SonarQube

SonarQube

Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.

10K+

21 Tools

Signed
Built by Docker
Requires Secrets
Add to Docker Desktop

Version 4.43 or later needs to be installed to add the server automatically

About

SonarQube MCP Server

Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.

What is an MCP Server?

Characteristics

AttributeDetails
Docker Imagemcp/sonarqube
AuthorSonarSource
Repositoryhttps://github.com/SonarSource/sonarqube-mcp-server
Dockerfilehttps://github.com/SonarSource/sonarqube-mcp-server/blob/master/Dockerfile
Docker Image built byDocker Inc.
Docker Scout Health ScoreDocker Scout Health Score
Verify SignatureCOSIGN_REPOSITORY=mcp/signatures cosign verify mcp/sonarqube --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pub
LicenceOther

Available Tools (21)

Tools provided by this ServerShort Description
analyze_code_snippetAnalyze a file or code snippet with SonarQube analyzers to identify code quality and security issues.
change_sonar_issue_statusChange the status of a Sonar issue.
create_webhookCreate a new webhook for the SonarQube organization or project.
get_component_measuresGet SonarQube measures for a component (project, directory, file).
get_project_quality_gate_statusGet the Quality Gate Status for the SonarQube project.
get_raw_sourceGet source code as raw text from SonarQube.
get_scm_infoGet SCM information of SonarQube source files.
get_system_healthGet the health status of SonarQube Server instance.
get_system_infoGet detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings.
get_system_logsGet SonarQube Server system logs in plain-text format.
get_system_statusGet state information about SonarQube Server.
list_languagesList all programming languages supported in this SonarQube instance
list_portfoliosList enterprise portfolios available in SonarQube Cloud with filtering and pagination options.
list_quality_gatesList all quality gates in my SonarQube.
list_rule_repositoriesList rule repositories available in SonarQube.
list_webhooksList all webhooks for the SonarQube organization or project.
ping_systemPing the SonarQube Server system to check if it's alive.
search_metricsSearch for SonarQube metrics
search_my_sonarqube_projectsFind SonarQube projects.
search_sonar_issues_in_projectsSearch for SonarQube issues in my organization's projects.
show_ruleShows detailed information about a SonarQube rule.

Tools Details

Tool: analyze_code_snippet

Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. Specify the language of the snippet to improve analysis accuracy.

ParametersTypeDescription
codeSnippetstringCode snippet or full file content
projectKeystringThe SonarQube project key
languagestringoptionalLanguage of the code snippet

Tool: change_sonar_issue_status

Change the status of a Sonar issue. This tool can be used to change the status of an issue to "accept", "falsepositive" or to "reopen" an issue. An example request could be: I would like to accept the issue having the key "AX-HMISMFixnZED"

ParametersTypeDescription
keystringThe key of the issue which status should be changed
statusarrayThe new status of the issue

Tool: create_webhook

Create a new webhook for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.

ParametersTypeDescription
namestringName displayed in the administration console of webhooks (max 100 chars)
urlstringServer endpoint that will receive the webhook payload (max 512 chars)
projectKeystringoptionalThe key of the project that will own the webhook (max 400 chars)
secretstringoptionalIf provided, secret will be used as the key to generate the HMAC hex digest value in the 'X-Sonar-Webhook-HMAC-SHA256' header (16-200 chars)

Tool: get_component_measures

Get SonarQube measures for a component (project, directory, file).

ParametersTypeDescription
branchstringoptionalThe branch to analyze for measures
componentstringoptionalThe component key to get measures for
metricKeysarrayoptionalThe metric keys to retrieve (e.g. nloc, complexity, violations, coverage)
pullRequeststringoptionalThe pull request identifier to analyze for measures

Tool: get_project_quality_gate_status

Get the Quality Gate Status for the SonarQube project. Either 'analysisId', 'projectId' or 'projectKey' must be provided.

ParametersTypeDescription
analysisIdstringoptionalThe optional analysis ID to get the status for, for example 'AU-TpxcA-iU5OvuD2FL1'
branchstringoptionalThe optional branch key to get the status for, for example 'feature/my_branch'
projectIdstringoptionalThe optional project ID to get the status for, for example 'AU-Tpxb--iU5OvuD2FLy'. Doesn't work with branches or pull requests.

projectKey|stringoptional|The optional project key to get the status for, for example 'my_project' pullRequest|stringoptional|The optional pull request ID to get the status for, for example '5461'


Tool: get_raw_source

Get source code as raw text from SonarQube. Require 'See Source Code' permission on file.

