Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
10K+
21 Tools
Version 4.43 or later needs to be installed to add the server automatically
Use cases
About
Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
Attribute | Details |
---|---|
Docker Image | mcp/sonarqube |
Author | SonarSource |
Repository | https://github.com/SonarSource/sonarqube-mcp-server |
Dockerfile | https://github.com/SonarSource/sonarqube-mcp-server/blob/master/Dockerfile |
Docker Image built by | Docker Inc. |
Docker Scout Health Score | |
Verify Signature | COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/sonarqube --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pub |
Licence | Other |
Tools provided by this Server | Short Description |
---|---|
analyze_code_snippet | Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. |
change_sonar_issue_status | Change the status of a Sonar issue. |
create_webhook | Create a new webhook for the SonarQube organization or project. |
get_component_measures | Get SonarQube measures for a component (project, directory, file). |
get_project_quality_gate_status | Get the Quality Gate Status for the SonarQube project. |
get_raw_source | Get source code as raw text from SonarQube. |
get_scm_info | Get SCM information of SonarQube source files. |
get_system_health | Get the health status of SonarQube Server instance. |
get_system_info | Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. |
get_system_logs | Get SonarQube Server system logs in plain-text format. |
get_system_status | Get state information about SonarQube Server. |
list_languages | List all programming languages supported in this SonarQube instance |
list_portfolios | List enterprise portfolios available in SonarQube Cloud with filtering and pagination options. |
list_quality_gates | List all quality gates in my SonarQube. |
list_rule_repositories | List rule repositories available in SonarQube. |
list_webhooks | List all webhooks for the SonarQube organization or project. |
ping_system | Ping the SonarQube Server system to check if it's alive. |
search_metrics | Search for SonarQube metrics |
search_my_sonarqube_projects | Find SonarQube projects. |
search_sonar_issues_in_projects | Search for SonarQube issues in my organization's projects. |
show_rule | Shows detailed information about a SonarQube rule. |
analyze_code_snippet
Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. Specify the language of the snippet to improve analysis accuracy.
Parameters | Type | Description |
---|---|---|
codeSnippet | string | Code snippet or full file content |
projectKey | string | The SonarQube project key |
language | string optional | Language of the code snippet |
change_sonar_issue_status
Change the status of a Sonar issue. This tool can be used to change the status of an issue to "accept", "falsepositive" or to "reopen" an issue. An example request could be: I would like to accept the issue having the key "AX-HMISMFixnZED"
Parameters | Type | Description |
---|---|---|
key | string | The key of the issue which status should be changed |
status | array | The new status of the issue |
create_webhook
Create a new webhook for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
Parameters | Type | Description |
---|---|---|
name | string | Name displayed in the administration console of webhooks (max 100 chars) |
url | string | Server endpoint that will receive the webhook payload (max 512 chars) |
projectKey | string optional | The key of the project that will own the webhook (max 400 chars) |
secret | string optional | If provided, secret will be used as the key to generate the HMAC hex digest value in the 'X-Sonar-Webhook-HMAC-SHA256' header (16-200 chars) |
get_component_measures
Get SonarQube measures for a component (project, directory, file).
Parameters | Type | Description |
---|---|---|
branch | string optional | The branch to analyze for measures |
component | string optional | The component key to get measures for |
metricKeys | array optional | The metric keys to retrieve (e.g. nloc, complexity, violations, coverage) |
pullRequest | string optional | The pull request identifier to analyze for measures |
get_project_quality_gate_status
Get the Quality Gate Status for the SonarQube project. Either 'analysisId', 'projectId' or 'projectKey' must be provided.
Parameters | Type | Description |
---|---|---|
analysisId | string optional | The optional analysis ID to get the status for, for example 'AU-TpxcA-iU5OvuD2FL1' |
branch | string optional | The optional branch key to get the status for, for example 'feature/my_branch' |
projectId | string optional | The optional project ID to get the status for, for example 'AU-Tpxb--iU5OvuD2FLy'. Doesn't work with branches or pull requests. |
projectKey
|string
optional|The optional project key to get the status for, for example 'my_project'
pullRequest
|string
optional|The optional pull request ID to get the status for, for example '5461'
get_raw_source
Get source code as raw text from SonarQube. Require 'See Source Code' permission on file.
