GitHub Copilot cloud agent

Set up the SonarQube MCP Server with the GitHub Copilot cloud agent and start using Sonar tools in your CI/CD environment.

The GitHub Copilot cloud agent is an autonomous AI agent that operates inside your GitHub repository and CI/CD environment. Use this MCP server setup when you want Sonar tools available to the cloud agent during pull request workflows and automated tasks.

If you prefer using the SonarQube-hosted MCP server instead, see below.

If you're setting up the SonarQube agent through GitHub agent apps, see Agent apps for GitHub instead.

Use the configuration generator

Use the official SonarQube MCP Server configuration generator to get a configuration code snippet for your setup:

Identify the target MCP Client.
Find your #common-variables.
Choose a hosting method.
Enter the information into the configuration generator.
Paste the generated configuration into your configuration file.

Manual setup

Environment variables

The cloud agent uses GitHub repository or organization secrets to supply environment variables to the MCP server. Only secrets with names prefixed with COPILOT_MCP_ are available to your MCP configuration.

To add the required secrets to your repository, navigate to Settings > Secrets and variables > Agents > Secrets > New repository secret, and create one secret per environment variable your MCP server needs. To make the secrets available across all repositories in your organization, add them at the organization's Settings > Secrets and variables > Agents > Secrets > New organization secret instead.

For more details, see GitHub's documentation on configuring secrets and variables for the Copilot cloud agent and on setting up a Copilot environment for Copilot cloud agent.

The following common variables are required, stored as COPILOT_MCP_-prefixed secrets:

SONARQUBE_TOKEN (stored as COPILOT_MCP_SONARQUBE_TOKEN): Your SonarQube user token (stdio transport).
SONARQUBE_ORG (stored as COPILOT_MCP_SONARQUBE_ORG): Your SonarQube Cloud organization key. Required for SonarQube Cloud only.
SONARQUBE_URL (stored as COPILOT_MCP_SONARQUBE_URL): Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (https://sonarqube.us). Not needed for SonarQube Cloud in the EU region.

Transport options

The SonarQube MCP Server supports three transport modes. Use Stdio for local development and most use cases, HTTPS for production and team deployments, and HTTP only on trusted internal networks.

Stdio (recommended)

Use Stdio when the cloud agent needs to spin up its own MCP server process within the CI/CD environment. It's also the transport mode used in your Agentic Analysis and Context Augmentation workflows.

In your GitHub repository, navigate to Settings > Code, planning, and automation > Copilot > Cloud agent and add the following configuration in the MCP configuration section:

Warning: User tokens are required when setting up connected mode or an MCP server between SonarQube Server and SonarQube for IDE. Your binding won't function properly if you use project tokens, global tokens, or scoped organization tokens during setup.

Note: This code sample configures the MCP server using Stdio transport, where SONARQUBE_TOKEN is passed as an environment variable.
For HTTPS, HTTP, or the SonarQube-hosted MCP server, the SONARQUBE_TOKEN header is deprecated. Pass the token using the "Authorization": "Bearer <YourSonarQubeUserToken>" header instead.

Note: SONARQUBE_URL should be defined as https://sonarqube.us each time you use a SonarQube Cloud configuration (SONARQUBE_TOKEN + SONARQUBE_ORG) and want to connect to a US-region instance. See the Connecting to SonarQube Cloud in the US region section for details.

GitHub Copilot cloud agent with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_ORG=$SONAR_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONAR_ORG": "COPILOT_MCP_SONARQUBE_ORG",
        //"SONAR_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}

GitHub Copilot cloud agent with SonarQube Server

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_URL=$SONAR_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONAR_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: No restart is required. Each Copilot cloud agent task runs in a fresh environment and picks up your updated COPILOT_MCP_* secrets automatically.

HTTPS

Use HTTPS when connecting the cloud agent to a shared MCP server deployed for a team. This requires an HTTPS transport server to be running and accessible.

In your GitHub repository, navigate to Settings > Code, planning, and automation > Copilot > Cloud agent and add the following configuration in the MCP configuration section:

{
  "mcpServers": {
    "sonarqube": {
      "type": "https",
      "url": "https://<YourSonarQubeMCPServer>:8443/mcp",
      "headers": {
        "Authorization": "Bearer COPILOT_MCP_SONARQUBE_TOKEN"
      },
      "tools": ["*"]
    }
  }
}

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: No restart is required. Each Copilot cloud agent task runs in a fresh environment and picks up your updated COPILOT_MCP_* secrets automatically.

HTTP

Important: The HTTP transport mode is not recommended. Use Stdio for local development or HTTPS for multi-user production deployments.

Use HTTP only on a trusted internal network or for local testing. This requires an HTTP transport server to be running.

In your GitHub repository, navigate to Settings > Code, planning, and automation > Copilot > Cloud agent and add the following configuration in the MCP configuration section:

{
  "mcpServers": {
    "sonarqube": {
      "type": "http",
      "url": "http://<YourSonarQubeMCPServer>:8080/mcp",
      "headers": {
        "Authorization": "Bearer COPILOT_MCP_SONARQUBE_TOKEN"
      },
      "tools": ["*"]
    }
  }
}

Tip: To verify the connection, ask your AI agent to call the SonarQube MCP ping_system tool. For example: "Ping the SonarQube MCP server."

Note: No restart is required. Each Copilot cloud agent task runs in a fresh environment and picks up your updated COPILOT_MCP_* secrets automatically.

Agentic analysis and context augmentation

To set up Agentic Analysis and Context Augmentation, the recommended methods are the SonarQube plugin or SonarQube CLI. See the Make your agent verify its code and Add context to generate better code pages.

When using these services, your SONARQUBE_TOKEN lets your local MCP server configured for Stdio mode authenticate to the SonarQube Cloud API. See the Agentic Analysis and Context Augmentation pages for more information.

SonarQube-hosted MCP server

To avoid running and maintaining your own MCP infrastructure while always using the current server version, connect to a SonarQube-hosted MCP server:

SonarQube Cloud-hosted: the MCP server embedded in SonarQube Cloud. It exposes a smaller, fixed subset of tools. See the SonarQube Cloud-hosted page.
SonarQube Server-hosted: the MCP server installed as an extension on SonarQube Server (Developer, Enterprise, and Data Center editions), available on SonarQube Server 2026.3 and later. See the SonarQube Server-hosted page.

Use Sonar tools from the cloud agent

Once connected, the GitHub Copilot cloud agent can call SonarQube MCP tools during its automated workflows. See the tools page for the full list of available tools.

PreviousGitHub Copilot CLI NextKiro

Last updated 7 hours ago

Was this helpful?