# Environment variables
Depending on which Sonar product you want the MCP Server to connect to and the server type you want to deploy, you will need to provide different environment variables. The variables are broken into found main categories, dependent on your environment's needs.
## Common variables
*Common variables* are required for all configuration typologies and must be defined before starting the server. To enable full functionality irregardless of your [#transport-mode](https://docs.sonarsource.com/sonarqube-mcp-server/configure#transport-mode "mention"), use these variables to initialize and authenticate your SonarQube MCP Server:
| Environment variable | Description |
| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SONARQUBE\_DEBUG\_ENABLED | When set to `true`, enables debug logging. Debug logs are written to both the log file and STDERR. Default: `false`. Use this variable to troubleshoot connectivity or configuration issues. |
| SONARQUBE\_LOG\_TO\_FILE\_DISABLED | When set to `true`, disables writing logs to disk. No log files are created under `STORAGE_PATH/logs/`. Default: `false`. Typical use case: containerized or ephemeral environments where log files on disk are not needed. |
| SONARQUBE\_ORG | For SonarQube Cloud only.
Your SonarQube Cloud organization key
|
| SONARQUBE\_PROJECT\_KEY | Optional default project key used by all tools that require a project key. When set, the `projectKey` parameter is removed from the schemas of relevant tools. Typical use case: working on a single project. |
| SONARQUBE\_TOKEN | Your SonarQube Cloud token (see Managing Personal Access Tokens) or your SonarQube Server token (see Managing your tokens).
Deprecation notice (HTTP(S) transport): Passing the token via a SONARQUBE\_TOKEN HTTP header is deprecated. Use the Authorization: Bearer \ header instead. For stdio transport, SONARQUBE\_TOKEN as an environment variable is unchanged. See deprecations-and-removals for details.
|
| SONARQUBE\_URL | - Required when connecting to SonarQube Server and SonarQube Community Build: define as your Server base URL.
- Required when connecting to SonarQube Cloud in the US region: define as
- Not required to connect to SonarQube Cloud in the EU region: the default value is
|
{% hint style="warning" %}
*User tokens* are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if *project tokens*, *global tokens*, or *scoped organization tokens* are used during the setup process.
{% endhint %}
## Base variables
*Base variables* are used when building and running the MCP server locally. The server needs to know how to identify the client and where the local storage location can be found. These variables are required, or not, depending on your configuration, or if for example, you are running the container image:
| Environment variable | Description |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| STORAGE\_PATH | An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence). This path is automatically provided when using the container image. |
| SONARQUBE\_IDE\_PORT | Optional port number between 64120 and 64130 used to connect SonarQube MCP Server with SonarQube for IDE. |
## HTTP variables
*HTTP variables* are used when multiple clients are connecting to a shared MCP server. Each client provides its own user token.
{% hint style="danger" %}
The HTTP [#transport-mode](https://docs.sonarsource.com/sonarqube-mcp-server/configure#transport-mode "mention") is not recommended. Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/configure#stdio "mention") for local development or [#https](https://docs.sonarsource.com/sonarqube-mcp-server/configure#https "mention") for multi-user production deployments.
{% endhint %}
| Environment variable | Description | Default |
| --------------------- | ------------------------------------------------- | ------------------- |
| SONARQUBE\_TRANSPORT | Set to `http` to enable HTTP transport | not defined (stdio) |
| SONARQUBE\_HTTP\_HOST | Host to bind (defaults to localhost for security) | 127.0.0.1 |
| SONARQUBE\_HTTP\_PORT | Port number for HTTP server: 1024-65535 | 8080 |
If needed, information about HTTP and HTTPS [#proxy](https://docs.sonarsource.com/sonarqube-mcp-server/configure#proxy "mention") settings is available on the [configure](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure "mention") page.
## HTTPS variables
*HTTPS variables* are the same as [#http-variables](#http-variables "mention") but with TLS encryption. HTTPS variables require an [#ssl-certificate](#ssl-certificate "mention") however, redefining the keystore parameter default values is optional.
| Environment variable | Description | Default |
| --------------------- | --------------------------------------------------------------------------------------- | ------------------- |
| SONARQUBE\_TRANSPORT | Set to `https` to enable HTTPS transport | not defined (stdio) |
| SONARQUBE\_HTTP\_HOST | Host to bind. Use `127.0.0.1` for localhost. Use `0.0.0.0` for for the container image. | 127.0.0.1 |
| SONARQUBE\_HTTP\_PORT | Typically port 8443 for HTTPS. | 8080 |
If needed, information about HTTP and HTTPS [#proxy](https://docs.sonarsource.com/sonarqube-mcp-server/configure#proxy "mention") settings is available on the [configure](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure "mention") page.
