# Add to your Claude Code skills
git clone https://github.com/SonarSource/sonarqube-mcp-server
README.md
SonarQube MCP Server
The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security.
It also supports the analysis of code snippet directly within the agent context.
Quick setup
The simplest method is to rely on our container image hosted at mcp/sonarqube. Read below if you want to build it locally.
Note: While the examples below use docker, any OCI-compatible container runtime works (e.g., Podman, nerdctl). Simply replace docker with your preferred tool.
Security Best Practices
🔒 Important: Your SonarQube token is a sensitive credential. Follow these security practices:
When using CLI commands:
Avoid hardcoding tokens in command-line arguments - they get saved in shell history
Use environment variables - set tokens in environment variables before running commands
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
183,625
Use environment variable substitution in config files when possible
SonarQube MCP Server is available in the Antigravity MCP Store. Follow these instructions:
Open the Agent Side Panel
Click the three dots (...) at the top right and select MCP Servers
Search for SonarQube and select Install
Provide the required SonarQube User token. You can also provide your organization key for SonarQube Cloud or the SonarQube URL if connecting to SonarQube Server.
For SonarQube Cloud US, set the URL to https://sonarqube.us.
Alternatively, you can manually configure the server via mcp_config.json:
To connect with SonarQube Cloud:
In the Agent Side Panel, click the three dots (...) -> MCP Store -> Manage MCP Servers -> View raw config, and add the following:
You will need to set the required environment variables before starting Gemini:
Environment Variables Required:
For SonarQube Cloud:
SONARQUBE_TOKEN - Your SonarQube Cloud token
SONARQUBE_ORG - Your organization key
SONARQUBE_URL - (Optional) Set to https://sonarqube.us for SonarQube Cloud US
For SonarQube Server:
SONARQUBE_TOKEN - Your SonarQube Server USER token
SONARQUBE_URL - Your SonarQube Server URL
Once installed, the extension will be installed under <home>/.gemini/extensions/sonarqube-mcp-server/gemini-extension.json.
After starting Copilot CLI, run the following command to add the SonarQube MCP server:
/mcp add
You will have to provide different information about the MCP server, you can use tab to navigate between fields.
To connect with SonarQube Cloud:
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_ORG, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YOUR_TOKEN>,SONARQUBE_ORG=<YOUR_ORG>
Tools: *
For SonarQube Cloud US, add -e, SONARQUBE_URL to Arguments and SONARQUBE_URL=https://sonarqube.us to Environment Variables.
To connect with SonarQube Server:
Server Name: sonarqube
Server Type: Local (Press 1)
Command: docker
Arguments: run, --init, --pull=always, --rm, -i, -e, SONARQUBE_TOKEN, -e, SONARQUBE_URL, mcp/sonarqube
Environment Variables: SONARQUBE_TOKEN=<YOUR_USER_TOKEN>,SONARQUBE_URL=<YOUR_SERVER_URL>
Tools: *
The configuration file is located at ~/.copilot/mcp-config.json.
GitHub Copilot coding agent can leverage the SonarQube MCP server directly in your CI/CD.
To add the secrets to your Copilot environment, follow the Copilot documentation. Only secrets with names prefixed with COPILOT_MCP_ will be available to your MCP configuration.
In your GitHub repository, navigate under Settings -> Copilot -> Coding agent, and add the following configuration in the MCP configuration section:
For SonarQube Cloud US, add "-e", "SONARQUBE_URL=$SONAR_URL" to the args array and "SONAR_URL": "COPILOT_MCP_SONARQUBE_URL" to the env section, then set the secret COPILOT_MCP_SONARQUBE_URL=https://sonarqube.us.
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
