SonarQube MCP Server

The SonarQube MCP Server is designed to integrate code quality and code security tools with your favorite MCP clients.

The SonarQube MCP Server is an Alpha release. For information about what this means, see the SonarQube (Server, Cloud) pages about our release cycle:

The Product release lifecycle for SonarQube Server
The Product release lifecycle for SonarQube Cloud

The SonarQube MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with SonarQube Server or SonarQube Cloud for code quality and code security. It also enables the analysis of code snippets directly within the agent context.

Overview

The SonarQube MCP Server allows you to retrieve information and perform actions on your SonarQube Server instance or SonarQube Cloud organization. It is compatible with MCP clients listed in the Prerequisites below.

Upon receiving a request from an MCP client, the SonarQube MCP Server calls the SonarQube Server or SonarQube Cloud API to perform actions:

Overview of the SonarQube MCP Server setup.

Prerequisites

For the Docker container installation: Docker installed.
For the local build:
- Java Development Kit (JDK), version 21 or later
- Gradle
One of the MCP Clients compatible with the SonarQube MCP Server, for example:
- Cursor
- VS Code with GitHub Copilot
- Windsurf, where SonarQube MCP Server is listed as a security-focused extension.
- Claude Code
- Gemini CLI
You must be running an instance of SonarQube Server 2025.1 or newer, have an organization on SonarQube Cloud, or be running an instance of SonarQube Community Build.

Launch the SonarQube MCP Server with Docker

The SonarQube MCP Server can be launched in two ways: With a Docker container (recommended), or from a JAR file built locally.

The recommended method is to rely on the official Docker image hosted at mcp/sonarqube by following the Quick configuration or Manual configuration instructions below to integrate your MCP Server with SonarQube Cloud.

MCP Server setup in your IDE

The setup instructions below contain code samples for both SonarQube Cloud and SonarQube Server. If you're using SonarQube Community Build, use the code samples for SonarQube Server.

Setup in Cursor

Quick configuration

You can use the following link to quickly set up the SonarQube MCP Server in Cursor. This will generate a configuration file in Cursor and automatically fill it with your environment variables. Make sure your Environment Variables are configured first.

Manual configuration

For a manual configuration, add this MCP configuration to your mcp.json file, at the location specified in the Cursor documentation. The main difference between the server setup of SonarQube Cloud and SonarQube server is:

SonarQube Cloud requires a user token and an organization name.
SonarQube Server and SonarQube Community Build require a user token and server URL.

Cursor with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
      }
    }
  }
}

Cursor with SonarQube Server

{
  "mcpServers": {
    "SonarQube Cloud MCP": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_URL": "<YourSonarQubeURL>"
      },
    }
  }
}

For more information on the environment variables and how to retrieve the token and organization information, see the Environment Variables article below.

Once you’ve set up the Sonar MCP Server, the configuration appears under Tools & Integrations in Cursor.

Using the SonarQube MCP Server tools

You can use the Cursor chat to use one of the available tools, for example, by typing: "search my sonarQube projects".

Setup in VS Code with GitHub Copilot

To use the SonarQube MCP server in VS Code, you must first install Copilot Chat.

Quick configuration

You can use the following link to quickly set up the SonarQube MCP Server in VS Code with GitHub Copilot. This will generate a configuration file in VS Code and automatically fill it with your environment variables. Make sure your environment variables (see section below) are configured first.

Connect to SonarQube Cloud

Manual configuration

Follow the VS Code instructions and add the SonarQube MCP Server to your .vscode/mcp.json file. The main difference between the server setup of SonarQube Cloud and SonarQube server is:

SonarQube Cloud requires a user token and an organization name.
SonarQube Server and SonarQube Community Build require a user token and server URL.

Copilot with SonarQube Cloud

{
  "mcp": {
    "servers": {
      "sonarqube": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "-e",
          "SONARQUBE_TOKEN",
          "-e",
          "SONARQUBE_ORG",
          "mcp/sonarqube"
        ],
        "env": {
          "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
          "SONARQUBE_ORG": "<YourOrganizationName>"
        }
      }
    }
  }
}

{ "mcp": { "servers": { "sonarqube": { "command": "docker", "args": [ "run", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube" ], "env": { "SONARQUBE_TOKEN": "<YourSonarQubeToken>", "SONARQUBE_ORG": "<YourOrganizationName>" } } } }}{ "servers": { "command": "docker", "args": [ "run", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube" ], "env": { "SONARQUBE_TOKEN": "<token>", "SONARQUBE_ORG": "<org>" } }}

For more information on the environment variables and how to retrieve the token and organization information, see the Environment Variables article below

Copilot with SonarQube Server

{
    "servers": {
        "command": "docker",
        "args": [
            "run",
            "-i",
            "--rm",
            "-e",
            "SONARQUBE_TOKEN",
            "-e",
            "SONARQUBE_ORG",
            "mcp/sonarqube"
        ],
        "env": {
          "SONARQUBE_TOKEN": "<token>",
          "SONARQUBE_ORG": "<org>"
    }
  }
}

Using the SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server in VS Code, you can use the tools it provides in agent mode. See the VS Code documentation for more information. See also the SonarQube MCP Server article below.

