SonarQube
Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
10K+
22 Tools
Version 4.43 or later needs to be installed to add the server automatically
Use cases
About
SonarQube MCP Server
Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
MCP Info
| Attribute | Details |
|---|---|
| Docker Image | mcp/sonarqube |
| Author | SonarSource |
| Repository | https://github.com/SonarSource/sonarqube-mcp-server |
Image Building InfoDockerfile|https://github.com/SonarSource/sonarqube-mcp-server/blob/master/Dockerfile
Docker Image built by|Docker Inc.
Docker Scout Health Score| Verify Signature|
COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/sonarqube --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pubLicence|Other
Available Tools (22)
| Tools provided by this Server | Short Description |
|---|---|
analyze_code_snippet | Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. |
change_sonar_issue_status | Change the status of a Sonar issue. |
create_webhook | Create a new webhook for the SonarQube organization or project. |
get_component_measures | Get SonarQube measures for a component (project, directory, file). |
get_project_quality_gate_status | Get the Quality Gate Status for the SonarQube project. |
get_raw_source | Get source code as raw text from SonarQube. |
get_scm_info | Get SCM information of SonarQube source files. |
get_system_health | Get the health status of SonarQube Server instance. |
get_system_info | Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. |
get_system_logs | Get SonarQube Server system logs in plain-text format. |
get_system_status | Get state information about SonarQube Server. |
list_languages | List all programming languages supported in this SonarQube instance |
list_portfolios | List enterprise portfolios available in SonarQube Cloud with filtering and pagination options. |
list_quality_gates | List all quality gates in my SonarQube. |
list_rule_repositories | List rule repositories available in SonarQube. |
list_webhooks | List all webhooks for the SonarQube organization or project. |
ping_system | Ping the SonarQube Server system to check if it's alive. |
search_dependency_risks | Search for software composition analysis issues (dependency risks) of a SonarQube project, paired with releases that appear in the analyzed project, application, or portfolio. |
search_metrics | Search for SonarQube metrics |
search_my_sonarqube_projects | Find SonarQube projects. |
search_sonar_issues_in_projects | Search for SonarQube issues in my organization's projects. |
show_rule | Shows detailed information about a SonarQube rule. |
Tools Details
Tool: analyze_code_snippet
Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. Specify the language of the snippet to improve analysis accuracy.
| Parameters | Type | Description |
|---|---|---|
codeSnippet | string | Code snippet or full file content |
projectKey | string | The SonarQube project key |
language | stringoptional | Language of the code snippet |
Tool: change_sonar_issue_status
Change the status of a Sonar issue. This tool can be used to change the status of an issue to "accept", "falsepositive" or to "reopen" an issue. An example request could be: I would like to accept the issue having the key "AX-HMISMFixnZED"
| Parameters | Type | Description |
|---|---|---|
key | string | The key of the issue which status should be changed |
status | array | The new status of the issue |
Tool: create_webhook
Create a new webhook for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
| Parameters | Type | Description |
|---|---|---|
name | string | Name displayed in the administration console of webhooks (max 100 chars) |
url | string | Server endpoint that will receive the webhook payload (max 512 chars) |
projectKey | stringoptional | The key of the project that will own the webhook (max 400 chars) |
secret | stringoptional | If provided, secret will be used as the key to generate the HMAC hex digest value in the 'X-Sonar-Webhook-HMAC-SHA256' header (16-200 chars) |
Tool: get_component_measures
Get SonarQube measures for a component (project, directory, file).
| Parameters | Type | Description |
|---|---|---|
branch | stringoptional | The branch to analyze for measures |
component | stringoptional | The component key to get measures for |
metricKeys | arrayoptional | The metric keys to retrieve (e.g. nloc, complexity, violations, coverage) |
pullRequest | stringoptional | The pull request identifier to analyze for measures |
Tool: get_project_quality_gate_status
Get the Quality Gate Status for the SonarQube project. Either 'analysisId', 'projectId' or 'projectKey' must be provided.
| Parameters | Type | Description |
|---|---|---|
analysisId | stringoptional | The optional analysis ID to get the status for, for example 'AU-TpxcA-iU5OvuD2FL1' |
branch | stringoptional | The optional branch key to get the status for, for example 'feature/my_branch' |
projectId | stringoptional | The optional project ID to get the status for, for example 'AU-Tpxb--iU5OvuD2FLy'. Doesn't work with branches or pull requests. |
projectKey|stringoptional|The optional project key to get the status for, for example 'my_project'
pullRequest|stringoptional|The optional pull request ID to get the status for, for example '5461'
Tool: get_raw_source
Get source code as raw text from SonarQube. Require 'See Source Code' permission on file.
