Navigation
SonarQube MCP Server: Code Quality Assurance & Early Bug Detection - MCP Implementation

SonarQube MCP Server: Code Quality Assurance & Early Bug Detection

SonarQube MCP Server: Catch bugs early, keep code clean, and ship faster with the ultimate DevOps code quality guardian – no fluff, just actionable insights.

Visit Repository
Developer Tools
4.4(169 reviews)
253 saves
118 comments

This tool saved users approximately 6776 hours last month!

About SonarQube MCP Server

What is SonarQube MCP Server: Code Quality Assurance & Early Bug Detection?

SonarQube MCP Server is a Rust-based middleware that bridges AI assistants with SonarQube's analysis engine. It enables seamless access to code quality metrics, defect tracking, and compliance insights through the Model Context Protocol (MCP). This server acts as a translator between AI tools and SonarQube, allowing automated systems to programmatically query project health, track code smells, and monitor security vulnerabilities in real time.

How to use SonarQube MCP Server: Code Quality Assurance & Early Bug Detection?

Deployment involves three straightforward steps: clone the repository, compile using Rust's Cargo, or use pre-built binaries. Integration with AI platforms like Claude Desktop requires configuring environment variables (SonarQube URL/token) and specifying server parameters in JSON config files. The server exposes REST-based endpoints for retrieving metrics, filtering issues by severity/impact, and checking project quality gates. Docker-based setups simplify deployment across environments with minimal configuration.

SonarQube MCP Server Features

Key Features of SonarQube MCP Server: Code Quality Assurance & Early Bug Detection?

  • Unified API Access: Exposes SonarQube's deep analysis capabilities via standardized MCP interfaces
  • Advanced Filtering: Supports complex query parameters to isolate critical issues (e.g., security vulnerabilities, unresolved bugs)
  • Performance Optimized: Asynchronous request handling ensures low-latency responses even for large codebases
  • Enterprise Ready: Production-grade error handling with detailed logging and authentication safeguards
  • Multi-environment Support: Works natively on Linux/macOS/Windows with identical functionality

Use Cases of SonarQube MCP Server: Code Quality Assurance & Early Bug Detection?

Developers and DevOps teams leverage this tool for:

  • Automated code reviews powered by AI assistants
  • Continuous quality monitoring during CI/CD pipelines
  • Security audit preparation with on-demand vulnerability reports
  • Developer productivity analysis through code complexity trends
  • Compliance reporting for regulatory standards (e.g., OWASP Top 10)

SonarQube MCP Server FAQ

FAQ from SonarQube MCP Server: Code Quality Assurance & Early Bug Detection?

Q: Does the server require direct database access?
A: No, it uses SonarQube's public REST API for all operations, maintaining architectural decoupling. Q: Can I use custom SonarQube instances?
A: Absolutely, through environment variables that specify your server URL and authentication tokens. Q: What's the response format?
A: Returns standardized JSON-RPC responses compatible with MCP specifications, containing paginated results with metadata. Q: How are authentication failures handled?
A: Produces detailed error responses with HTTP 401 status codes and actionable suggestions for token renewal. Q: Can I filter issues by specific developers?
A: Yes, supports author filtering using the 'assigned_to_me' flag or explicit developer identifiers in queries.

Content

SonarQube MCP Server

CI

A Rust implementation of a Model Context Protocol (MCP) server that integrates with SonarQube to provide AI assistants with access to code quality metrics, issues, and quality gate statuses.

Overview

The SonarQube MCP Server enables AI assistants to interact with SonarQube's code quality analysis capabilities through the Model Context Protocol. This integration allows AI assistants to:

  • Retrieve code metrics (complexity, bugs, code smells, etc.)
  • Access and filter issues (bugs, vulnerabilities, code smells)
  • Check quality gate statuses and conditions
  • Analyze project quality over time

Features

  • SonarQube API Integration : Connects to SonarQube servers via REST API
  • MCP Protocol Support : Implements the Model Context Protocol for AI assistant integration
  • Async Processing : Efficient handling of requests using Rust's async/await
  • Cross-Platform : Works on Linux, macOS, and Windows
  • Robust Error Handling : Comprehensive error handling for network, authentication, and parsing issues

Installation

From Source

  1. Clone the repository:

    git clone https://github.com/yourusername/sonarqube-mcp-server.git

cd sonarqube-mcp-server

  1. Build the project:

    cargo build --release

  2. The executable will be available at target/release/sonarqube-mcp-server

From Releases

Download the pre-built binary for your platform from the Releases page.

