Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
10K+
22 Tools
Version 4.43 or later needs to be installed to add the server automatically
Use cases
About
Interact with SonarQube Cloud, Server and Community build over the web API. Analyze code to identify quality and security issues.
| Attribute | Details |
|---|---|
| Docker Image | mcp/sonarqube |
| Author | SonarSource |
| Repository | https://github.com/SonarSource/sonarqube-mcp-server |
Docker Image built by|Docker Inc.
Docker Scout Health Score| Verify Signature|
COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/sonarqube --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pubLicence|Other
| Tools provided by this Server | Short Description |
|---|---|
analyze_code_snippet | Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. |
change_sonar_issue_status | Change the status of a Sonar issue. |
create_webhook | Create a new webhook for the SonarQube organization or project. |
get_component_measures | Get SonarQube measures for a component (project, directory, file). |
get_project_quality_gate_status | Get the Quality Gate Status for the SonarQube project. |
get_raw_source | Get source code as raw text from SonarQube. |
get_scm_info | Get SCM information of SonarQube source files. |
get_system_health | Get the health status of SonarQube Server instance. |
get_system_info | Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. |
get_system_logs | Get SonarQube Server system logs in plain-text format. |
get_system_status | Get state information about SonarQube Server. |
list_languages | List all programming languages supported in this SonarQube instance |
list_portfolios | List enterprise portfolios available in SonarQube Cloud with filtering and pagination options. |
list_quality_gates | List all quality gates in my SonarQube. |
list_rule_repositories | List rule repositories available in SonarQube. |
list_webhooks | List all webhooks for the SonarQube organization or project. |
ping_system | Ping the SonarQube Server system to check if it's alive. |
search_dependency_risks | Search for software composition analysis issues (dependency risks) of a SonarQube project, paired with releases that appear in the analyzed project, application, or portfolio. |
search_metrics | Search for SonarQube metrics |
search_my_sonarqube_projects | Find SonarQube projects. |
search_sonar_issues_in_projects | Search for SonarQube issues in my organization's projects. |
show_rule | Shows detailed information about a SonarQube rule. |
analyze_code_snippetAnalyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. Specify the language of the snippet to improve analysis accuracy.
| Parameters | Type | Description |
|---|---|---|
codeSnippet | string | Code snippet or full file content |
projectKey | string | The SonarQube project key |
language | stringoptional | Language of the code snippet |
change_sonar_issue_statusChange the status of a Sonar issue. This tool can be used to change the status of an issue to "accept", "falsepositive" or to "reopen" an issue. An example request could be: I would like to accept the issue having the key "AX-HMISMFixnZED"
| Parameters | Type | Description |
|---|---|---|
key | string | The key of the issue which status should be changed |
status | array | The new status of the issue |
create_webhookCreate a new webhook for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
| Parameters | Type | Description |
|---|---|---|
name | string | Name displayed in the administration console of webhooks (max 100 chars) |
url | string | Server endpoint that will receive the webhook payload (max 512 chars) |
projectKey | stringoptional | The key of the project that will own the webhook (max 400 chars) |
secret | stringoptional | If provided, secret will be used as the key to generate the HMAC hex digest value in the 'X-Sonar-Webhook-HMAC-SHA256' header (16-200 chars) |
get_component_measuresGet SonarQube measures for a component (project, directory, file).
| Parameters | Type | Description |
|---|---|---|
branch | stringoptional | The branch to analyze for measures |
component | stringoptional | The component key to get measures for |
metricKeys | arrayoptional | The metric keys to retrieve (e.g. nloc, complexity, violations, coverage) |
pullRequest | stringoptional | The pull request identifier to analyze for measures |
get_project_quality_gate_statusGet the Quality Gate Status for the SonarQube project. Either 'analysisId', 'projectId' or 'projectKey' must be provided.
| Parameters | Type | Description |
|---|---|---|
analysisId | stringoptional | The optional analysis ID to get the status for, for example 'AU-TpxcA-iU5OvuD2FL1' |
branch | stringoptional | The optional branch key to get the status for, for example 'feature/my_branch' |
projectId | stringoptional | The optional project ID to get the status for, for example 'AU-Tpxb--iU5OvuD2FLy'. Doesn't work with branches or pull requests. |
projectKey|stringoptional|The optional project key to get the status for, for example 'my_project'
pullRequest|stringoptional|The optional pull request ID to get the status for, for example '5461'
get_raw_sourceGet source code as raw text from SonarQube. Require 'See Source Code' permission on file.
