by SonarSource
Official SonarQube MCP Server for code quality and security in AI agents
# Add to your Claude Code skills
git clone https://github.com/SonarSource/sonarqube-mcp-serverGuides for using ai agents skills like sonarqube-mcp-server.
Last scanned: 5/13/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-13T06:49:09.129Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}sonarqube-mcp-server is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by SonarSource. Official SonarQube MCP Server for code quality and security in AI agents. It has 592 GitHub stars.
Yes. sonarqube-mcp-server passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/SonarSource/sonarqube-mcp-server" and add it to your Claude Code skills directory (see the Installation section above).
sonarqube-mcp-server is primarily written in Java. It is open-source under SonarSource on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh sonarqube-mcp-server against similar tools.
No comments yet. Be the first to share your thoughts!
The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.
🔒 Important: Your SonarQube token is a sensitive credential. Follow these security practices:
When using CLI commands:
When using configuration files:
The fastest way to get started is the SonarQube MCP Server Configuration Generator – an interactive tool that produces a ready-to-use configuration for your preferred AI agent client.
If you prefer to configure things yourself, the simplest method is to use our container image at sonarsource/sonarqube-mcp. Use sonarsource/sonarqube-mcp for automatic updates (with --pull=always), or pin to a version tag (e.g., sonarsource/sonarqube-mcp:1.19.0.2785) for reproducible deployments. Read below if you want to build it locally.
Note: While the examples below use
docker, any OCI-compatible container runtime works (e.g., Podman, nerdctl). Simply replacedockerwith your preferred tool.
SonarQube MCP Server is available in the Antigravity MCP Store. Follow these instructions:
SonarQube and select InstallFor SonarQube Cloud US, set the URL to https://sonarqube.us.
Alternatively, you can manually configure the server via mcp_config.json:
In the Agent Side Panel, click the three dots (...) -> MCP Store -> Manage MCP Servers -> View raw config, and add the following:
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"],
"env": {
"SONARQUBE_TOKEN": "<YOUR_TOKEN>",
"SONARQUBE_ORG": "<YOUR_ORG>"
}
}
}
}
For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": ["run", "--init", "--pull=always", "-i", "--rm", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"],
"env": {
"SONARQUBE_TOKEN": "<YOUR_USER_TOKEN>",
"SONARQUBE_URL": "<YOUR_SERVER_URL>"
}
}
}
}
claude mcp add sonarqube \
--env SONARQUBE_TOKEN=$SONAR_TOKEN \
--env SONARQUBE_ORG=$SONAR_ORG \
-- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG sonarsource/sonarqube-mcp
For SonarQube Cloud US, add --env SONARQUBE_URL=https://sonarqube.us to the command.
claude mcp add sonarqube \
--env SONARQUBE_TOKEN=$SONAR_USER_TOKEN \
--env SONARQUBE_URL=$SONAR_URL \
-- docker run --init --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_URL sonarsource/sonarqube-mcp
Manually edit the configuration file at ~/.codex/config.toml and add the following configuration:
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_ORG", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_USER_TOKEN>", "SONARQUBE_ORG" = "<YOUR_ORG>" }
For SonarQube Cloud US, add "SONARQUBE_URL" = "https://sonarqube.us" to the env section and "-e", "SONARQUBE_URL" to the args array.
[mcp_servers.sonarqube]
command = "docker"
args = ["run", "--init", "--pull=always", "--rm", "-i", "-e", "SONARQUBE_TOKEN", "-e", "SONARQUBE_URL", "sonarsource/sonarqube-mcp"]
env = { "SONARQUBE_TOKEN" = "<YOUR_TOKEN>", "SONARQUBE_URL" = "<YOUR_SERVER_URL>" }
For SonarQube Cloud US, manually add "SONARQUBE_URL": "https://sonarqube.us" to the env section in your MCP configuration after installation.
Note: The Gemini CLI extension has moved to the sonarqube-agent-plugins repository. Please install it from there going forward.
You can install our MCP server extension by using the following command:
gemini extensions install https://github.com/SonarSource/sonarqube-agent-plugins
You will need to set the required environment variables before starting Gemini:
Environment Variables Required:
For SonarQube Cloud:
SONARQUBE_TOKEN - Your SonarQube Cloud tokenSONARQUBE_ORG - Your organization keySONARQUBE_URL - (Optional) Set to https://sonarqube.us for SonarQube Cloud USFor SonarQube Server:
SONARQUBE_TOKEN - Your SonarQube Server USER tokenSONARQUBE_URL - Your SonarQube Server URLOnce installed, the extension will be installed under <home>/.gemini/extensions/sonarqube/gemini-extension.json.
After starting Copilot CLI, run the following command to add the SonarQube MCP server:
/mcp add
You will have to provide different information about the MCP server, you can use tab to navigate between fields.
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_TOKEN>,SONARQUBE_ORG=<YOUR_ORG>
Tools: *
For SonarQube Cloud US, add -e, SONARQUBE_URL to Arguments and SONARQUBE_URL=https://sonarqube.us to Environment Variables.
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_URL, sonarsource/sonarqube-mcp
Environment Variables: SONARQUBE_TOKEN=<YOUR_USER_TOKEN>,SONARQUBE_URL=<YOUR_SERVER_URL>
Tools: *
The configuration file is located at ~/.copilot/mcp-config.json.
GitHub Copilot coding agent can leverage the SonarQube MCP server directly in your CI/CD.
To add the secrets to your Copilot environment, follow the Copilot documentation. Only secrets with names prefixed with COPILOT_MCP_ will be available to your MCP configuration.
In your GitHub repository, navigate under Settings -> Copilot -> Coding agent, and add the following configuration in the MCP configuration section:
{
"mcpServers": {
"sonarqube": {
"type": "local",
"command": "docker",
"args": [
"run",
"--init",
"--pull=always",
"--rm",
"-i",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"sonarsource/sonarqube-mcp"
],
"env": {
"SONARQUBE_TOKEN": "COPILOT_MCP_SONARQUBE_TOKEN",
"SONARQUBE_ORG": "COPILOT_MCP_SONARQUBE_ORG"
},
"tools": ["*"]
}
}
}
For SonarQube Cloud US, add "-e", "SONARQUBE_URL" to the args array and "SONARQUBE_URL": "COPILOT_MCP_SONARQUBE_URL" to the env section, then set the secret `COPILOT_MCP_SONARQUBE_URL=https: