search
Get Started

Configure your SonarQube MCP server

This page outlines the various transport modes available when running the SonarQUbe MCP Server, which allows its integration with SonarQube for IDE and a variety of other clients.

No matter if you're looking for a configuration for single-users (Stdio), multi-user (HTTP), or secure multi-client (HTTPS) configurations, the SonarQube MCP Server has you covered. On this page, you'll find container image examples for setup with SonarQube Cloud and SonarQube Server, including requirements for user tokens and handling of custom certificates and proxies.

If you're unable to use a container image to deploy your MCP server, please see the Build your SonarQube MCP Server page for alternatives.

hashtag
Overview

The SonarQube MCP Server uses Stdio when running a local configuration. This configuration is designed for single-user access however, it's possible to manage your MCP server using a Transport mode configuration, designed for shared access across a network using HTTP or HTTPS connection protocols.

hashtag
Transport mode

Once configured, your MCP server is hosted on a local network and can handle connections from multiple users; all of your team's developers can access the same MCP server and reduces the need for multiple unique configurations. For more information about how HTTP transport works, please see the Model Context Protocol documentation on Transportsarrow-up-right.

The SonarQube MCP Server supports three transport modes:

  1. Stdio is the default mode. This is the default mode, designed for single-user setups using command line tools or MCP clients.

  2. HTTP is an unencrypted transport mode that can enable multiple client connections to a remote HTTP server. Each client provides its own user token. This transport mode is not recommended. Use Stdio for local development or HTTPS for multi-user production deployments.

  3. HTTPS is also for multi-user production environments and uses a security protocol. This mode is the same as HTTP plus TLS encryption. The use of SSL certificates is required.

hashtag
Stdio

Stdio is the default mode for local development and single-user set ups used by all MCP clients. The Common variables are required to initialize any transport mode you choose.

circle-info

Although the examples below use docker, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace docker with commands specific to your preferred tool.

Docker example

Use this code sample when using the container image to configure your MCP HTTP server for integrating with SonarQube Cloud.

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeUserToken>",
        "SONARQUBE_ORG": "<YourSonarQubeOrganization>"
      }
    }
  }
}
circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

hashtag
HTTP

triangle-exclamation

The HTTP Transport mode is not recommended. Use Stdio for local development or HTTPS for multi-user production deployments.

Enable HTTP transport for unencrypted multi-user scenarios where more than one client will connect to a shared server. The Common variables are required for initialization, in addition to the listed HTTP variables that clients will need to access the server.

Once set up, each client must provide its own user token for access.

hashtag
HTTPS

HTTPS configurations are very similar to HTTP but require SSL certificates.

  • For local development, use HTTP instead of HTTPS to avoid SSL certificate issues.

  • For production deployments with proper SSL certificates from a trusted CA, use HTTPS.

Docker example

Use this code sample when using the container image to configure your MCP HTTPS server for integrating with SonarQube Cloud. The server uses the SONARQUBE_TOKEN one time, only for initialization.

circle-info

Although the examples below use docker, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace docker with commands specific to your preferred tool.

circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

Client configuration

When connecting to the HTTP or HTTPS transport server, clients must include the SONARQUBE_TOKEN header in all requests. The server uses the SONARQUBE_TOKEN only for initialization.

circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

hashtag
Custom certificates

If your instance of SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the container.

hashtag
Supported certificate formats

The container supports the following certificate formats:

  • .crt files (PEM or DER encoded)

  • .pem files (PEM encoded)

circle-info

Although the examples below use docker, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace docker with commands specific to your preferred tool.

chevron-rightUsing a Volume Mounthashtag

Mount a directory containing your certificates when running the container:

circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

chevron-rightCustom certificateshashtag

When using custom certificates, you can modify your MCP configuration to mount the certificates. Here an example when connecting to SonarQube Server or SonarQube Community Build:

circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

hashtag
Proxy

The SonarQube MCP Server supports HTTP proxies through standard Java proxy system properties.

chevron-rightConfigure proxy settingshashtag

You can configure proxy settings using Java system properties. These can be set as environment variables or passed as JVM arguments.

hashtag
Common proxy properties

Property
Description
Example

http.proxyHost

HTTP proxy hostname

proxy.example.com

http.proxyPort

HTTP proxy port

8080

https.proxyHost

HTTPS proxy hostname

proxy.example.com

https.proxyPort

HTTPS proxy port

8443

http.nonProxyHosts

Hosts that bypass the proxy (pipe-separated)

localhost|127.0.0.1|*.internal.com

hashtag
Proxy authentication

If your proxy requires authentication, the SonarQube MCP Server uses Java's standard authentication mechanism. You can set up proxy credentials using Java system properties:

Property
Description
Example

http.proxyPassword

HTTP proxy password

yourpassword

http.proxyUser

HTTP proxy username

yourusername

https.proxyPassword

HTTPS proxy password

yourpassword

https.proxyUser

HTTPS proxy username

yourusername

PreviousEnvironment variablesNextUsing SonarQube MCP Server

Last updated

Was this helpful?