Configure your SonarQube MCP server

This page outlines the various transport modes available when running the SonarQUbe MCP Server, which allows its integration with SonarQube for IDE and a variety of other clients.

No matter if you're looking for a configuration for single-users (Stdio), multi-user (HTTP), or secure multi-client (HTTPS) configurations, the SonarQube MCP Server has you covered. On this page, you'll find Docker examples for setup with SonarQube Cloud and SonarQube Server, including requirements for user tokens and handling of custom certificates and proxies.

If you're unable to use Docker to deploy your MCP server, please see the Build your SonarQube MCP Server page for alternatives.

Overview

The SonarQube MCP Server uses Stdio when running a local configuration. This configuration is designed for single-user access however, it's possible to manage your MCP server using a Transport mode configuration, designed for shared access across a network using HTTP or HTTPS connection protocols.

Transport mode

Once configured, your MCP server is hosted on a local network and can handle connections from multiple users; all of your team's developers can access the same MCP server and reduces the need for multiple unique configurations. For more information about how HTTP transport works, please see the Model Context Protocol documentation on Transports.

The SonarQube MCP Server supports three transport modes:

  1. Stdio is the default mode. This is the default mode, designed for single-user setups using command line tools or MCP clients.

  2. HTTP is for multi-user local development. This mode enables multiple client connections to a remote HTTP server. Each client provides its own user token.

  3. HTTPS is also for multi-user production environments and uses a security protocol. This mode is the same as HTTP plus TLS encryption. The use of SSL certificates is required.

Stdio

Stdio is the default mode for single-user set ups using command-line tools or the SonarQube MCP Server. The Common variables are required to initialize any transport mode you choose.

Docker example

Use this code sample when using Docker to configure your MCP HTTP server for integrating with SonarQube Cloud.

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": ["run", "--name", "sonarqube-mcp-server", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourSonarQubeOrganization>"
      }
    }
  }
}

HTTP

Enable HTTP transport for multi-user scenarios where more than one client will connect to a shared server. The Common variables are required for initialization, in addition to the listed HTTP variables that clients will need to access the server.

Once set up, each client must provide its own user token for access.

Docker example

Use this code sample when using Docker to configure your MCP HTTP server for integrating with SonarQube Cloud. The server uses the SONARQUBE_TOKEN one time, only for initialization.

# Start server (requires token for initialization)
docker run --name sonarqube-mcp-server -p 8080:8080 \
  -e SONARQUBE_TRANSPORT=http \
  -e SONARQUBE_HTTP_HOST=0.0.0.0 \
  -e SONARQUBE_TOKEN="<YourSonarQubeToken>" \
  -e SONARQUBE_ORG="<YourSonarQubeOrganization>" \
  mcp/sonarqube

Client configuration

When connecting to the HTTP or HTTPS transport server, clients must include the SONARQUBE_TOKEN header in all requests. 

{
  "mcpServers": {
    "sonarqube-http": {
      "url": "http://127.0.0.1:8080/mcp",
      "headers": {
        "SONARQUBE_TOKEN": "<YourSonarQubeOrganization>"
      }
    }
  }
}

HTTPS

HTTPS configurations are very similar to HTTP but require SSL certificates.

  • For local development, use HTTP instead of HTTPS to avoid SSL certificate issues.

  • For production deployments with proper SSL certificates from a trusted CA, use HTTPS.

Docker example

Use this code sample when using Docker to configure your MCP HTTPS server for integrating with SonarQube Cloud. The server uses the SONARQUBE_TOKEN one time, only for initialization.

# Start server (requires token for initialization)  
docker run --name sonarqube-mcp-server -p 8443:8443 \
  -v $(pwd)/keystore.p12:/etc/ssl/mcp/keystore.p12:ro \
  -e SONARQUBE_TRANSPORT=https \
  -e SONARQUBE_HTTP_HOST=0.0.0.0 \
  -e SONARQUBE_HTTP_PORT=8443 \
  -e SONARQUBE_TOKEN="<YourSonarQubeToken>" \
  -e SONARQUBE_ORG="<YourSonarQubeOrganization>" \
  mcp/sonarqube

Client configuration

When connecting to the HTTP or HTTPS transport server, clients must include the SONARQUBE_TOKEN header in all requests. The server uses the SONARQUBE_TOKEN only for initialization.

{
  "mcpServers": {
    "sonarqube-https": {
      "url": "https://127.0.0.1:8443/mcp",
      "headers": {
        "SONARQUBE_TOKEN": "<YourSonarQubeUserToken>"
      }
    }
  }
}

User tokens are required when setting up connected mode or an MCP Server between SonarQube Server and SonarQube for IDE. Note that binding will not function properly if SonarQube Server project tokens or global tokens are used during the setup process.

Custom certificates

If your SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the Docker container that will automatically be installed.

Supported certificate formats

The container supports the following certificate formats:

  • .crt files (PEM or DER encoded)

  • .pem files (PEM encoded)

Using Docker Volume Mount

Mount a directory containing your certificates when running the container:

docker run -i --name sonarqube-mcp-server --rm \
  -v /path/to/your/certificates/:/usr/local/share/ca-certificates/:ro \
  -e SONARQUBE_TOKEN="<YourSonarQubeUserToken>" \
  -e SONARQUBE_URL="<YourSonarQubeURL>" \
  mcp/sonarqube

User tokens are required when setting up connected mode or an MCP Server between SonarQube Server and SonarQube for IDE. Note that binding will not function properly if SonarQube Server project tokens or global tokens are used during the setup process.

Custom certificates

When using custom certificates, you can modify your MCP configuration to mount the certificates. Here an example when connecting to SonarQube Server or SonarQube Community Build:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--name",
      "sonarqube-mcp-server",
      "--rm",
      "-v",
      "/path/to/your/certificates/:/usr/local/share/ca-certificates/:ro",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<YourSonarQubeUserToken>",
      "SONARQUBE_URL": "<YourSonarQubeURL>"
    }
  }
}

User tokens are required when setting up connected mode or an MCP Server between SonarQube Server and SonarQube for IDE. Note that binding will not function properly if SonarQube Server project tokens or global tokens are used during the setup process.

Proxy

The SonarQube MCP Server supports HTTP proxies through standard Java proxy system properties.

Configure proxy settings

You can configure proxy settings using Java system properties. These can be set as environment variables or passed as JVM arguments.

Common proxy properties

Property
Description
Example

http.proxyHost

HTTP proxy hostname

proxy.example.com

http.proxyPort

HTTP proxy port

8080

https.proxyHost

HTTPS proxy hostname

proxy.example.com

https.proxyPort

HTTPS proxy port

8443

http.nonProxyHosts

Hosts that bypass the proxy (pipe-separated)

localhost|127.0.0.1|*.internal.com

Proxy authentication

If your proxy requires authentication, the SonarQube MCP Server uses Java's standard authentication mechanism. You can set up proxy credentials using Java system properties:

Property
Description
Example

http.proxyPassword

HTTP proxy password

yourpassword

http.proxyUser

HTTP proxy username

yourusername

https.proxyPassword

HTTPS proxy password

yourpassword

https.proxyUser

HTTPS proxy username

yourusername

PreviousEnvironment variablesNextUsing SonarQube MCP Server

Last updated

Was this helpful?