SonarQube MCP Server

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security.
It also supports the analysis of code snippet directly within the agent context.

Quick setup

The simplest method is to rely on our container image hosted at mcp/sonarqube. Read below if you want to build it locally.

Note: While the examples below use docker, any OCI-compatible container runtime works (e.g., Podman, nerdctl). Simply replace docker with your preferred tool.

Security Best Practices

🔒 Important: Your SonarQube token is a sensitive credential. Follow these security practices:

When using CLI commands:

• Avoid hardcoding tokens in command-line arguments - they get saved in shell history
• Use environment variables - set tokens in environment variables before running commands

When using configuration files:

• Never commit tokens to version control
• Use environment variable substitution in config files when possible

claude mcp add sonarqube \
  --env SONARQUBE_TOKEN=$SONAR_TOKEN \
  --env SONARQUBE_ORG=$SONAR_ORG \
  -- docker run -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG mcp/sonarqube

claude mcp add sonarqube \
  --env SONARQUBE_TOKEN=$SONAR_USER_TOKEN \
  --env SONARQUBE_URL=$SONAR_URL \
  -- docker run -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_URL mcp/sonarqube

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YOUR_USER_TOKEN>", "SONARQUBE_ORG" = "<YOUR_ORG>" }

[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "mcp/sonarqube"]
env = { "SONARQUBE_TOKEN" = "<YOUR_TOKEN>", "SONARQUBE_URL" = "<YOUR_SERVER_URL>" }

gemini extensions install https://github.com/SonarSource/sonarqube-mcp-server

/mcp add

Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YOUR_TOKEN>,SONARQUBE_ORG=<YOUR_ORG>
Tools: *

Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_URL, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YOUR_USER_TOKEN>,SONARQUBE_URL=<YOUR_SERVER_URL>
Tools: *

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_ORG=$SONAR_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
        "SONAR_ORG": "COPILOT_MCP_SONARQUBE_ORG"
      },
      "tools": ["*"]
    }
  }
}

{
  "mcpServers": {
    "sonarqube": {
      "type": "local",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SONARQUBE_TOKEN=$SONAR_TOKEN",
        "-e",
        "SONARQUBE_URL=$SONAR_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONAR_TOKEN": "COPILOT_MCP_SONARQUBE_USER_TOKEN",
        "SONAR_URL": "COPILOT_MCP_SONARQUBE_URL"
      },
      "tools": ["*"]
    }
  }
}

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e", 
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_ORG",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_TOKEN>",
        "SONARQUBE_ORG": "<YOUR_ORG>"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e", 
        "SONARQUBE_TOKEN",
        "-e",
        "SONARQUBE_URL",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
        "SONARQUBE_URL": "<YOUR_SERVER_URL>"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

{
  "sonarqube_token": "YOUR_SONARQUBE_TOKEN",
  "sonarqube_org": "SONARQUBE_ORGANIZATION_KEY",
  "docker_path": "DOCKER_PATH"
}

{
  "sonarqube_token": "YOUR_SONARQUBE_USER_TOKEN",
  "sonarqube_url": "YOUR_SONARQUBE_SERVER_URL",
  "docker_path": "DOCKER_PATH"
}

💡 Tip: We recommend pulling the latest image regularly or before reporting issues to ensure you have the most up-to-date features and fixes.

Manual installation

You can manually install the SonarQube MCP server by copying the following snippet in the MCP servers configuration file:

• To connect with SonarQube Cloud:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_ORG",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}

• To connect with SonarQube Server:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Integration with SonarQube for IDE

The SonarQube MCP Server can integrate with SonarQube for IDE to further enhance your development workflow, providing better code analysis and insights directly within your IDE.

When using SonarQube for IDE, the SONARQUBE_IDE_PORT environment variable should be set with the correct port number. SonarQube for VS Code includes a Quick Install button, which automatically sets the correct port configuration.