## SSL certificate
| Environment variable | Description | Default |
|---|
| SONARQUBE_HTTPS_KEYSTORE_PASSWORD | Keystore password. Redefining the default value is optional. | sonarlint |
| SONARQUBE_HTTPS_KEYSTORE_PATH | Path to keystore file (.p12 or .jks). Redefining the default value is optional. | /etc/ssl/mcp/keystore.p12 |
| SONARQUBE_HTTPS_KEYSTORE_TYPE | Keystore type (PKCS12 or JKS). Redefining the default value is optional. | PKCS12 |
| | |
See also the [#custom-certificates](https://docs.sonarsource.com/sonarqube-mcp-server/configure#custom-certificates "mention") article for information about supported formats and using the container image with custom configurations of your certificate.
## SOCKS5 proxy
SOCKS5 proxies are supported.
| Property | Description | Default | Example |
| ------------------------- | ---------------------------------- | ------- | ------------ |
| `socksProxyHost` | SOCKS5 proxy hostname | — | `localhost` |
| `socksProxyPort` | SOCKS5 proxy port | `1080` | `1080` |
| `java.net.socks.username` | SOCKS5 username (if auth required) | — | `myuser` |
| `java.net.socks.password` | SOCKS5 password (if auth required) | — | `mypassword` |
## Tool enablement
By default, only important toolsets are enabled to reduce context overhead. You can enable additional toolsets as needed.
| Environment variable | Description |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SONARQUBE\_TOOLSETS | Comma-separated list of toolsets to enable. When defined, only the listed toolsets will be available. If not defined, default important toolsets are enabled (analysis, issues, projects, quality-gates, rules, duplications, measures, security-hotspots, dependency-risks, coverage, cag).
Note: The projects toolset is always enabled because it's required to find project keys for other operations.
|
| SONARQUBE\_READ\_ONLY | When set to true, enables read-only mode which disables all write operations; for example, changing issue status. This filter is cumulative with SONARQUBE\_TOOLSETS if both are defined.
Default: false.
|
Available toolsets
| Toolset | Key | Description |
|---|
| Analysis | analysis | Code analysis tools (analyze code snippets and files) |
| Context Augmentation | cag | Context Augmentation tools for guiding AI agents with architectural awareness and coding guidelines |
| Coverage | coverage | Test coverage analysis and improvement tools |
| Dependency Risks | dependency-risks | Analyze dependency risks and security issues (SCA) |
| Duplications | duplications | Find code duplications across projects |
| Issues | issues | Search and manage SonarQube issues |
| Languages | languages | List supported programming languages |
| Measures | measures | Retrieve metrics and measures (includes both measures and metrics tools) |
| Portfolios | portfolios | Manage portfolios and enterprises (SonarQube Cloud and Server) |
| Projects | projects | Browse and search SonarQube projects |
| Quality Gates | quality-gates | Access quality gates and their status |
| Rules | rules | Browse and search SonarQube rules |
| Security Hotspots | security-hotspots | Search and review Security Hotspots |
| Sources | sources | Access source code and SCM information |
| System | system | System administration tools (SonarQube Server only) |
| Webhooks | webhooks | Manage webhooks |
**Toolset examples**
{% hint style="info" %}
Although the examples below use `docker`, any OCI-compatible container runtime works (for example, Podman, nerdctl, etc). Simply replace `docker` with commands specific to your preferred tool.
{% endhint %}
{% hint style="success" %}
SONARQUBE\_URL should be defined as `https://sonarqube.us` each time you use a SonarQube Cloud configuration (SONARQUBE\_TOKEN + SONARQUBE\_ORG) and want to connect to US instance. See the [#common-variables](#common-variables "mention") article which explains when to use these variables.
{% endhint %}
**Enable analysis, issues, and quality gates toolsets (using Docker with SonarQube Cloud):**
```bash
docker run -i --init --pull=always --name sonarqube-mcp-server --rm \
-e SONARQUBE_TOKEN="" \
-e SONARQUBE_ORG="" \
-e SONARQUBE_TOOLSETS="analysis,issues,quality-gates" \
mcp/sonarqube
```
* Note: The `projects` toolset is always enabled automatically, so you don't need to include it in `SONARQUBE_TOOLSETS`.
**Enable read-only mode (using Docker with SonarQube Cloud):**
```bash
docker run -i --init --pull=always --name sonarqube-mcp-server --rm \
-e SONARQUBE_TOKEN="" \
-e SONARQUBE_ORG="" \
-e SONARQUBE_READ_ONLY="true" \
mcp/sonarqube
```
{% hint style="warning" %}
*User tokens* are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if *project tokens*, *global tokens*, or *scoped organization tokens* are used during the setup process.
{% endhint %}