SonarQube
Provides seamless integration with SonarQube Server or Cloud, and enables analysis of code snippets directly within the agent context
SonarQube MCP Server
The SonarQube MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with SonarQube Server or Cloud. It also enables the analysis of code snippet directly within the agent context.
Prerequisites
SonarQube MCP Server can be launched in two ways:
- With a Docker Container
- Requires: Docker installed.
- Directly from the JAR
- Requires: Java Development Kit (JDK) version 21 or later.
Installation
Building
Run the following Gradle command to clean the project, download analyzers, and build the application:
./gradlew clean build -x test
The JAR file will be created in build/libs/.
To create the Docker image, run the buildDocker task:
./gradlew clean buildDocker -x test
Usage
VS Code
Once the application is built locally (either as a JAR or a Docker image), you can use the following buttons to simplify the installation process within VS Code.
General cases
Alternatively, you can manually copy and paste the MCP configurations. Below are example snippets.
- Docker
{
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"sonarqube-mcp-server:<version>"
],
"env": {
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_ORG": "<org>"
}
}
}
- JAR
{
"sonarqube": {
"command": "java",
"args": [
"-jar",
"<path_to_sonarqube_mcp_server_jar>"
],
"env": {
"STORAGE_PATH": "<path_to_your_mcp_storage>",
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_ORG": "<org>"
}
}
}
Configuration
Depending on your environment, you should provide specific environment variables.
SonarQube Cloud
To enable full functionality, the following environment variables must be set before starting the server:
| Environment variable | Description |
|---|---|
SONARQUBE_TOKEN | Your SonarQube Cloud token |
SONARQUBE_ORG | Your SonarQube Cloud organization key |
SonarQube Server
| Environment variable | Description |
|---|---|
SONARQUBE_TOKEN | Your SonarQube Server USER token |
SONARQUBE_URL | Your SonarQube Server URL |
JAR
On top of the previous SonarQube environments, you should add the following variable when running the MCP Server via a JAR:
| Environment variable | Description |
|---|---|
STORAGE_PATH | An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence) |
Tools
Analysis
- analyze_code_snippet - Analyze a code snippet with SonarQube analyzers to find SonarQube issues in it.
codeSnippet- Code snippet or full file content - Required Stringlanguage- Optional language of the code snippet - String
Languages
- list_languages - List all programming languages supported in this instance
q- Optional pattern to match language keys/names against - String
Issues
-
change_sonar_issue_status - Change the status of a SonarQube issue to "accept", "falsepositive" or to "reopen" an issue
key- Issue key - Required Stringstatus- New issue's status - Required Enum {"accept", "falsepositive", "reopen"}
-
search_sonar_issues_in_projects - Search for SonarQube issues in my organization's projects
projects- Optional list of Sonar projects - String[]pullRequestId- Optional Pull Request's identifier - String
Measures
- get_component_measures - Get measures for a component (project, directory, file)
component- Optional component key to get measures for - Stringbranch- Optional branch to analyze for measures - StringmetricKeys- Optional metric keys to retrieve (e.g. nloc, complexity, violations, coverage) - String[]pullRequest- Optional pull request identifier to analyze for measures - String
Metrics
- search_metrics - Search for metrics
p- Optional 1-based page number (default: 1) - Integerps- Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer
Projects
- search_my_sonarqube_projects - Find Sonar projects in my organization
page- Optional page number - String
Quality Gates
-
get_project_quality_gate_status - Get the Quality Gate Status for the project
analysisId- Optional analysis ID - Stringbranch- Optional branch key - StringprojectId- Optional project ID - StringprojectKey- Optional project key - StringpullRequest- Optional pull request ID - String
-
list_quality_gates - List all quality gates in the organization
Rules
-
list_rule_repositories - List rule repositories available in SonarQube
language- Optional language key - Stringq- Optional search query - String
-
show_rule - Shows detailed information about a SonarQube rule
key- Rule key - Required String
Sources
-
get_raw_source - Get source code as raw text. Require 'See Source Code' permission on file
key- File key - Required Stringbranch- Optional branch key - StringpullRequest- Optional pull request id - String
-
get_scm_info - Get SCM information of source files. Require See Source Code permission on file's project
key- File key - Required Stringcommits_by_line- Group lines by SCM commit if value is false, else display commits for each line - Stringfrom- First line to return. Starts at 1 - Numberto- Last line to return (inclusive) - Number
System
Note: System tools are only available when connecting to SonarQube Server.
-
get_system_health - Get the health status of SonarQube Server instance
-
get_system_info - Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions
-
get_system_logs - Get SonarQube Server system logs in plain-text format. Requires system administration permission
name- Optional name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app - String
-
ping_system - Ping the SonarQube Server system to check if it's alive
-
get_system_status - Get state information about SonarQube Server
Data and telemetry
This server collects anonymous usage data and sends it to SonarSource to help improve the product. No source code or IP address is collected, and SonarSource does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. Click here to see a sample of the data that are collected.
License
Copyright 2025 SonarSource.
Licensed under the SONAR Source-Available License v1.0
Related Servers
21st.dev Magic
Create crafted UI components inspired by the best 21st.dev design engineers.
AgentRPC
Connect to any function, any language, across network boundaries using AgentRPC.
ALAPI
ALAPI MCP Tools,Call hundreds of API interfaces via MCP
APIMatic MCP
APIMatic MCP Server is used to validate OpenAPI specifications using APIMatic. The server processes OpenAPI files and returns validation summaries by leveraging APIMatic’s API.
Atla
Enable AI agents to interact with the Atla API for state-of-the-art LLMJ evaluation.
AWS CDK
Get prescriptive CDK advice, explain CDK Nag rules, check suppressions, generate Bedrock Agent schemas, and discover AWS Solutions Constructs patterns.
BrowserStack
Bring the full power of BrowserStack’s Test Platform to your AI tools, making testing faster and easier for every developer and tester on your team.
Bucket
Flag features, manage company data, and control feature access using Bucket.
Buildkite
Manage Buildkite pipelines and builds.
Chart
A Model Context Protocol server for generating visual charts using AntV.