SonarQube

Provides seamless integration with SonarQube Server or Cloud, and enables analysis of code snippets directly within the agent context

View on GitHub →

SonarQube MCP Server

Build Status Quality Gate Status

The SonarQube MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with SonarQube Server or Cloud. It also enables the analysis of code snippet directly within the agent context.

Prerequisites

SonarQube MCP Server can be launched in two ways:

  • With a Docker Container
    • Requires: Docker installed.
  • Directly from the JAR
    • Requires: Java Development Kit (JDK) version 21 or later.

Installation

Building

Run the following Gradle command to clean the project, download analyzers, and build the application:

./gradlew clean build -x test

The JAR file will be created in build/libs/.

To create the Docker image, run the buildDocker task:

./gradlew clean buildDocker -x test

Usage

VS Code

Once the application is built locally (either as a JAR or a Docker image), you can use the following buttons to simplify the installation process within VS Code.

Install for SonarQube Cloud with Docker

Install for SonarQube Server with Docker

General cases

Alternatively, you can manually copy and paste the MCP configurations. Below are example snippets.

  • Docker
{
  "sonarqube-mcp-server-docker": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_ORG",
      "sonarqube-mcp-server:<version>"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}
  • JAR
{
  "sonarqube-mcp-server": {
    "command": "java",
    "args": [
      "-jar",
      "<path_to_sonarqube_mcp_server_jar>"
    ],
    "env": {
      "STORAGE_PATH": "<path_to_your_mcp_storage>",
      "PLUGINS_PATH": "<path_to_your_sonar_analyzers>",
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}

Configuration

Depending on your environment, you should provide specific environment variables.

SonarQube Cloud

To enable full functionality, the following environment variables must be set before starting the server:

Environmment variableDescription
SONARQUBE_TOKENYour SonarQube Cloud token
SONARQUBE_ORGYour SonarQube Cloud organization key

SonarQube Server

Environmment variableDescription
SONARQUBE_TOKENYour SonarQube Server USER token
SONARQUBE_URLYour SonarQube Server URL

JAR

On top of the previous SonarQube environments, you should add the following variable when running the MCP Server via a JAR:

Environmment variableDescription
STORAGE_PATHAn absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence)
PLUGINS_PATHAn optional absolute path to a folder containing the SonarQube analyzers. If none is provided, analysis is disabled

Tools

Analysis

  • analyze_code_snippet - Analyze a code snippet with SonarQube analyzers to find SonarQube issues in it.
    • codeSnippet - Code snippet or full file content - Required String
    • language - Optional language of the code snippet - String

Languages

  • list_languages - List all programming languages supported in this instance
    • q - Optional pattern to match language keys/names against - String

Issues

  • change_sonar_issue_status - Change the status of a SonarQube issue to "accept", "falsepositive" or to "reopen" an issue

    • key - Issue key - Required String
    • status - New issue's status - Required Enum {"accept", "falsepositive", "reopen"}

  • search_sonar_issues_in_projects - Search for SonarQube issues in my organization's projects

    • projects - Optional list of Sonar projects - String[]
    • pullRequestId - Optional Pull Request's identifier - String

Measures

  • get_component_measures - Get measures for a component (project, directory, file)
    • component - Optional component key to get measures for - String
    • branch - Optional branch to analyze for measures - String
    • metricKeys - Optional metric keys to retrieve (e.g. nloc, complexity, violations, coverage) - String[]
    • pullRequest - Optional pull request identifier to analyze for measures - String

Metrics

  • search_metrics - Search for metrics
    • p - Optional 1-based page number (default: 1) - Integer
    • ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

Projects

  • search_my_sonarqube_cloud_projects - Find Sonar projects in my organization
    • page - Optional page number - String

Quality Gates

  • get_quality_gate_status_for_project - Get the Quality Gate Status for the project

    • analysisId - Optional analysis ID - String
    • branch - Optional branch key - String
    • projectId - Optional project ID - String
    • projectKey - Optional project key - String
    • pullRequest - Optional pull request ID - String

  • list_quality_gates - List all quality gates in the organization

Rules

  • list_rule_repositories - List rule repositories available in SonarQube

    • language - Optional language key - String
    • q - Optional search query - String

  • show_rule - Shows detailed information about a SonarQube rule

    • key - Rule key - Required String

Data and telemetry

This server collects anonymous usage data and sends it to SonarSource to help improve the product. No source code or IP address is collected, and SonarSource does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. Click here to see a sample of the data that are collected.

License

Copyright 2025 SonarSource.

Licensed under the SONAR Source-Available License v1.0

Related Servers