For example, with SonarQube Cloud:

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_ORG",
      "-e",
      "SONARQUBE_IDE_PORT",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>",
      "SONARQUBE_IDE_PORT": "<64120-64130>"
    }
  }
}

When running the MCP server in a container on Linux, the container cannot access the SonarQube for IDE embedded server running on localhost. To allow the container to connect to the SonarQube for IDE server, add the --network=host option to your container run command.

Build

SonarQube MCP Server requires a Java Development Kit (JDK) version 21 or later to build.

Run the following Gradle command to clean the project and build the application:

./gradlew clean build -x test

The JAR file will be created in build/libs/.

You will then need to manually copy and paste the MCP configuration, as follows:

• To connect with SonarQube Cloud:

{
  "sonarqube": {
    "command": "java",
    "args": [
      "-jar",
      "<path_to_sonarqube_mcp_server_jar>"
    ],
    "env": {
      "STORAGE_PATH": "<path_to_your_mcp_storage>",
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_ORG": "<org>"
    }
  }
}

• To connect with SonarQube Server:

{
  "sonarqube": {
    "command": "java",
    "args": [
      "-jar",
      "<path_to_sonarqube_mcp_server_jar>"
    ],
    "env": {
      "STORAGE_PATH": "<path_to_your_mcp_storage>",
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Configuration

Depending on your environment, you should provide specific environment variables.

Base

You should add the following variable when running the MCP Server:

Advanced Analysis

Beta availability: The advanced analysis tool is currently in beta and only available to specific SonarQube Cloud users with access enabled. If your organization does not have access, enabling it will not provide any additional functionality.

Selective Tool Enablement

By default, only important toolsets are enabled to reduce context overhead. You can enable additional toolsets as needed.

docker run -i --rm \
  -e SONARQUBE_TOKEN="<token>" \
  -e SONARQUBE_ORG="<org>" \
  -e SONARQUBE_TOOLSETS="analysis,issues,quality-gates" \
  mcp/sonarqube

docker run -i --rm \
  -e SONARQUBE_TOKEN="<token>" \
  -e SONARQUBE_ORG="<org>" \
  -e SONARQUBE_READ_ONLY="true" \
  mcp/sonarqube

SonarQube Cloud

To enable full functionality, the following environment variables must be set before starting the server:

Examples:

• SonarQube Cloud: Only SONARQUBE_TOKEN and SONARQUBE_ORG are needed
• SonarQube Cloud US: Set SONARQUBE_TOKEN, SONARQUBE_ORG, and SONARQUBE_URL=https://sonarqube.us

SonarQube Server

⚠️ Connection to SonarQube Server requires a token of type USER and will not function properly if project tokens or global tokens are used.

💡 Configuration Tip: The presence of SONARQUBE_ORG determines whether you're connecting to SonarQube Cloud or Server. If SONARQUBE_ORG is set, SonarQube Cloud is used; otherwise, SonarQube Server is used.

Transport Modes

The SonarQube MCP Server supports three transport modes:

1. Stdio (Default - Recommended for Local Development)

The recommended mode for local development and single-user setups, used by all MCP clients.

Example - Docker with SonarQube Cloud:

{
  "mcpServers": {
    "sonarqube": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "mcp/sonarqube"],
      "env": {
        "SONARQUBE_TOKEN": "<your-token>",
        "SONARQUBE_ORG": "<your-org>"
      }
    }
  }
}

2. HTTP

Unencrypted HTTP transport. Use HTTPS instead for multi-user deployments.

⚠️ Not Recommended: Use Stdio for local development or HTTPS for multi-user production deployments.

Note: In HTTP(S) mode, each client sends their own token via the SONARQUBE_TOKEN header. For SonarQube Cloud, the server's SONARQUBE_TOKEN is not needed as initialization operations don't require authentication. For SonarQube Server, the server's SONARQUBE_TOKEN is required for initialization.

3. HTTPS (Recommended for Multi-User Production Deployments)

Secure multi-user transport with TLS encryption. Requires SSL certificates.

