# GitHub Copilot cloud agent

The [GitHub Copilot cloud agent](https://docs.github.com/en/copilot/concepts/agents/cloud-agent/about-cloud-agent) is an autonomous AI agent that operates inside your GitHub repository and CI/CD environment. Use this MCP server setup when you want Sonar tools available to the cloud agent during pull request workflows and automated tasks.

If you prefer using a centrally managed MCP server, see the [#mcp-server-in-sonarqube-cloud](#mcp-server-in-sonarqube-cloud "mention") article below.

## Set up MCP for the GitHub Copilot cloud agent

### Environment variables

The cloud agent uses GitHub repository secrets to supply environment variables to the MCP server. Only secrets with names prefixed with `COPILOT_MCP_` are available to your MCP configuration. To add secrets to your Copilot environment, follow the GitHub [documentation on Setting up a Copilot environment for Copilot cloud agent](https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/extend-cloud-agent-with-mcp#setting-up-a-copilot-environment-for-copilot-cloud-agent).

The following [#common-variables](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/environment-variables#common-variables "mention") are required, stored as `COPILOT_MCP_`-prefixed secrets:

* `SONARQUBE_TOKEN`: Your SonarQube user token (stdio transport).
* `SONARQUBE_ORG`: Your SonarQube Cloud organization key. Required for SonarQube Cloud only.
* `SONARQUBE_URL`: Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (`https://sonarqube.us`). Not needed for SonarQube Cloud in the EU region.

### Transport options

The SonarQube MCP Server supports three transport modes. Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") for local development and most use cases, [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention") for production and team deployments, and [#http](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http "mention") only on trusted internal networks.

#### Stdio (recommended)

Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") when the cloud agent needs to spin up its own MCP server process within the CI/CD environment. It is also the transport used by [Agentic Analysis and Context Augmentation](#agentic-analysis-and-context-augmentation).

In your GitHub repository, navigate to **Settings** > **Code, planning, and automation** > **Copilot** > **Cloud agent** and add the following configuration in the MCP configuration section:

{% hint style="warning" %}
*User tokens* are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if *project tokens*, *global tokens*, or *scoped organization tokens* are used during the setup process.
{% endhint %}

{% hint style="info" %}
This code sample configures the MCP server using [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") transport, where `SONARQUBE_TOKEN` is passed as an environment variable.

For [#http](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http "mention"), [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention"), or the [#mcp-server-in-sonarqube-cloud](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#mcp-server-in-sonarqube-cloud "mention"), the `SONARQUBE_TOKEN` header is deprecated. Pass the token using the `"Authorization": "Bearer <YourSonarQubeUserToken>"` header instead.
{% endhint %}

**GitHub Copilot cloud agent with SonarQube Cloud**

```json
{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_ORG=$SONAR_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONAR_ORG": "COPILOT_MCP_SONARQUBE_ORG",
        //"SONAR_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}
```

{% hint style="success" %}
To connect to a SonarQube Cloud organization in the US region, add `https://sonarqube.us` as a [secret in your Copilot cloud agent environment](https://docs.github.com/en/copilot/how-tos/copilot-on-github/customize-copilot/customize-cloud-agent/extend-cloud-agent-with-mcp#adding-an-mcp-configuration-to-your-repository), and uncomment the `"SONAR_URL"` variable in the code sample above. See the [#common-variables](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/environment-variables#common-variables "mention") article which explains when to use these variables.
{% endhint %}

**GitHub Copilot cloud agent with SonarQube Server**

```json
{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_URL=$SONAR_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONAR_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}
```

#### HTTPS

Use HTTPS when connecting the cloud agent to a shared MCP server deployed for a team. This requires an [HTTPS transport server](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https) to be running and accessible.

In your GitHub repository, navigate to **Settings** > **Code, planning, and automation** > **Copilot** > **Cloud agent** and add the following configuration in the MCP configuration section:

```json
{
  "mcpServers": {
    "sonarqube": {
      "url": "https://<YourSonarQubeMCPServer>:8443/mcp",
      "headers": {
        "Authorization": "Bearer COPILOT_MCP_SONARQUBE_TOKEN"
      },
      "tools": ["*"]
    }
  }
}
```

#### HTTP

{% hint style="danger" %}
The HTTP [#transport-mode](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#transport-mode "mention") is not recommended. Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") for local development or [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention") for multi-user production deployments.
{% endhint %}

Use HTTP only on a trusted internal network or for local testing. This requires an [HTTP transport server](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http) to be running.

In your GitHub repository, navigate to **Settings** > **Code, planning, and automation** > **Copilot** > **Cloud agent** and add the following configuration in the MCP configuration section:

```json
{
  "mcpServers": {
    "sonarqube": {
      "url": "http://<YourSonarQubeMCPServer>:8080/mcp",
      "headers": {
        "Authorization": "Bearer COPILOT_MCP_SONARQUBE_TOKEN"
      },
      "tools": ["*"]
    }
  }
}
```

## Agentic Analysis and Context Augmentation

When using SonarQube Cloud's Agentic Analysis and Context Augmentation services, your `SONARQUBE_TOKEN` will allow your local MCP server configured for [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") mode to authenticate to the SonarQube Cloud API. See the SonarQube Cloud pages [Agentic Analysis](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/agentic-analysis "mention") and [Context Augmentation](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/context-augmentation "mention") to get the correct configuration details.

## MCP Server in SonarQube Cloud

Use the embedded SonarQube Cloud MCP server to avoid running and maintaining your own MCP infrastructure while always using the current server version. The embedded server exposes a smaller, fixed subset of tools; for the available toolsets and configuration details, check SonarQube Cloud's [MCP Server #MCP Server in SonarQube Cloud](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/ai-capabilities/sonarqube-mcp-server#mcp-server-in-sonarqube-cloud "mention") page.

## Use Sonar tools from the cloud agent

Once connected, the GitHub Copilot cloud agent can call SonarQube MCP tools during its automated workflows. See the [tools](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools "mention") page for the full list of available tools.

{% hint style="info" %}
Concrete workflow examples for this agent will be added after engineering review.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-mcp-server/quickstart-guide/github-copilot-cloud-agent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.