# SonarQube MCP Server

The SonarQube MCP Server gives your AI coding agent access to SonarQube's code quality and security data. It is a tool bag: a set of tools your agent can call to analyze code, retrieve issues, check quality gates, inspect security hotspots, measure coverage, and more.

It works with [claude-code](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/claude-code "mention"), [codex-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/codex-cli "mention"), [cursor](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/cursor "mention"), [gemini-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/gemini-cli "mention"), [vs-code](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/vs-code "mention"), [github-copilot-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/github-copilot-cli "mention"), [github-copilot-coding-agent](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/github-copilot-coding-agent "mention"), [kiro](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/kiro "mention"), [windsurf](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/windsurf "mention"), and [zed](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/zed "mention").

<figure><img src="broken-reference" alt="Overview of the SonarQube MCP Server setup."><figcaption></figcaption></figure>

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* A supported MCP client (see the [#set-up-in-your-ide-or-cli](#set-up-in-your-ide-or-cli "mention") list below).
* One of:
  * A SonarQube Cloud organization (including US region).
  * SonarQube Server 2025.1 or newer.
  * SonarQube Community Build.
* For self-hosted deployment: a container management tool to run the container image (for example, Docker), or JDK 21+ to build from source.

## Deployment options

### Embedded in SonarQube Cloud

Connect directly to SonarQube Cloud's hosted MCP endpoint. No local setup required. The embedded server uses a focused subset of tools; tools that require local filesystem access are not available. See [SonarQube MCP Server #Tool availability with SonarQube Cloud](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/ai-capabilities/sonarqube-mcp-server#tool-availability-with-sonarqube-cloud "mention") for details.

Use the embedded SonarQube Cloud MCP server to avoid running and maintaining your own MCP infrastructure while always using the current server version. The embedded server exposes a smaller, fixed subset of tools; for the available toolsets and configuration details, check SonarQube Cloud's [SonarQube MCP Server #MCP Server in SonarQube Cloud](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/ai-capabilities/sonarqube-mcp-server#mcp-server-in-sonarqube-cloud "mention") page.

### Self-hosted with the container image

Run the official [mcp/sonarqube](https://hub.docker.com/r/mcp/sonarqube) container image using stdio transport for local development, or HTTPS transport for a shared team server. This gives access to the full tool set. See the [quickstart-guide](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide "mention") or [configure](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure "mention").

### Build from source

For custom deployments, build the server from scratch using JDK 21+ and Gradle, or use [the JAR file](https://binaries.sonarsource.com/?prefix=Distribution/sonarqube-mcp-server/) that we've made available. See [build](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/build "mention") for the complete details.

## Set up in your IDE or CLI

Before going to your IDE page, check the [quickstart-guide](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide "mention") for general setup steps that apply to all configurations.

Choose your IDE or CLI for step-by-step setup instructions:

* [claude-code](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/claude-code "mention")
* [codex-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/codex-cli "mention")
* [cursor](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/cursor "mention")
* [gemini-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/gemini-cli "mention")
* [vs-code](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/vs-code "mention")
* [github-copilot-cli](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/github-copilot-cli "mention")
* [github-copilot-coding-agent](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/github-copilot-coding-agent "mention")
* [kiro](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/kiro "mention")
* [windsurf](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/windsurf "mention")
* [zed](https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/zed "mention")

## Tools

The server exposes tools in these categories:

* [#analysis](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#analysis "mention"): analyze code snippets or files directly in the agent context
* [#issues](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#issues "mention"): search, review, and update code issues
* [#quality-gates](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#quality-gates "mention"): check quality gate status for a project
* [#security-hotspots](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#security-hotspots "mention"): search and review security hotspots
* [#coverage](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#coverage "mention"): find under-covered files and get line-by-line coverage details
* [#projects](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#projects "mention"): search projects and pull requests
* [#dependency-risks](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#dependency-risks "mention"): SCA issues found in a project
* [#context-augmentation](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools#context-augmentation "mention"): code architecture search, call flows, coding guidelines, and SCA dependency checks (SonarQube Cloud)

See the [tools](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools "mention") page for the full reference.

Some tools require SonarQube Cloud add-ons: [Agentic Analysis](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/agentic-analysis "mention") and [Context Augmentation](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/context-augmentation "mention").

## Data and telemetry

The SonarQube MCP Server collects anonymous usage data and sends it to Sonar to help improve the product. Sonar does not collect your IP address, does not collect your source code, and does not share the data with anyone else.

Collection of telemetry can be disabled with: `TELEMETRY_DISABLED=true`. See [this page in the source repository](https://github.com/SonarSource/sonarqube-mcp-server/blob/master/telemetry-sample.md) for a sample of the data collected.

## License

Licensed under the [SONAR Source-Available License v1.0](https://www.sonarsource.com/license/ssal/). Using the SonarQube MCP Server in compliance with this documentation is a Non-Competitive Purpose and so is allowed under the SSAL.

Your use of SonarQube via MCP is governed by the [SonarQube Cloud Terms of Service](https://www.sonarsource.com/legal/sonarcloud/terms-of-service/) or [SonarQube Server Terms and Conditions](https://www.sonarsource.com/legal/sonarqube/terms-and-conditions/), including use of the Results Data solely for your internal software development purposes.