# VS Code with GitHub Copilot [VS Code with GitHub Copilot](https://code.visualstudio.com/docs/copilot/overview) is Microsoft's AI-assisted coding experience in Visual Studio Code. Use this MCP server setup when you want Sonar tools available in the Copilot Chat agent mode while you code. To use the SonarQube MCP server in VS Code, you must first install [Copilot Chat](https://code.visualstudio.com/docs/copilot/copilot-chat). If you prefer using a centrally managed MCP server, see the [#mcp-server-in-sonarqube-cloud](#mcp-server-in-sonarqube-cloud "mention") article below. ## Set up MCP for VS Code ### Environment variables The following [#common-variables](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/environment-variables#common-variables "mention") are required. Note that `SONARQUBE_TOKEN` applies to stdio transport only. For HTTP, HTTPS, or the embedded SonarQube Cloud MCP server, use the `Authorization: Bearer ` header instead. * `SONARQUBE_TOKEN`: Your SonarQube user token (stdio transport). * `SONARQUBE_ORG`: Your SonarQube Cloud organization key. Required for SonarQube Cloud only. * `SONARQUBE_URL`: Your SonarQube Server or Community Build URL. Also required for SonarQube Cloud in the US region (`https://sonarqube.us`). Not needed for SonarQube Cloud in the EU region. {% hint style="danger" %} Your SonarQube token is a sensitive credential. Use environment variables to pass tokens rather than hardcoding them in configuration files. Never commit tokens to version control. {% endhint %} ### Transport options The SonarQube MCP Server supports three transport modes. Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") for local development and most use cases, [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention") for production and team deployments, and [#http](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http "mention") only on trusted internal networks. #### Stdio (recommended) Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") for local development or when you are the only user. It is also the transport used by [Agentic Analysis and Context Augmentation](#agentic-analysis-and-context-augmentation). **Automatic configuration** When you're using an AI-enabled IDE such as Cursor, Windsurf, or VS Code with Copilot enabled, and have already completed your [Connected mode setup](https://app.gitbook.com/s/6LPRABg3ubAJhpfR5K0Y/connect-your-ide/setup "mention") in SonarQube for IDE with SonarQube Server or SonarQube Cloud, a quick select button is available. * Select the icon, **Configure MCP Server** from the **CONNECTED MODE** view window to use your connected mode credentials to start using the SonarQube MCP Server. The same workflow is available in the **AI AGENTS CONFIGURATION** view. If you've connected to a SonarQube Cloud organization in the US region, the configuration details will be shared. **Quick configuration** Use the following link to quickly set up the SonarQube MCP Server in VS Code. This generates a configuration file and automatically fills it with your environment variables. Make sure your environment variables are configured first. * [Connect to SonarQube Cloud](https://insiders.vscode.dev/redirect/mcp/install?name=sonarqube\&inputs=%5B%7B%22id%22%3A%22SONARQUBE_TOKEN%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Cloud%20Token%22%2C%22password%22%3Atrue%7D%2C%7B%22id%22%3A%22SONARQUBE_ORG%22%2C%22type%22%3A%22promptString%22%2C%22description%22%3A%22SonarQube%20Cloud%20Organization%20Key%22%2C%22password%22%3Afalse%7D%5D\&config=%7B%22command%22%3A%22docker%22%2C%22args%22%3A%5B%22run%22%2C%22-i%22%2C%22--rm%22%2C%22-e%22%2C%22SONARQUBE_TOKEN%22%2C%22-e%22%2C%22SONARQUBE_ORG%22%2C%22mcp%2Fsonarqube%22%5D%2C%22env%22%3A%7B%22SONARQUBE_TOKEN%22%3A%22%24%7Binput%3ASONARQUBE_TOKEN%7D%22%2C%22SONARQUBE_ORG%22%3A%22%24%7Binput%3ASONARQUBE_ORG%7D%22%7D%7D) You can also find the [SonarQube MCP Server](https://github.com/mcp/SonarSource/sonarqube-mcp-server) in the GitHub MCP Registry, or search for it in VS Code Extensions using the term `@mcp sonar` to find an **Install** button. **Manual configuration** Follow the [VS Code instructions](https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_add-an-mcp-server) and add the SonarQube MCP Server to your `.vscode/mcp.json` file. For more information on the environment variables and how to retrieve the token and organization information, see the [environment-variables](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/environment-variables "mention") page. {% hint style="warning" %} *User tokens* are required when setting up connected mode or an MCP Server between SonarQube (Server, Cloud) and SonarQube for