SonarQube MCP
by SonarSource
AI-assisted code quality analysis and security scanning powered by SonarQube
security Node.js Intermediate Self-hostable Verified
β 200 stars π
Updated: 1mo ago
Description
Official SonarQube MCP server from SonarSource providing seamless integration between AI assistants and SonarQube Server or SonarQube Cloud. Enables AI agents to retrieve code quality issues, security vulnerabilities, code smells, and hotspots directly in context. The server provides code snippets alongside findings so AI assistants can understand issues in their full context, suggest fixes, and help prioritize technical debt. Supports both SonarQube Server (self-hosted) and SonarQube Cloud instances, making it suitable for teams of any size who want to bring continuous code quality inspection into their AI-assisted development workflow.
β Best for
Teams using SonarQube who want AI assistance reviewing code quality and security findings
βοΈ Skip if
You do not use SonarQube or prefer a different static analysis tool
π‘ Use cases
- Reviewing code quality issues and security vulnerabilities with AI assistance
- Getting AI-generated fix suggestions for SonarQube findings with full code context
- Prioritizing technical debt by querying issue severity and effort estimates
- Monitoring project health metrics and quality gate status from AI assistants
π Pros
- β Official SonarSource project with native SonarQube integration
- β Provides code snippets in context alongside findings for accurate AI analysis
- β Works with both SonarQube Server (self-hosted) and SonarQube Cloud
- β Covers security vulnerabilities, code smells, bugs, and security hotspots
π Cons
- β Requires an active SonarQube instance with analyzed projects
- β Token needs appropriate permissions to access project data
- β Large projects with many issues may produce verbose responses
π§ Exposed tools (5 tools)
| Tool | Category | Description |
|---|---|---|
| get_issues | analysis | Retrieve code quality issues and vulnerabilities for a project |
| analyze_code | analysis | Trigger and review code analysis results with contextual snippets |
| list_projects | discovery | List all projects available in the SonarQube instance |
| get_code_quality | metrics | Get quality metrics, coverage, and quality gate status |
| get_hotspots | security | Retrieve security hotspots that need manual review |
β‘ Installation
Prerequisites:
- β’ Node.js v18+
- β’ SonarQube token (Server or Cloud)
- β’ API key required
Check Claude Code documentation to configure this MCP server.
π‘ Tips & tricks
Generate a user token with "Browse" permission on your projects. Ask the AI to focus on critical and blocker severity issues first for maximum impact on code quality.
π Alternatives
Quick info
- Author
- SonarSource
- License
- LGPL-3.0
- Runtime
- Node.js 18+
- Transport
- stdio
- Category
- security
- Difficulty
- Intermediate
- Self-hostable
- β
- Auth
- β
- Docker
- β
- Version
- latest
- Updated
- Feb 10, 2026
Client compatibility
- β Claude Code
- β Cursor
- β VS Code Copilot
- β Gemini CLI
- β Windsurf
- β Cline
- β JetBrains AI
- β Warp
Platforms
π macOS π§ Linux πͺ Windows