✅ Recommended for Production: Use HTTPS when deploying the MCP server for multiple users. The server binds to 127.0.0.1 (localhost) by default for security.

SSL Certificate Configuration (Optional):

Example - Docker with SonarQube Cloud:

docker run -p 8443:8443 \
  -v $(pwd)/keystore.p12:/etc/ssl/mcp/keystore.p12:ro \
  -e SONARQUBE_TRANSPORT=https \
  -e SONARQUBE_HTTP_PORT=8443 \
  -e SONARQUBE_TOKEN="<init-token>" \
  -e SONARQUBE_ORG="<your-org>" \
  mcp/sonarqube

Client Configuration:

{
  "mcpServers": {
    "sonarqube-https": {
      "url": "https://your-server:8443/mcp",
      "headers": {
        "SONARQUBE_TOKEN": "<your-token>"
      }
    }
  }
}

Note: For local development, use Stdio transport instead (the default). HTTPS is intended for multi-user production deployments with proper SSL certificates.

Custom Certificates

If your SonarQube Server uses a self-signed certificate or a certificate from a private Certificate Authority (CA), you can add custom certificates to the container that will automatically be installed.

docker run -i --rm \
  -v /path/to/your/certificates/:/usr/local/share/ca-certificates/:ro \
  -e SONARQUBE_TOKEN="<token>" \
  -e SONARQUBE_URL="<url>" \
  mcp/sonarqube

{
  "sonarqube": {
    "command": "docker",
    "args": [
      "run",
      "-i",
      "--rm",
      "-v",
      "/path/to/your/certificates/:/usr/local/share/ca-certificates/:ro",
      "-e",
      "SONARQUBE_TOKEN",
      "-e",
      "SONARQUBE_URL",
      "mcp/sonarqube"
    ],
    "env": {
      "SONARQUBE_TOKEN": "<token>",
      "SONARQUBE_URL": "<url>"
    }
  }
}

Proxy

The SonarQube MCP Server supports HTTP proxies through standard Java proxy system properties.

Tools

Analysis

• analyze_code_snippet - Analyze a file or code snippet with SonarQube analyzers to identify code quality and security issues. Specify the language of the snippet to improve analysis accuracy.

  • codeSnippet - Code snippet or full file content - Required String
  • language - Optional language of the code snippet - String
  • scope - Optional scope of the file: MAIN or TEST (default: MAIN) - String

  Supported Languages: Java, Kotlin, Python, Ruby, Go, JavaScript, TypeScript, JSP, PHP, XML, HTML, CSS, CloudFormation, Kubernetes, Terraform, Azure Resource Manager, Ansible, Docker, Secrets detection

When integration with SonarQube for IDE is enabled:

• analyze_file_list - Analyze files in the current working directory using SonarQube for IDE. This tool connects to a running SonarQube for IDE instance to perform code quality analysis on a list of files.

  • file_absolute_paths - List of absolute file paths to analyze - Required String[]

• toggle_automatic_analysis - Enable or disable SonarQube for IDE automatic analysis. When enabled, SonarQube for IDE will automatically analyze files as they are modified in the working directory. When disabled, automatic analysis is turned off.

  • enabled - Enable or disable the automatic analysis - Required Boolean

When advanced analysis is enabled (SONARQUBE_ADVANCED_ANALYSIS_ENABLED=true):

Beta availability: The advanced analysis tool is currently in beta and only available to specific SonarQube Cloud users with access enabled.

• run_advanced_code_analysis - Run advanced code analysis on SonarQube Cloud for a single file. Organization is inferred from MCP configuration.
  • projectKey - The key of the project - Required String
  • branchName - Branch name used to retrieve the latest analysis context - Required String
  • filePath - Project-relative path of the file to analyze (e.g., 'src/main/java/MyClass.java') - Required String
  • fileContent - The original content of the file to analyze - Required String
  • fileScope - Defines in which scope the file originates from: 'MAIN' or 'TEST' (default: MAIN) - String

Coverage

• search_files_by_coverage - Search for files in a project sorted by coverage (ascending - worst coverage first). This tool helps identify files that need test coverage improvements.