Integration with Claude Desktop

  1. Edit claude_desktop_config.json: Claude Desktop -> Settings -> Developer -> Edit Config
  2. Add the following configuration to the mcpServers section:
{
   "mcpServers": {
      "sonarqube": {
         "command": "docker",
         "args": [
           "run",
           "-i",
           "--rm",
           "-e",
           "SONARQUBE_URL",
           "-e",
           "SONARQUBE_TOKEN",
           "-e",
           "SONARQUBE_ORGANIZATION",
           "sapientpants/sonarqube-mcp-server"
         ],
         "env": {
            "SONARQUBE_URL": "https://sonarqube.example.com",
            "SONARQUBE_TOKEN": "your-sonarqube-token",
            "SONARQUBE_ORGANIZATION": "your-organization-key"
         }
      }
   }
}
  1. Restart Claude Desktop to apply the changes

To check MCP logs, use: tail -n 20 -f ~/Library/Logs/Claude/mcp*.log

Available Tools

The SonarQube MCP Server provides the following tools:

  1. sonarqube_get_metrics: Retrieve code metrics for a project
* Parameters: `project_key` (required), `metrics` (optional array of metric keys)
  1. sonarqube_get_issues: Retrieve issues for a project
* Parameters: 
  * `project_key` (required)
  * `severities` (optional array)
  * `types` (optional array)
  * `statuses` (optional array)
  * `impact_severities` (optional array)
  * `impact_software_qualities` (optional array)
  * `assigned_to_me` (optional boolean)
  * `assignees` (optional array)
  * `authors` (optional array)
  * `code_variants` (optional array)
  * `created_after` (optional string, format: YYYY-MM-DD)
  * `created_before` (optional string, format: YYYY-MM-DD)
  * `created_in_last` (optional string, e.g., '1m' for 1 month)
  * `cwe` (optional array of CWE identifiers)
  * `directories` (optional array)
  * `facets` (optional array)
  * `files` (optional array)
  * `issue_statuses` (optional array)
  * `languages` (optional array)
  * `owasp_top10` (optional array)
  * `owasp_top10_2021` (optional array)
  * `resolutions` (optional array)
  * `resolved` (optional boolean)
  * `rules` (optional array)
  * `sans_top25` (optional array)
  * `sonarsource_security` (optional array)
  * `tags` (optional array)
  * `sort_field` (optional string)
  * `asc` (optional boolean)
  * `page` (optional)
  * `page_size` (optional)
  1. sonarqube_get_quality_gate: Retrieve quality gate status for a project
* Parameters: `project_key` (required)
  1. sonarqube_list_projects: List all SonarQube projects
* Parameters: `page` (optional), `page_size` (optional), `organization` (optional - can override the environment variable)

Examples

Example: Retrieving Metrics

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "sonarqube_get_metrics",
  "params": {
    "project_key": "my-project",
    "metrics": ["ncloc", "bugs", "code_smells", "complexity"]
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "component": {
      "key": "my-project",
      "name": "My Project",
      "measures": [
        {
          "metric": "ncloc",
          "value": "12500"
        },
        {
          "metric": "bugs",
          "value": "42"
        },
        {
          "metric": "code_smells",
          "value": "156"
        },
        {
          "metric": "complexity",
          "value": "1250"
        }
      ]
    }
  }
}

Example: Getting Issues with Status Filtering

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "sonarqube_get_issues",
  "params": {
    "project_key": "my-project",
    "severities": ["CRITICAL", "BLOCKER"],
    "statuses": ["OPEN", "CONFIRMED"],
    "page": 1,
    "page_size": 20
  }
}

Example: Getting Issues with Impact Filtering

{
  "jsonrpc": "2.0",
  "id": 4,
  "method": "sonarqube_get_issues",
  "params": {
    "project_key": "my-project",
    "impact_severities": ["HIGH"],
    "impact_software_qualities": ["MAINTAINABILITY", "SECURITY"],
    "page": 1,
    "page_size": 20
  }
}

Example: Getting Issues by Author and Creation Date

{
  "jsonrpc": "2.0",
  "id": 5,
  "method": "sonarqube_get_issues",
  "params": {
    "project_key": "my-project",
    "authors": ["developer1", "developer2"],
    "created_after": "2023-01-01",
    "created_before": "2023-12-31",
    "page": 1,
    "page_size": 20
  }
}

Example: Getting Security Issues with CWE and OWASP Filtering

{
  "jsonrpc": "2.0",
  "id": 6,
  "method": "sonarqube_get_issues",
  "params": {
    "project_key": "my-project",
    "types": ["VULNERABILITY"],
    "cwe": ["CWE-79", "CWE-89"],
    "owasp_top10": ["a1", "a3"],
    "page": 1,
    "page_size": 20
  }
}

Example: Getting Issues by Language and Directory

{
  "jsonrpc": "2.0",
  "id": 7,
  "method": "sonarqube_get_issues",
  "params": {
    "project_key": "my-project",
    "languages": ["java", "js"],
    "directories": ["src/main/java/com/example/controllers", "src/main/java/com/example/services"],
    "page": 1,
    "page_size": 20
  }
}

Example: Listing Projects with Organization Parameter

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "sonarqube_list_projects", 
  "params": {
    "organization": "my-org-key"
  }
}

Development

Prerequisites

  • Rust 1.70 or higher
  • Cargo
  • A SonarQube server instance (for testing)

Related MCP Servers & Clients

Quick Navigation

MCP Categories

Developer Tools