Parameters | Type | Description |
---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
branch | string optional | Branch key (e.g. feature/my_branch) |
pullRequest | string optional | Pull request id |
get_scm_info
Get SCM information of SonarQube source files. Require See Source Code permission on file's project
Parameters | Type | Description |
---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
commits_by_line | boolean optional | Group lines by SCM commit if value is false, else display commits for each line (true/false) |
from | number optional | First line to return. Starts at 1 |
to | number optional | Last line to return (inclusive) |
get_system_health
Get the health status of SonarQube Server instance. Returns GREEN (fully operational), YELLOW (usable but needs attention), or RED (not operational).
get_system_info
Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions.
get_system_logs
Get SonarQube Server system logs in plain-text format. Requires system administration permission.
Parameters | Type | Description |
---|---|---|
name | string optional | Name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app |
get_system_status
Get state information about SonarQube Server. Returns status (STARTING, UP, DOWN, RESTARTING, DB_MIGRATION_NEEDED, DB_MIGRATION_RUNNING), version, and id.
list_languages
List all programming languages supported in this SonarQube instance
Parameters | Type | Description |
---|---|---|
q | string optional | Optional pattern to match language keys/names against |
list_portfolios
List enterprise portfolios available in SonarQube Cloud with filtering and pagination options.
Parameters | Type | Description |
---|---|---|
draft | boolean optional | If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true |
enterpriseId | string optional | Enterprise uuid. Can be omitted only if 'favorite' parameter is supplied with value true |
favorite | boolean optional | Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true |
pageIndex | number optional | Index of the page to fetch (default: 1) |
pageSize | number optional | Size of the page to fetch (default: 50) |
q | string optional | Search query to filter portfolios by name |
list_quality_gates
List all quality gates in my SonarQube.
list_rule_repositories
List rule repositories available in SonarQube.
Parameters | Type | Description |
---|---|---|
language | string optional | Optional language key to filter repositories (e.g. 'java') |
q | string optional | Optional search query to filter repositories by name or key |
list_webhooks
List all webhooks for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
Parameters | Type | Description |
---|---|---|
projectKey | string optional | Optional project key to list project-specific webhooks |
ping_system
Ping the SonarQube Server system to check if it's alive. Returns 'pong' as plain text.
search_metrics
Search for SonarQube metrics
Parameters | Type | Description |
---|---|---|
p | number optional | 1-based page number (default: 1) |
ps | number optional | Page size. Must be greater than 0 and less than or equal to 500 (default: 100) |
search_my_sonarqube_projects
Find SonarQube projects. The response is paginated.
Parameters | Type | Description |
---|---|---|
page | string optional | An optional page number. Defaults to 1. |
search_sonar_issues_in_projects
Search for SonarQube issues in my organization's projects.
Parameters | Type | Description |
---|---|---|
p | number optional | An optional page number. Defaults to 1. |
projects | array optional | An optional list of Sonar projects to look in |
ps | number optional | An optional page size. Must be greater than 0 and less than or equal to 500. Defaults to 100. |
pullRequestId | string optional | The identifier of the Pull Request to look in |
severities | string optional | An optional list of severities to filter by, separated by a comma. Possible values: INFO, LOW, MEDIUM, HIGH, BLOCKER |
show_rule
Shows detailed information about a SonarQube rule.
Parameters | Type | Description |
---|---|---|
key | string | The rule key (e.g. javascript:EmptyBlock) |
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_URL",
"-e",
"SONARQUBE_ORG",
"-e",
"SONARQUBE_TOKEN",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_URL": "https://my-sonarqube.com",
"SONARQUBE_ORG": "my-org",
"SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN"
}
}
}
}
Manual installation
You can install the MCP server using:
Installation for