  • projectKey - The project key to search in - Required String
  • pullRequest - Pull request id to analyze - String
  • maxCoverage - Maximum coverage threshold (0-100). Only return files with coverage <= this value - Number
  • pageIndex - Page index (1-based, default: 1) - Number
  • pageSize - Page size (default: 100, max: 500) - Number

• get_file_coverage_details - Get line-by-line coverage information for a specific file, including which exact lines are uncovered and which have partially covered branches. This tool helps identify precisely where to add test coverage. Use after identifying files with low coverage via search_files_by_coverage.

  • key - File key (e.g. my_project:src/foo/Bar.java) - Required String
  • pullRequest - Pull request id - String
  • from - First line to analyze (1-based, default: 1) - Number
  • to - Last line to analyze (inclusive). If not specified, all lines are returned - Number

Dependency Risks

Note: Dependency risks are only available when connecting to SonarQube Server 2025.4 Enterprise or higher with SonarQube Advanced Security enabled.

• search_dependency_risks - Search for software composition analysis issues (dependency risks) of a SonarQube project, paired with releases that appear in the analyzed project, application, or portfolio.
  • projectKey - Project key - String
  • branchKey - Optional branch key - String
  • pullRequestKey - Optional pull request key - String

Enterprises

Note: Enterprises are only available when connecting to SonarQube Cloud.

• list_enterprises - List the enterprises available in SonarQube Cloud that you have access to. Use this tool to discover enterprise IDs that can be used with other tools.
  • enterpriseKey - Optional enterprise key to filter results - String

Issues

• change_sonar_issue_status - Change the status of a SonarQube issue to "accept", "falsepositive" or to "reopen" an issue.

  • key - Issue key - Required String
  • status - New issue's status - Required Enum {"accept", "falsepositive", "reopen"}

• search_sonar_issues_in_projects - Search for SonarQube issues in my organization's projects.

  • projects - Optional list of Sonar projects - String[]
  • pullRequestId - Optional Pull Request's identifier - String
  • severities - Optional list of severities to filter by. Possible values: INFO, LOW, MEDIUM, HIGH, BLOCKER - String[]
  • impactSoftwareQualities - Optional list of software qualities to filter by. Possible values: MAINTAINABILITY, RELIABILITY, SECURITY - String[]
  • issueStatuses - Optional list of issue statuses to filter by. Possible values: OPEN, CONFIRMED, FALSE_POSITIVE, ACCEPTED, FIXED, IN_SANDBOX - String[]
  • issueKey - Optional issue key to fetch a specific issue - String
  • p - Optional page number (default: 1) - Integer
  • ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

Security Hotspots

• search_security_hotspots - Search for Security Hotspots in a SonarQube project.

  • projectKey - Project or application key - String
  • hotspotKeys - Comma-separated list of specific Security Hotspot keys to retrieve - String[]
  • branch - Optional branch key - String
  • pullRequest - Optional pull request key - String
  • files - Optional list of file paths to filter - String[]
  • status - Optional status filter: TO_REVIEW, REVIEWED - String
  • resolution - Optional resolution filter: FIXED, SAFE, ACKNOWLEDGED - String
  • sinceLeakPeriod - Filter hotspots created since the leak period (new code) - Boolean
  • onlyMine - Show only hotspots assigned to me - Boolean
  • p - Optional page number (default: 1) - Integer
  • ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

• show_security_hotspot - Get detailed information about a specific Security Hotspot, including rule details, code context, flows, and comments.

  • hotspotKey - Security Hotspot key - Required String

• change_security_hotspot_status - Review a Security Hotspot by changing its status. When marking as REVIEWED, you must specify a resolution (FIXED, SAFE, or ACKNOWLEDGED).

