sonarqube

Overview

Integration with SonarQube Server or Cloud for code quality and security analysis.

Transport

stdio

Tools

• analyze_code_snippet
• analyze_file_list
• change_sonar_issue_status
• create_webhook
• get_component_measures
• get_project_quality_gate_status
• get_raw_source
• get_scm_info
• get_system_health
• get_system_info
• get_system_logs
• get_system_status
• list_enterprises
• list_languages
• list_portfolios
• list_quality_gates
• list_rule_repositories
• list_webhooks
• ping_system
• search_dependency_risks
• search_metrics
• search_my_sonarqube_projects
• search_sonar_issues_in_projects
• show_rule
• toggle_automatic_analysis

Key Capabilities

• Centralized code quality and security analysis across SonarQube projects
• Quality gate evaluation and reporting for CI/CD workflows
• Detection of vulnerabilities, code smells, and security hotspots
• Dependency risk and software composition analysis for third-party libraries

How It Works

The SonarQube MCP server connects your assistant to SonarQube Server or Cloud using stdio transport, authenticating with a SonarQube token to expose analysis, project, and system data through:

1. Running code and file analyses via analysis tools (analyze_code_snippet, analyze_file_list)
2. Retrieving measures, metrics, and quality gate status for projects and portfolios
3. Inspecting and managing issues, rules, and dependency risks
4. Monitoring SonarQube system health, logs, and status endpoints