ParametersTypeDescription
keystringFile key (e.g. my_project:src/foo/Bar.php)
branchstringoptionalBranch key (e.g. feature/my_branch)
pullRequeststringoptionalPull request id

Tool: get_scm_info

Get SCM information of SonarQube source files. Require See Source Code permission on file's project

ParametersTypeDescription
keystringFile key (e.g. my_project:src/foo/Bar.php)
commits_by_linebooleanoptionalGroup lines by SCM commit if value is false, else display commits for each line (true/false)
fromnumberoptionalFirst line to return. Starts at 1
tonumberoptionalLast line to return (inclusive)

Tool: get_system_health

Get the health status of SonarQube Server instance. Returns GREEN (fully operational), YELLOW (usable but needs attention), or RED (not operational).

Tool: get_system_info

Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions.

Tool: get_system_logs

Get SonarQube Server system logs in plain-text format. Requires system administration permission.

ParametersTypeDescription
namestringoptionalName of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app

Tool: get_system_status

Get state information about SonarQube Server. Returns status (STARTING, UP, DOWN, RESTARTING, DB_MIGRATION_NEEDED, DB_MIGRATION_RUNNING), version, and id.

Tool: list_languages

List all programming languages supported in this SonarQube instance

ParametersTypeDescription
qstringoptionalOptional pattern to match language keys/names against

Tool: list_portfolios

List enterprise portfolios available in SonarQube Cloud with filtering and pagination options.

ParametersTypeDescription
draftbooleanoptionalIf true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true
enterpriseIdstringoptionalEnterprise uuid. Can be omitted only if 'favorite' parameter is supplied with value true
favoritebooleanoptionalRequired to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true
pageIndexnumberoptionalIndex of the page to fetch (default: 1)
pageSizenumberoptionalSize of the page to fetch (default: 50)
qstringoptionalSearch query to filter portfolios by name

Tool: list_quality_gates

List all quality gates in my SonarQube.

Tool: list_rule_repositories

List rule repositories available in SonarQube.

ParametersTypeDescription
languagestringoptionalOptional language key to filter repositories (e.g. 'java')
qstringoptionalOptional search query to filter repositories by name or key

Tool: list_webhooks

List all webhooks for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.

ParametersTypeDescription
projectKeystringoptionalOptional project key to list project-specific webhooks

Tool: ping_system

Ping the SonarQube Server system to check if it's alive. Returns 'pong' as plain text.

Tool: search_metrics

Search for SonarQube metrics

ParametersTypeDescription
pnumberoptional1-based page number (default: 1)
psnumberoptionalPage size. Must be greater than 0 and less than or equal to 500 (default: 100)

Tool: search_my_sonarqube_projects

Find SonarQube projects. The response is paginated.

ParametersTypeDescription
pagestringoptionalAn optional page number. Defaults to 1.

Tool: search_sonar_issues_in_projects

Search for SonarQube issues in my organization's projects.

ParametersTypeDescription
pnumberoptionalAn optional page number. Defaults to 1.
projectsarrayoptionalAn optional list of Sonar projects to look in
psnumberoptionalAn optional page size. Must be greater than 0 and less than or equal to 500. Defaults to 100.
pullRequestIdstringoptionalThe identifier of the Pull Request to look in
severitiesstringoptionalAn optional list of severities to filter by, separated by a comma. Possible values: INFO, LOW, MEDIUM, HIGH, BLOCKER

Tool: show_rule

Shows detailed information about a SonarQube rule.

ParametersTypeDescription
keystringThe rule key (e.g. javascript:EmptyBlock)

Use this MCP Server

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SONARQUBE_URL",
        "-e",
        "SONARQUBE_ORG",
        "-e",
        "SONARQUBE_TOKEN",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_URL": "https://my-sonarqube.com",
        "SONARQUBE_ORG": "my-org",
        "SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN"
      }
    }
  }
}

Why is it safer to run MCP Servers with Docker?

Manual installation

You can install the MCP server using:

Installation for

Related servers