  • hotspotKey - Security Hotspot key - Required String
  • status - New status - Required Enum {"TO_REVIEW", "REVIEWED"}
  • resolution - Resolution when status is REVIEWED - Enum {"FIXED", "SAFE", "ACKNOWLEDGED"}
  • comment - Optional review comment - String

Languages

• list_languages - List all programming languages supported in this SonarQube instance.
  • q - Optional pattern to match language keys/names against - String

Measures

• get_component_measures - Get SonarQube measures for a component (project, directory, file).
  • component - Optional component key to get measures for - String
  • metricKeys - Optional metric keys to retrieve (e.g. ncloc, complexity, violations, coverage) - String[]
  • pullRequest - Optional pull request identifier to analyze for measures - String

Metrics

• search_metrics - Search for SonarQube metrics.
  • p - Optional page number (default: 1) - Integer
  • ps - Optional page size. Must be greater than 0 and less than or equal to 500 (default: 100) - Integer

Portfolios

• list_portfolios - List enterprise portfolios available in SonarQube with filtering and pagination options.

  For SonarQube Server:

  • q - Optional search query to filter portfolios by name or key - String
  • favorite - If true, only returns favorite portfolios - Boolean
  • pageIndex - Optional 1-based page number (default: 1) - Integer
  • pageSize - Optional page size, max 500 (default: 100) - Integer

  For SonarQube Cloud:

  • enterpriseId - Enterprise uuid. Can be omitted only if 'favorite' parameter is supplied with value true - String
  • q - Optional search query to filter portfolios by name - String
  • favorite - Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true - Boolean
  • draft - If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true - Boolean
  • pageIndex - Optional index of the page to fetch (default: 1) - Integer
  • pageSize - Optional size of the page to fetch (default: 50) - Integer

Projects

• search_my_sonarqube_projects - Find SonarQube projects. The response is paginated.

  • page - Optional page number - String

• list_pull_requests - List all pull requests for a project. Use this tool to discover available pull requests before analyzing their coverage, issues, or quality. Returns the pull request key/ID which can be used with other tools (e.g., search_files_by_coverage, get_file_coverage_details).

  • projectKey - Project key (e.g. my_project) - Required String

Quality Gates

• get_project_quality_gate_status - Get the Quality Gate Status for the SonarQube project.

  • analysisId - Optional analysis ID - String
  • projectId - Optional project ID - String
  • projectKey - Optional project key - String
  • pullRequest - Optional pull request ID - String

• list_quality_gates - List all quality gates in my SonarQube.

Rules

• list_rule_repositories - List rule repositories available in SonarQube.

  • language - Optional language key - String
  • q - Optional search query - String

• show_rule - Shows detailed information about a SonarQube rule.

  • key - Rule key - Required String

Duplications

• search_duplicated_files - Search for files with code duplications in a SonarQube project. By default, automatically fetches all duplicated files across all pages (up to 10,000 files max). Returns only files with duplications.

  • projectKey - Project key - Required String
  • pullRequest - Optional pull request id - String
  • pageSize - Optional number of results per page for manual pagination (max: 500). If not specified, auto-fetches all duplicated files - Integer
  • pageIndex - Optional page number for manual pagination (starts at 1). If not specified, auto-fetches all duplicated files - Integer

• get_duplications - Get duplications for a file. Require Browse permission on file's project.

  • key - File key - Required String
  • pullRequest - Optional pull request id - String

Sources

• get_raw_source - Get source code as raw text from SonarQube. Require 'See Source Code' permission on file.

  • key - File key - Required String
  • pullRequest - Optional pull request id - String

• get_scm_info - Get SCM information of SonarQube source files. Require See Source Code permission on file's project.

  • key - File key - Required String
  • commits_by_line - Group lines by SCM commit if value is false, else display commits for each line - String
  • from - First line to return. Starts at 1 - Number
  • to - Last line to return (inclusive) - Number

System

Note: System tools are only available when connecting to SonarQube Server.