IDE. Note that the binding will not function properly if *project tokens*, *global tokens*, or *scoped organization tokens* are used during the setup process. {% endhint %} {% hint style="info" %} This code sample configures the MCP server using [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") transport, where `SONARQUBE_TOKEN` is passed as an environment variable. For [#http](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http "mention"), [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention"), or the [#mcp-server-in-sonarqube-cloud](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#mcp-server-in-sonarqube-cloud "mention"), the `SONARQUBE_TOKEN` header is deprecated. Pass the token using the `"Authorization": "Bearer "` header instead. {% endhint %} **VS Code with SonarQube Cloud** ```json { "mcp": { "servers": { "sonarqube": { "command": "docker", "args": [ "run", "-i", "--rm", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", //"-e", //"SONARQUBE_URL", "mcp/sonarqube" ], "env": { "SONARQUBE_TOKEN": "", "SONARQUBE_ORG": "", //"SONARQUBE_URL": "https://sonarqube.us" } } } } } ``` {% hint style="success" %} SONARQUBE\_URL should be defined as `https://sonarqube.us` each time you use a SonarQube Cloud configuration (SONARQUBE\_TOKEN + SONARQUBE\_ORG) and want to connect to US instance. See the [#common-variables](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/environment-variables#common-variables "mention") article which explains when to use these variables. {% endhint %} **VS Code with SonarQube Server** ```json { "mcp": { "servers": { "sonarqube": { "command": "docker", "args": [ "run", "-i", "--rm", "--init", "--pull=always", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "mcp/sonarqube" ], "env": { "SONARQUBE_TOKEN": "", "SONARQUBE_URL": "" } }, } } } ``` #### HTTPS Use HTTPS when connecting VS Code to a shared MCP server deployed for a team. This requires an [HTTPS transport server](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https) to be running and accessible. Add the following to your `.vscode/mcp.json` file: ```json { "mcp": { "servers": { "sonarqube": { "url": "https://:8443/mcp", "headers": { "Authorization": "Bearer " } } } } } ``` #### HTTP {% hint style="danger" %} The HTTP [#transport-mode](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#transport-mode "mention") is not recommended. Use [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") for local development or [#https](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#https "mention") for multi-user production deployments. {% endhint %} Use HTTP only on a trusted internal network or for local testing. This requires an [HTTP transport server](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#http) to be running. Add the following to your `.vscode/mcp.json` file: ```json { "mcp": { "servers": { "sonarqube": { "url": "http://:8080/mcp", "headers": { "Authorization": "Bearer " } } } } } ``` ## Agentic Analysis and Context Augmentation When using SonarQube Cloud's Agentic Analysis and Context Augmentation services, your `SONARQUBE_TOKEN` will allow your local MCP server configured for [#stdio](https://docs.sonarsource.com/sonarqube-mcp-server/build-and-configure/configure#stdio "mention") mode to authenticate to the SonarQube Cloud API. See the SonarQube Cloud pages [Agentic Analysis](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/agentic-analysis "mention") and [Context Augmentation](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/analyzing-source-code/context-augmentation "mention") to get the correct configuration details. ## MCP Server in SonarQube Cloud Use the embedded SonarQube Cloud MCP server to avoid running and maintaining your own MCP infrastructure while always using the current server version. The embedded server exposes a smaller, fixed subset of tools; for the available toolsets and configuration details, check SonarQube Cloud's [MCP Server #MCP Server in SonarQube Cloud](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/ai-capabilities/sonarqube-mcp-server#mcp-server-in-sonarqube-cloud "mention") page. ## Use Sonar tools from VS Code Once connected, you can use the tools provided by the SonarQube MCP Server in agent mode. See the [tools](https://docs.sonarsource.com/sonarqube-mcp-server/using/tools "mention") page for the full list of available tools. See also the [VS Code documentation](https://code.visualstudio.com/docs/copilot/chat/mcp-servers#_use-mcp-tools-in-agent-mode) for more information about using MCP servers in VS Code. {% hint style="info" %} Concrete workflow examples for this IDE will be added after engineering review. {% endhint %}