| Parameters | Type | Description |
|---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
branch | stringoptional | Branch key (e.g. feature/my_branch) |
pullRequest | stringoptional | Pull request id |
get_scm_infoGet SCM information of SonarQube source files. Require See Source Code permission on file's project
| Parameters | Type | Description |
|---|---|---|
key | string | File key (e.g. my_project:src/foo/Bar.php) |
commits_by_line | booleanoptional | Group lines by SCM commit if value is false, else display commits for each line (true/false) |
from | numberoptional | First line to return. Starts at 1 |
to | numberoptional | Last line to return (inclusive) |
get_system_healthGet the health status of SonarQube Server instance. Returns GREEN (fully operational), YELLOW (usable but needs attention), or RED (not operational).
get_system_infoGet detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions.
get_system_logsGet SonarQube Server system logs in plain-text format. Requires system administration permission.
| Parameters | Type | Description |
|---|---|---|
name | stringoptional | Name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app |
get_system_statusGet state information about SonarQube Server. Returns status (STARTING, UP, DOWN, RESTARTING, DB_MIGRATION_NEEDED, DB_MIGRATION_RUNNING), version, and id.
list_languagesList all programming languages supported in this SonarQube instance
| Parameters | Type | Description |
|---|---|---|
q | stringoptional | Optional pattern to match language keys/names against |
list_portfoliosList enterprise portfolios available in SonarQube Cloud with filtering and pagination options.
| Parameters | Type | Description |
|---|---|---|
draft | booleanoptional | If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true |
enterpriseId | stringoptional | Enterprise uuid. Can be omitted only if 'favorite' parameter is supplied with value true |
favorite | booleanoptional | Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true |
pageIndex | numberoptional | Index of the page to fetch (default: 1) |
pageSize | numberoptional | Size of the page to fetch (default: 50) |
q | stringoptional | Search query to filter portfolios by name |
list_quality_gatesList all quality gates in my SonarQube.
list_rule_repositoriesList rule repositories available in SonarQube.
| Parameters | Type | Description |
|---|---|---|
language | stringoptional | Optional language key to filter repositories (e.g. 'java') |
q | stringoptional | Optional search query to filter repositories by name or key |
list_webhooksList all webhooks for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.
| Parameters | Type | Description |
|---|---|---|
projectKey | stringoptional | Optional project key to list project-specific webhooks |
ping_systemPing the SonarQube Server system to check if it's alive. Returns 'pong' as plain text.
search_dependency_risksSearch for software composition analysis issues (dependency risks) of a SonarQube project, paired with releases that appear in the analyzed project, application, or portfolio.
| Parameters | Type | Description |
|---|---|---|
projectKey | string | The project key |
branchKey | stringoptional | The branch key |
pullRequestKey | stringoptional | The pull request key |
search_metricsSearch for SonarQube metrics
| Parameters | Type | Description |
|---|---|---|
p | numberoptional | 1-based page number (default: 1) |
ps | numberoptional | Page size. Must be greater than 0 and less than or equal to 500 (default: 100) |
search_my_sonarqube_projectsFind SonarQube projects. The response is paginated.
| Parameters | Type | Description |
|---|---|---|
page | stringoptional | An optional page number. Defaults to 1. |
search_sonar_issues_in_projectsSearch for SonarQube issues in my organization's projects.
| Parameters | Type | Description |
|---|---|---|
p | numberoptional | An optional page number. Defaults to 1. |
projects | arrayoptional | An optional list of Sonar projects to look in |
ps | numberoptional | An optional page size. Must be greater than 0 and less than or equal to 500. Defaults to 100. |
pullRequestId | stringoptional | The identifier of the Pull Request to look in |
severities | stringoptional | An optional list of severities to filter by, separated by a comma. Possible values: INFO, LOW, MEDIUM, HIGH, BLOCKER |
show_ruleShows detailed information about a SonarQube rule.
| Parameters | Type | Description |
|---|---|---|
key | string | The rule key (e.g. javascript:EmptyBlock) |
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_URL",
"-e",
"SONARQUBE_ORG",
"-e",
"SONARQUBE_TOKEN",
"mcp/sonarqube"
],
"env": {
"SONARQUBE_URL": "https://my-sonarqube.com",
"SONARQUBE_ORG": "my-org",
"SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN"
}
}
}
}
Manual installation
You can install the MCP server using:
Installation for