• get_system_health - Get the health status of SonarQube Server instance. Returns GREEN (fully operational), YELLOW (usable but needs attention), or RED (not operational).

• get_system_info - Get detailed information about SonarQube Server system configuration including JVM state, database, search indexes, and settings. Requires 'Administer' permissions.

• get_system_logs - Get SonarQube Server system logs in plain-text format. Requires system administration permission.

  • name - Optional name of the logs to get. Possible values: access, app, ce, deprecation, es, web. Default: app - String

• ping_system - Ping the SonarQube Server system to check if it's alive. Returns 'pong' as plain text.

• get_system_status - Get state information about SonarQube Server. Returns status (STARTING, UP, DOWN, RESTARTING, DB_MIGRATION_NEEDED, DB_MIGRATION_RUNNING), version, and id.

Webhooks

• create_webhook - Create a new webhook for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.

  • name - Webhook name - Required String
  • url - Webhook URL - Required String
  • projectKey - Optional project key for project-specific webhook - String
  • secret - Optional webhook secret for securing the webhook payload - String

• list_webhooks - List all webhooks for the SonarQube organization or project. Requires 'Administer' permission on the specified project, or global 'Administer' permission.

  • projectKey - Optional project key to list project-specific webhooks - String

Example Prompts

Once you've set up the SonarQube MCP Server, here are some example prompts for common real-world scenarios:

My quality gate is failing for my project. Can you help me understand why and fix the most critical issues?

The quality gate on my feature branch is red. What do I need to fix to get it passing before I can merge to main?

I'm about to merge my pull request <#247> for the <web-app> project. Can you check if there are any quality issues I should address first?

We're deploying to production tomorrow. Can you check the quality gate status and alert me to any critical issues in this branch?

I want to reduce technical debt in my project. What are the top issues I should prioritize?

Our code coverage dropped below 70%. Can you identify which files have the lowest coverage and help me improve it?

I have 15 new code smells in my latest commit. Can you explain what they are and help me fix them?

SonarQube flagged a critical security vulnerability in <AuthController.java>. What's the issue and how do I fix it?

We need to pass a security audit. Can you check all our projects for security vulnerabilities and create a prioritized list of what needs to be fixed?

Are there any known vulnerabilities in our dependencies? Check this project for dependency risks.

I just wrote this authentication function. Can you analyze it for security issues and code quality problems before I commit?

Review the changes in <src/database/migrations> for any potential bugs or security issues.

Give me a health report for my project: quality gate status, number of bugs, Security Hotspots, and code coverage.

Compare code quality between our main branch and the develop branch. Are we introducing new issues?

What are the most common rule violations across all our projects? We might need to update our coding standards.

Show me all the issues that were marked as false positives in the last month. Are we seeing patterns that suggest our rules need adjustment?

Troubleshooting

Applications logs will be written to the STORAGE_PATH/logs/mcp.log file.

Common Issues

"Feature is not working" or "Missing tools/functionality"

You may be running an outdated Docker image. Docker caches images locally, so you won't automatically receive updates.

Solution: Update to the latest version:

docker pull mcp/sonarqube:latest

After pulling the latest image, restart your MCP client to use the updated version.

Optionally, add the --pull=always flag to your docker run command to always check for and pull the latest version:

docker run --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG mcp/sonarqube

Data and telemetry

This server collects anonymous usage data and sends it to SonarSource to help improve the product. No source code or IP address is collected, and SonarSource does not share the data with anyone else. Collection of telemetry can be disabled with the following system property or environment variable: TELEMETRY_DISABLED=true. Click here to see a sample of the data that are collected.

License

Copyright 2025 SonarSource.

Licensed under the SONAR Source-Available License v1.0. Using the SonarQube MCP Server in compliance with this documentation is a Non-Competitive Purpose and so is allowed under the SSAL.

Your use of SonarQube via MCP is governed by the SonarQube Cloud Terms of Service or SonarQube Server Terms and Conditions, including use of the Results Data solely for your internal software development purposes.