# SonarQube MCP Server

The SonarQube MCP Server gives your AI coding agent access to SonarQube's code quality and security data. It is a tool bag: a set of tools your agent can call to analyze code, retrieve issues, check quality gates, inspect security hotspots, measure coverage, and more.

It works with [Claude Code](/sonarqube-mcp-server/quickstart-guide/claude-code.md), [Codex CLI](/sonarqube-mcp-server/quickstart-guide/codex-cli.md), [Cursor](/sonarqube-mcp-server/quickstart-guide/cursor.md), [Gemini CLI](/sonarqube-mcp-server/quickstart-guide/gemini-cli.md), [VS Code with GitHub Copilot](/sonarqube-mcp-server/quickstart-guide/vs-code.md), [GitHub Copilot CLI](/sonarqube-mcp-server/quickstart-guide/github-copilot-cli.md), [GitHub Copilot cloud agent](/sonarqube-mcp-server/quickstart-guide/github-copilot-cloud-agent.md), [Kiro](/sonarqube-mcp-server/quickstart-guide/kiro.md), [Windsurf](/sonarqube-mcp-server/quickstart-guide/windsurf.md), and [Zed](/sonarqube-mcp-server/quickstart-guide/zed.md).

<figure><img src="/spaces/KXW79zfYFiA8incTvwZK/files/1aQsVxN4965WbY8uLZ5w" alt="Overview of the SonarQube MCP Server setup."><figcaption></figcaption></figure>

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* A supported MCP client (see the [#set-up-in-your-ide-or-cli](#set-up-in-your-ide-or-cli "mention") list below).
* One of:
  * A SonarQube Cloud organization (including US region).
  * SonarQube Server 2025.1 or newer.
  * SonarQube Community Build.
* For self-hosted deployment: a container management tool to run the container image (for example, Docker), or JDK 21+ to build from source.

## Deployment options

### Embedded in SonarQube Cloud

Connect directly to SonarQube Cloud's hosted MCP endpoint. No local setup required. The embedded server uses a focused subset of tools; tools that require local filesystem access are not available. See [MCP Server](/sonarqube-cloud/ai-capabilities/sonarqube-mcp-server.md#tool-availability-with-sonarqube-cloud) for details.

Use the embedded SonarQube Cloud MCP server to avoid running and maintaining your own MCP infrastructure while always using the current server version. The embedded server exposes a smaller, fixed subset of tools; for the available toolsets and configuration details, check SonarQube Cloud's [MCP Server](/sonarqube-cloud/ai-capabilities/sonarqube-mcp-server.md#mcp-server-in-sonarqube-cloud) page.

### Self-hosted with the container image

Run the official [mcp/sonarqube](https://hub.docker.com/r/mcp/sonarqube) container image using stdio transport for local development, or HTTPS transport for a shared team server. This gives access to the full tool set. See the [Quickstart guide](/sonarqube-mcp-server/quickstart-guide.md) or [Configure your MCP server](/sonarqube-mcp-server/build-and-configure/configure.md).

### Build from source

For custom deployments, build the server from scratch using JDK 21+ and Gradle, or use [the JAR file](https://binaries.sonarsource.com/?prefix=Distribution/sonarqube-mcp-server/) that we've made available. See [Build your MCP Server](/sonarqube-mcp-server/build-and-configure/build.md) for the complete details.

## Set up in your IDE or CLI

Before going to your IDE page, check the [Quickstart guide](/sonarqube-mcp-server/quickstart-guide.md) for general setup steps that apply to all configurations.

Choose your IDE or CLI for step-by-step setup instructions:

* [Claude Code](/sonarqube-mcp-server/quickstart-guide/claude-code.md)
* [Codex CLI](/sonarqube-mcp-server/quickstart-guide/codex-cli.md)
* [Cursor](/sonarqube-mcp-server/quickstart-guide/cursor.md)
* [Gemini CLI](/sonarqube-mcp-server/quickstart-guide/gemini-cli.md)
* [VS Code with GitHub Copilot](/sonarqube-mcp-server/quickstart-guide/vs-code.md)
* [GitHub Copilot CLI](/sonarqube-mcp-server/quickstart-guide/github-copilot-cli.md)
* [GitHub Copilot cloud agent](/sonarqube-mcp-server/quickstart-guide/github-copilot-cloud-agent.md)
* [Kiro](/sonarqube-mcp-server/quickstart-guide/kiro.md)
* [Windsurf](/sonarqube-mcp-server/quickstart-guide/windsurf.md)
* [Zed](/sonarqube-mcp-server/quickstart-guide/zed.md)

## Tools

The server exposes tools in these categories:

* [Tools](/sonarqube-mcp-server/using/tools.md#analysis): analyze code snippets or files directly in the agent context
* [Tools](/sonarqube-mcp-server/using/tools.md#issues): search, review, and update code issues
* [Tools](/sonarqube-mcp-server/using/tools.md#quality-gates): check quality gate status for a project
* [Tools](/sonarqube-mcp-server/using/tools.md#security-hotspots): search and review security hotspots
* [Tools](/sonarqube-mcp-server/using/tools.md#coverage): find under-covered files and get line-by-line coverage details
* [Tools](/sonarqube-mcp-server/using/tools.md#projects): search projects and pull requests
* [Tools](/sonarqube-mcp-server/using/tools.md#dependency-risks): SCA issues found in a project
* [Tools](/sonarqube-mcp-server/using/tools.md#context-augmentation): code architecture search, call flows, coding guidelines, and SCA dependency checks (SonarQube Cloud)

See the [Tools](/sonarqube-mcp-server/using/tools.md) page for the full reference.

Some tools require SonarQube Cloud add-ons: [Agentic Analysis](/sonarqube-cloud/analyzing-source-code/agentic-analysis.md) and [Context Augmentation](/sonarqube-cloud/analyzing-source-code/context-augmentation.md).

## Data and telemetry

The SonarQube MCP Server collects anonymous usage data and sends it to Sonar to help improve the product. Sonar does not collect your IP address, does not collect your source code, and does not share the data with anyone else.

Collection of telemetry can be disabled with: `TELEMETRY_DISABLED=true`. See [this page in the source repository](https://github.com/SonarSource/sonarqube-mcp-server/blob/master/telemetry-sample.md) for a sample of the data collected.

## License

Licensed under the [SONAR Source-Available License v1.0](https://www.sonarsource.com/license/ssal/). Using the SonarQube MCP Server in compliance with this documentation is a Non-Competitive Purpose and so is allowed under the SSAL.

Your use of SonarQube via MCP is governed by the [SonarQube Cloud Terms of Service](https://www.sonarsource.com/legal/sonarcloud/terms-of-service/) or [SonarQube Server Terms and Conditions](https://www.sonarsource.com/legal/sonarqube/terms-and-conditions/), including use of the Results Data solely for your internal software development purposes.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-mcp-server/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.