Provides seamless integration with SonarQube Server or Cloud, and enables analysis of code snippets directly within the agent context
The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.
The simplest method is to rely on our Docker image hosted at mcp/sonarqube. Read below for how to build locally.
You can use the following buttons to simplify the installation process within VS Code.
SonarQube MCP Server is available as a Windsurf plugin. Follow these instructions:
Plugins
button at the top right of the Cascade viewsonarqube
on the Plugin storeInstall
You can manually install the SonarQube MCP server by copying the following snippet in the MCP servers configuration file:
{
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_ORG": "<org>"
}
}
}
{
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_URL",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_URL": "<url>"
}
}
}
SonarQube MCP Server requires a Java Development Kit (JDK) version 21 or later to build.
Run the following Gradle command to clean the project and build the application:
./gradlew clean build -x test
The JAR file will be created in build/libs/
.
You will then need to manually copy and paste the MCP configuration, as follows:
{
"sonarqube": {
"command": "java",
"args": [
"-jar",
"<path_to_sonarqube_mcp_server_jar>"
],
"env": {
"STORAGE_PATH": "<path_to_your_mcp_storage>",
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_ORG": "<org>"
}
}
}
{
"sonarqube": {
"command": "java",
"args": [
"-jar",
"<path_to_sonarqube_mcp_server_jar>"
],
"env": {
"STORAGE_PATH": "<path_to_your_mcp_storage>",
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_URL": "<url>"
}
}
}
Depending on your environment, you should provide specific environment variables.
You should add the following variable when running the MCP Server:
Environment variable | Description |
---|---|
STORAGE_PATH | An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence) |
To enable full functionality, the following environment variables must be set before starting the server:
Environment variable | Description |
---|---|
SONARQUBE_TOKEN | Your SonarQube Cloud token |
SONARQUBE_ORG | Your SonarQube Cloud organization key |
Environment variable | Description |
---|---|
SONARQUBE_TOKEN | Your SonarQube Server USER token |
SONARQUBE_URL | Your SonarQube Server URL |
If your SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the Docker container that will automatically be installed.
Mount a directory containing your certificates when running the container:
docker run -i --rm \
-v /path/to/your/certificates/:/usr/local/share/ca-certificates/:ro \
-e SONARQUBE_TOKEN="<token>" \
-e SONARQUBE_URL="<url>" \
mcp/sonarqube
The container supports the following certificate formats:
.crt
files (PEM or DER encoded).pem
files (PEM encoded)When using custom certificates, you can modify your MCP configuration to mount the certificates:
{
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v",
"/path/to/your/certificates/:/usr/local/share/ca-certificates/:ro",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_URL",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_TOKEN": "<token>",
"SONARQUBE_URL": "<url>"
}
}
}
codeSnippet
- Code snippet or full file content - Required Stringlanguage
- Optional language of the code snippet - Stringq
- Optional pattern to match language keys/names against - Stringchange_sonar_issue_status - Change the status of a SonarQube issue to "accept", "falsepositive" or to "reopen" an issue
key
- Issue key - Required Stringstatus
- New issue's status - Required Enum {"accept", "falsepositive", "reopen"}search_sonar_issues_in_projects - Search for SonarQube issues in my organization's projects
projects
- Optional list of Sonar projects - String[]pullRequestId
- Optional Pull Request's identifier - Stringp
- Optional page number (default: 1) - Integerps
- Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integercomponent
- Optional component key to get measures for - Stringbranch
- Optional branch to analyze for measures - StringmetricKeys
- Optional metric keys to retrieve (e.g. nloc, complexity, violations, coverage) - String[]pullRequest
- Optional pull request identifier to analyze for measures - Stringp
- Optional page number (default: 1) - Integerps
- Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integerpage
- Optional page number - Stringget_project_quality_gate_status - Get the Quality Gate Status for the project
analysisId
- Optional analysis ID - Stringbranch
- Optional branch key - StringprojectId
- Optional project ID - StringprojectKey
- Optional project key - StringpullRequest
- Optional pull request ID - Stringlist_quality_gates - List all quality gates in the organization
list_rule_repositories - List rule repositories available in SonarQube
language
- Optional language key - Stringq
- Optional search query - Stringshow_rule - Shows detailed information about a SonarQube rule
key
- Rule key - Required Stringget_raw_source - Get source code as raw text. Require 'See Source Code' permission on file
key
- File key - Required Stringbranch
- Optional branch key - StringpullRequest
- Optional pull request id - Stringget_scm_info - Get SCM information of source files. Require See Source Code permission on file's project
key
- File key - Required Stringcommits_by_line
- Group lines by SCM commit if value is false, else display commits for each line - Stringfrom
- First line to return. Starts at 1 - Numberto
- Last line to return (inclusive) - NumberNote: System tools are only available when connecting to SonarQube Server.
get_system_health - Get the health status of SonarQube Server instance
get_system_info - Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions
get_system_logs - Get SonarQube Server system logs in plain-text format. Requires system administration permission
name
- Optional name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app - Stringping_system - Ping the SonarQube Server system to check if it's alive
get_system_status - Get state information about SonarQube Server
Applications logs will be written to the STORAGE_PATH/logs/mcp.log
file.
This server collects anonymous usage data and sends it to SonarSource to help improve the product. No source code or IP address is collected, and SonarSource does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true
. Click here to see a sample of the data that are collected.
Copyright 2025 SonarSource.
Licensed under the SONAR Source-Available License v1.0
Manage ServiceNow metadata, modules, records, and tests using Fluent, a TypeScript-based declarative DSL. Supports all ServiceNow SDK CLI commands.
Enable AI agents to interact with the Atla API for state-of-the-art LLMJ evaluation.
GXtract is a MCP server designed to integrate with VS Code and other compatible editors. It provides a suite of tools for interacting with the GroundX platform, enabling you to leverage its powerful document understanding capabilities directly within your development environment.
MCP Expr-Lang provides a seamless integration between Claude AI and the powerful expr-lang expression evaluation engine.
An MCP (Model Context Protocol) aggregator that allows you to combine multiple MCP servers into a single endpoint allowing to filter specific tools.
Set up and interact with your unstructured data processing workflows in Unstructured Platform
Official MCP server for Sentry.
Programmatically access and parse NOAA Electronic Navigational Charts (ENC) in S-57 format.
Extracts images from files, URLs, or base64 strings and converts them to base64 for LLM analysis.
Embeds intelligent guidance into AI workflows to organize development and ensure quality.