| Parameters | Type | Description |
|---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
branch | stringoptional | Branch key (e.g. feature/my_branch) |
pullRequest | stringoptional | Pull request id |
Tool: get_scm_info
Get SCM information of SonarQube source files. Require See Source Code permission on file's project
| Parameters | Type | Description |
|---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
commits_by_line | booleanoptional | Group lines by SCM commit if value is false, else display commits for each line (true/false) |
from | numberoptional | First line to return. Starts at 1 |
to | numberoptional | Last line to return (inclusive) |
Tool: get_system_health
Get the health status of SonarQube Server instance. Returns GREEN (fully operational), YELLOW (usable but needs attention), or RED (not operational).
Tool: get_system_info
Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions.
Tool: get_system_logs
Get SonarQube Server system logs in plain-text format. Requires system administration permission.
| Parameters | Type | Description |
|---|---|---|
name | stringoptional | Name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app |
Tool: get_system_status
Get state information about SonarQube Server. Returns status (STARTING, UP, DOWN, RESTARTING, DB_MIGRATION_NEEDED, DB_MIGRATION_RUNNING), version, and id.
Tool: list_languages
List all programming languages supported in this SonarQube instance
| Parameters | Type | Description |
|---|---|---|
q | stringoptional | Optional pattern to match language keys/names against |
Tool: list_portfolios
List enterprise portfolios available in SonarQube Cloud with filtering and pagination options.
| Parameters | Type | Description |
|---|---|---|
draft | booleanoptional | If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true |
enterpriseId | stringoptional | Enterprise uuid. Can be omitted only if 'favorite' parameter is supplied with value true |
favorite | booleanoptional | Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true |
pageIndex | numberoptional | Index of the page to fetch (default: 1) |
pageSize | numberoptional | Size of the page to fetch (default: 50) |
q | stringoptional | Search query to filter portfolios by name |
Tool: list_quality_gates
List all quality gates in my SonarQube.
Tool: list_rule_repositories
List rule repositories available in SonarQube.
| Parameters | Type | Description |
|---|---|---|
language | stringoptional | Optional language key to filter repositories (e.g. 'java') |
q | stringoptional | Optional search query to filter repositories by name or key |
Tool: list_webhooks
List all webhooks for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
| Parameters | Type | Description |
|---|---|---|
projectKey | stringoptional | Optional project key to list project-specific webhooks |
Tool: ping_system
Ping the SonarQube Server system to check if it's alive. Returns 'pong' as plain text.
Tool: search_dependency_risks
Search for software composition analysis issues (dependency risks) of a SonarQube project, paired with releases that appear in the analyzed project, application, or portfolio.
| Parameters | Type | Description |
|---|---|---|
projectKey | string | The project key |
branchKey | stringoptional | The branch key |
pullRequestKey | stringoptional | The pull request key |
Tool: search_metrics
Search for SonarQube metrics
| Parameters | Type | Description |
|---|---|---|
p | numberoptional | 1-based page number (default: 1) |
ps | numberoptional | Page size. Must be greater than 0 and less than or equal to 500 (default: 100) |
Tool: search_my_sonarqube_projects
Find SonarQube projects. The response is paginated.
| Parameters | Type | Description |
|---|---|---|
page | stringoptional | An optional page number. Defaults to 1. |
Tool: search_sonar_issues_in_projects
Search for SonarQube issues in my organization's projects.
| Parameters | Type | Description |
|---|---|---|
p | numberoptional | An optional page number. Defaults to 1. |
projects | arrayoptional | An optional list of Sonar projects to look in |
ps | numberoptional | An optional page size. Must be greater than 0 and less than or equal to 500. Defaults to 100. |
pullRequestId | stringoptional | The identifier of the Pull Request to look in |
severities | stringoptional | An optional list of severities to filter by, separated by a comma. Possible values: INFO, LOW, MEDIUM, HIGH, BLOCKER |
Tool: show_rule
Shows detailed information about a SonarQube rule.
| Parameters | Type | Description |
|---|---|---|
key | string | The rule key (e.g. javascript:EmptyBlock) |
Use this MCP Server
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_URL",
"-e",
"SONARQUBE_ORG",
"-e",
"SONARQUBE_TOKEN",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_URL": "https://my-sonarqube.com",
"SONARQUBE_ORG": "my-org",
"SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN"
}
}
}
}
Manual installation
You can install the MCP server using:
Installation for