeMCPServer>:8443/mcp"
headers = { "Authorization" = "Bearer <YourSonarQubeUserToken>" }

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: Restart Codex CLI for the new MCP server configuration to take effect.

HTTP

Important: The HTTP transport mode is not recommended. Use Stdio for local development or HTTPS for multi-user production deployments.

Use HTTP only on a trusted internal network or for local testing. This requires an HTTP transport server to be running.

Add the following to your ~/.codex/config.toml file:

[mcp_servers.sonarqube]
type = "http"
url = "http://<YourSonarQubeMCPServer>:8080/mcp"
headers = { "Authorization" = "Bearer <YourSonarQubeUserToken>" }

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: Restart Codex CLI for the new MCP server configuration to take effect.

Agentic analysis and context augmentation

To set up Agentic Analysis and Context Augmentation, the recommended methods are the SonarQube plugin or SonarQube CLI. See the Make your agent verify its code and Add context to generate better code pages.

When using these services, your SONARQUBE_TOKEN lets your local MCP server configured for Stdio mode authenticate to the SonarQube Cloud API. See the Agentic Analysis and Context Augmentation pages for more information.

SonarQube-hosted MCP server

To avoid running and maintaining your own MCP infrastructure while always using the current server version, connect to a SonarQube-hosted MCP server:

SonarQube Cloud-hosted: the MCP server embedded in SonarQube Cloud. It exposes a smaller, fixed subset of tools. See the SonarQube Cloud-hosted page.
SonarQube Server-hosted: the MCP server installed as an extension on SonarQube Server (Developer, Enterprise, and Data Center editions), available on SonarQube Server 2026.3 and later. See the SonarQube Server-hosted page.

Use Sonar tools from Codex CLI

Once connected, Codex CLI can call SonarQube MCP tools on your behalf. See the tools page for the full list of available tools.

PreviousClaude Code NextCursor

Last updated 7 hours ago

Was this helpful?