Setup in Windsurf

SonarQube MCP Server is available as a Windsurf plugin. Follow these instructions:

Click on the Plugins button at the top right of the Cascade view
Search for sonarqube on the Plugin store
Click Install
Add the required SonarQube token. Then add the organization key if you want to connect with SonarQube Cloud, or the SonarQube URL if you want to connect to SonarQube Server or Community Build.

Using the SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server in Windsurf, you can use the tools it provides in the agent mode. See the Windsurf docs for more information on adding explicit context.

Setup with Claude Code

The following section explains how to set up the SonarQube MCP Server with Claude Code. For full details on installing MCP Servers with Claude Code, refer to the official Anthropic docs.

As a local stdio server

The claude mcp add sonarqube command allows you to set up the SonarQube MCP Server as a local stdio server:

claude mcp add sonarqube --env SONARQUBE_TOKEN=<YOUR_TOKEN> --env SONARQUBE_ORG=<YOUR_ORGANIZATION> -- docker run -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG mcp/sonarqube

Manual configuration

For a manual configuration, add this MCP configuration to your ~/.claude.json file. The main difference between the server setup of SonarQube Cloud and SonarQube Server is:

SonarQube Cloud requires a user token and an organization name.
SonarQube Server and SonarQube Community Build require a user token and server URL.

Claude Code with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
      }
    }
  }
}

Claude Code with SonarQube Server

{
  "mcpServers": {
    "sonarqube": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_URL": "<YourSonarQubeURL>"
      }
    }
  }
}

See also The SonarQube MCP Server tools article below.

Setup in Gemini CLI

Install our MCP server extension by using the following command:

gemini extensions install https://github.com/SonarSource/sonarqube-mcp-server

You will need to set the required environment variables before starting Gemini:

SONARQUBE_TOKEN="<token>"
SONARQUBE_ORG="<org>" // For SonarQube Cloud, empty otherwise
SONARQUBE_URL="<url>" // For SonarQube Server, empty otherwise

Once installed, the extension will be found at: <Home>/.gemini/extensions/sonarqube-mcp-server/gemini-extension.json.

The SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server with your IDE, you can start using the SonarQube MCP Server tools available in the sonarqube-mcp-server GitHub repository.

Analyzing code snippets directly within the agent context

Once the MCP Server is set up, you can analyze code snippets directly within your agent context.

Example in Cursor

In the chat, you can the agent to perform the following actions:

"analyze the current file with SonarQube".
"analyze the following piece of code with SonarQube" to analyze a piece of code that you paste into the chat. Note that this command has limitations as some analyzers require the full context of the file to run an analysis.

Example of "analyze the current file with SonarQube" in Cursor

You can also add explicit context for the analysis. See the Cursor documentation for more details on adding context.

New and improved SonarQube MCP Server tools are continuously being added. If the tool you want is not available, remember you can ask the IDE to filter results to help investigate and mange the issues it reports.

Environment Variables

Depending on which Sonar product you want the MCP Server to connect to, you should provide specific environment variables.

To enable full functionality, the following environment variables must be set before starting the SonarQube MCP Server.

Environment variable

Description

SONARQUBE_TOKEN

Your SonarQube Cloud token (see Managing Personal Access Tokens) or your SonarQube Server token (see Managing your tokens)

SONARQUBE_ORG

For SonarQube Cloud only.

Your SonarQube Cloud organization key

SONARQUBE_URL

For SonarQube Server or SonarQube Community Build only.

Your SonarQube Server base URL.

Storage PATH

Required only if you build the SonarQube MCP Server locally. You should add the following variable when running the MCP Server:

Environment variable

Description

STORAGE_PATH

An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence)

Build the SonarQube MCP Server locally

We recommend setting up the SonarQube MCP Server with Docker as mentioned above, but if you need to build it locally, follow these steps:

Clone the SonarQube MCP Server project from the sonarqube-mcp-server repository.
Run the following Gradle command to clean the project and build the application: ./gradlew clean build -x test. The JAR file will be created in build/libs/.
Perform the manual installation as explained below.

If you prefer, the JAR file is downloadable as an Asset on the MCP server Releases page.

Manual installation

After you’ve built the SonarQube MCP Server locally, you’ll need to manually install it in your MCP client. Add the following to your MCP configuration’s JSON file.

The main difference between the server setup of SonarQube Cloud and SonarQube server is:

SonarQube Cloud requires a user token and an organization name.
SonarQube Server and SonarQube Community Build require a user token and server URL.

{
  "sonarqube": {
    "command": "java",
    "args": [
        "-jar",
        "<PathToYourSonarQubeMCPServerJAR>"
    ],
    "env": {
        "STORAGE_PATH": "<PathToYourMCPStorage>",
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
    }
  }
}

{
  "sonarqube": {
    "command": "java",
    "args": [
      "-jar",
      "<PathToYourSonarQubeMCPServerJAR>"
      ],
      "env": {
        "STORAGE_PATH": "<PathToYourMCPStorage>",
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_URL": "<YourSonarQubeURL>"
    }
  }
}

Tools

Once the SonarQube MCP server is connected, its tools become available. The current list of all tools available with the SonarQube MCP Server are listed in the SonarQube MCP Server repository.

Last updated 1 day ago

Was this helpful?