SonarQube MCP server

Integrates with SonarQube to provide code quality metrics, issue tracking, and quality gate status information for software development projects
Back to servers
Setup instructions
Provider
Marc Tremblay
Release date
Mar 20, 2025
Language
Rust
Stats
59 stars

The SonarQube MCP Server enables AI assistants to interact with SonarQube's code quality analysis capabilities through the Model Context Protocol. This integration allows AI tools like Claude to access code metrics, issues, security hotspots, and more from your SonarQube or SonarCloud instance.

Installation Options

Quick Start with NPX

The simplest way to use the SonarQube MCP Server is with Claude Desktop:

{
  "mcpServers": {
    "sonarqube": {
      "command": "npx",
      "args": ["-y", "sonarqube-mcp-server@latest"],
      "env": {
        "SONARQUBE_URL": "https://sonarcloud.io",
        "SONARQUBE_TOKEN": "your-token-here",
        "SONARQUBE_ORGANIZATION": "your-org (for SonarCloud)"
      }
    }
  }
}

Docker Installation

Docker provides a more reliable deployment method for production environments:

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e", "SONARQUBE_URL",
        "-e", "SONARQUBE_TOKEN",
        "-e", "SONARQUBE_ORGANIZATION",
        "sapientpants/sonarqube-mcp-server:latest"
      ],
      "env": {
        "SONARQUBE_URL": "https://sonarqube.example.com",
        "SONARQUBE_TOKEN": "your-sonarqube-token",
        "SONARQUBE_ORGANIZATION": "your-organization-key"
      }
    }
  }
}

For web applications using SSE transport:

docker run -d \
  --name sonarqube-mcp \
  -p 3000:3000 \
  -e SONARQUBE_URL="https://sonarqube.example.com" \
  -e SONARQUBE_TOKEN="your-token" \
  -e SONARQUBE_ORGANIZATION="your-org" \
  -e TRANSPORT="sse" \
  sapientpants/sonarqube-mcp-server:latest

Configuration

Authentication Methods

The server supports three authentication methods:

1. Token Authentication (Recommended)

{
  "env": {
    "SONARQUBE_TOKEN": "your-token-here"
  }
}

2. Basic Authentication

{
  "env": {
    "SONARQUBE_USERNAME": "your-username",
    "SONARQUBE_PASSWORD": "your-password"
  }
}

3. System Passcode

{
  "env": {
    "SONARQUBE_PASSCODE": "your-system-passcode"
  }
}

Environment Variables

Required Settings

  • SONARQUBE_URL: URL of your SonarQube instance (default: https://sonarcloud.io)
  • One of the authentication methods above

Optional Settings

  • SONARQUBE_ORGANIZATION: Organization key (required for SonarCloud)
  • LOG_FILE: Path to write log files
  • LOG_LEVEL: Minimum log level (DEBUG, INFO, WARN, ERROR)
  • MCP_TRANSPORT: Transport type (stdio, http)
  • MCP_HTTP_PORT: Port for HTTP transport (default: 3000)
  • MCP_HTTP_HOST: Host for HTTP transport (default: localhost)

Available Tools

Project Management

  • projects: List all SonarQube projects with pagination support

Component Navigation

  • components: Search and navigate SonarQube components (projects, directories, files)

Issue Management

  • issues: Search and filter SonarQube issues
  • markIssueFalsePositive: Mark an issue as false positive
  • markIssueWontFix: Mark an issue as won't fix
  • markIssuesFalsePositive: Mark multiple issues as false positive
  • markIssuesWontFix: Mark multiple issues as won't fix
  • addCommentToIssue: Add a comment to an issue
  • assignIssue: Assign or unassign an issue

Metrics and Measures

  • metrics: Get available metrics
  • measures_component: Get measures for a specific component
  • measures_components: Get measures for multiple components
  • measures_history: Get measures history for a component

Security Hotspots

  • hotspots: Search for security hotspots
  • hotspot: Get detailed information about a specific hotspot
  • update_hotspot_status: Update the status of a security hotspot

Quality Gates

  • quality_gates: List available quality gates
  • quality_gate: Get quality gate conditions
  • quality_gate_status: Get project quality gate status

Source Code

  • source_code: View source code with issues highlighted
  • scm_blame: Get SCM blame information

System Monitoring

  • system_health: Get the health status of the SonarQube instance
  • system_status: Get the status of the SonarQube instance
  • system_ping: Ping the SonarQube instance

Usage Examples

Basic Project Analysis

"List all my SonarQube projects"
"Show me the code coverage for project xyz"
"What metrics are available for analysis?"

Issue Investigation

"Show me all critical bugs in project abc"
"Find security vulnerabilities in the main branch"
"List all code smells created in the last week"
"Show unresolved issues assigned to john.doe"

Security Hotspot Review

"Find all security hotspots that need review in project xyz"
"Show me hotspots in the authentication module"
"Get details for hotspot HSP-12345"

Issue Management

"Assign issue PROJECT-123 to john.doe"
"Mark issue ABC-789 as false positive with comment: 'Test code only'"
"Add comment to issue XYZ-111: 'Fixed in commit abc123'"

Troubleshooting

Common Issues

Authentication Errors

  • Error: "Authentication failed"
  • Solution: Generate a new token in SonarQube/SonarCloud

Resource Not Found

  • Error: "Project not found"
  • Solution: Verify the project key and check token permissions

Organization Required

  • Error: "Organization required"
  • Solution: Add SONARQUBE_ORGANIZATION when using SonarCloud

Connection Issues

  • Error: "Connection refused"
  • Solution: Verify SONARQUBE_URL and network connectivity

Debug Logging

Enable debug logging to identify issues:

{
  "env": {
    "LOG_FILE": "/tmp/sonarqube-mcp.log",
    "LOG_LEVEL": "DEBUG"
  }
}

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "sonarqube" '{"command":"npx","args":["-y","sonarqube-mcp-server@latest"],"env":{"SONARQUBE_URL":"https://sonarcloud.io","SONARQUBE_TOKEN":"your-token-here","SONARQUBE_ORGANIZATION":"your-org (for SonarCloud)"}}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "sonarqube": {
            "command": "npx",
            "args": [
                "-y",
                "sonarqube-mcp-server@latest"
            ],
            "env": {
                "SONARQUBE_URL": "https://sonarcloud.io",
                "SONARQUBE_TOKEN": "your-token-here",
                "SONARQUBE_ORGANIZATION": "your-org (for SonarCloud)"
            }
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "sonarqube": {
            "command": "npx",
            "args": [
                "-y",
                "sonarqube-mcp-server@latest"
            ],
            "env": {
                "SONARQUBE_URL": "https://sonarcloud.io",
                "SONARQUBE_TOKEN": "your-token-here",
                "SONARQUBE_ORGANIZATION": "your-org (for SonarCloud)"
            }
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later