search
Get Started

GitHub Copilot coding agent

Set up the SonarQube MCP Server with the GitHub Copilot coding agent and start using Sonar tools in your CI/CD environment.

The GitHub Copilot coding agentarrow-up-right is an autonomous AI agent that operates inside your GitHub repository and CI/CD environment. Use this setup when you want Sonar tools available to the coding agent during pull request workflows and automated tasks.

hashtag
Set up MCP for the GitHub Copilot coding agent

hashtag
Environment variables

The coding agent uses GitHub repository secrets to supply environment variables to the MCP server. Only secrets with names prefixed with COPILOT_MCP_ are available to your MCP configuration. To add secrets to your Copilot environment, follow the GitHub documentation on setting up a Copilot environment for the coding agentarrow-up-right.

The following Common variables are required, stored as COPILOT_MCP_-prefixed secrets:

  • SONARQUBE_TOKEN: Your SonarQube user token (stdio transport).

  • SONARQUBE_ORG: Your SonarQube Cloud organization key. Required for SonarQube Cloud only.

  • SONARQUBE_URL: Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (https://sonarqube.us). Not needed for SonarQube Cloud in the EU region.

hashtag
Connection and transport

In your GitHub repository, navigate to Settings > Code & automation > Copilot > Coding agent and add the following configuration in the MCP configuration section:

circle-exclamation

User tokens are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if project tokens, global tokens, or scoped organization tokens are used during the setup process.

circle-info

This code sample configures the MCP server using Stdio transport, where SONARQUBE_TOKEN is passed as an environment variable.

For HTTP, HTTPS, or the MCP Server in SonarQube Cloud, the SONARQUBE_TOKEN header is deprecated. Pass the token using the "Authorization": "Bearer <YourSonarQubeUserToken>" header instead.

GitHub Copilot coding agent with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--init",
        "--pull=always",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_ORG=$SONAR_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_<YourSonarQubeUserToken>",
        "SONAR_ORG": "COPILOT_MCP_<YourOrganizationName>",
        //"SONAR_URL": "COPILOT_MCP_SONAR_URL"
      },
      "tools": ["*"]
    }
  }
}
circle-check

To connect to a SonarQube Cloud organization in the US region, add https://sonarqube.us as a secret in your Copilot coding agent environmentarrow-up-right, and uncomment the "SONAR_URL" variable in the code sample above. See the Common variables article which explains when to use these variables.

GitHub Copilot coding agent with SonarQube Server

hashtag
Use Sonar tools from the coding agent

Once connected, the GitHub Copilot coding agent can call SonarQube MCP tools during its automated workflows. See the Tools page for the full list of available tools.

circle-info

Concrete workflow examples for this agent will be added after engineering review.

PreviousGitHub Copilot CLINextKiro

Last updated

Was this helpful?