SonarQube MCP Server

The SonarQube MCP Server is designed to integrate code quality and code security tools with your favorite MCP clients.

The SonarQube MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with SonarQube Server or SonarQube Cloud for code quality and code security. It also enables the analysis of code snippets directly within the agent context.

Overview

The SonarQube MCP Server allows you to retrieve information and perform actions on your SonarQube Server instance or SonarQube Cloud organization. It is compatible with MCP clients listed in the Prerequisites below.

Upon receiving a request from an MCP client, the SonarQube MCP Server calls the SonarQube Server or SonarQube Cloud API to perform actions:

Overview of the SonarQube MCP Server setup.

Prerequisites

  • For the Docker container installation: Docker installed.

  • For the local build:

    • Java Development Kit (JDK), version 21 or later

    • Gradle

  • One of the MCP Clients compatible with the SonarQube MCP Server, for example:

    • Claude Code

    • Cursor

    • Gemini CLI

    • VS Code with GitHub Copilot

    • Windsurf, where SonarQube MCP Server is listed as a security-focused extension.

    • Zed editor. The SonarQube MCP Server is available as a Zed extension.

  • You must have an organization on SonarQube Cloud, be running an instance of SonarQube Server 2025.1 or newer, or be running an instance of SonarQube Community Build.

    1. For connecting to SonarQube Cloud, you'll need a SONARQUBE_ORG and SONARQUBE_TOKEN. See the Managing Personal Access Tokens page for details.

    2. For connecting to SonarQube Server or SonarQube Community Build, you'll need a SONARQUBE_URL and SONARQUBE_TOKEN. See the Managing your tokens page for details about user tokens.

Using the server

To get started using the SonarQube Server, use the Quickstart guide, read about how to Build and configure your server, then review all the Tools at your disposal.

When you're ready, check out the Using SonarQube MCP Server page where there's information about integrating with SonarQube for IDE and some examples about Analyzing code snippets in the agent.

If needed, there's some Help and Troubleshooting resources at your disposal.

Data and telemetry

The SonarQube MCP Server collects anonymous usage data and sends it to Sonar to help improve the product. None of your source code nor your IP address is collected, and Sonar does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. See this page in the source repository to see a sample of the data that is collected.

License

Licensed under the SONAR Source-Available License v1.0. Using the SonarQube MCP Server in compliance with this documentation is a Non-Competitive Purpose and so is allowed under the SSAL.

Your use of SonarQube via MCP is governed by the SonarQube Cloud Terms of Service or SonarQube Server Terms and Conditions, including use of the Results Data solely for your internal software development purposes.

NextQuickstart guide

Last updated

Was this helpful?