Sonarqube Api
FreeNot checkedRead-only MCP server that exposes SonarQube Web API tools for issue retrieval, quality gate status, and source context, enabling coding agents to fix code issue
About
Read-only MCP server that exposes SonarQube Web API tools for issue retrieval, quality gate status, and source context, enabling coding agents to fix code issues.
README
Docker-free SonarQube MCP server for read-only access to the SonarQube Web API.
Run it with:
npx sonarqube-api-mcp
Requirements
- Node.js 20+
- SonarQube token with permission to browse the target project
- No Docker
This package uses the public SonarQube Web API only. It does not use private SonarQube UI GraphQL endpoints.
It is designed for coding-agent workflows like:
- "fix all new code issues"
- "fix all overall code issues"
- "fix issues for this SonarQube project name"
The server stays read-only: it fetches SonarQube issues, source context, rule details, and quality data so the calling agent can edit the checked-out repository.
Configuration
Configure the server entirely through environment variables in mcp.json.
| Variable | Required | Description |
|---|---|---|
SONAR_HOST_URL |
Yes | SonarQube base URL. Trailing slashes are normalized. |
SONAR_TOKEN |
Yes | SonarQube token. Sent as Basic Auth using Authorization: Basic base64("${SONAR_TOKEN}:"). |
SONAR_PROJECT_KEY |
No | Default project key used by project-scoped tools when projectKey and projectName are omitted. |
Startup fails clearly when SONAR_HOST_URL or SONAR_TOKEN is missing.
Published package usage
{
"mcpServers": {
"sonarqube": {
"command": "npx",
"args": ["-y", "sonarqube-api-mcp"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Local package development
Build first:
npm install
npm run build
Then point your MCP client at the compiled entrypoint:
{
"mcpServers": {
"sonarqube-local": {
"command": "node",
"args": ["/absolute/path/to/sonarqube-api-mcp/dist/index.js"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Default project key
Set SONAR_PROJECT_KEY once and omit projectKey from project-scoped tool calls.
{
"mcpServers": {
"sonarqube": {
"command": "npx",
"args": ["-y", "sonarqube-api-mcp"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Example tool input:
{
"resolved": false,
"severities": ["BLOCKER", "CRITICAL"]
}
Per-tool project override
Every project-scoped tool accepts projectKey or projectName, which override SONAR_PROJECT_KEY for that call.
{
"projectKey": "another-project",
"branch": "main",
"metricKeys": ["coverage", "bugs", "vulnerabilities"]
}
If your infrastructure creates a SonarQube project per branch, pass the SonarQube project name directly:
{
"projectName": "repo-name-feature-branch",
"scope": "new_code"
}
If a name matches multiple projects, the tool returns candidates and asks the caller to retry with projectKey.
Tools
search_sonar_projects
Searches /api/projects/search to find project keys by SonarQube project name or key.
Inputs:
queryoptional stringpageSizeoptional number, defaults to100
get_sonar_fix_plan
Gets unresolved issues grouped by file for agentic fixing workflows.
Use this for prompts like "fix all new code issues" or "fix all overall code issues".
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchscopeoptional,new_codeoroverall, defaults tonew_codebranchoptionalpullRequestoptionalseveritiesoptional string arraystatusesoptional string arraytypesoptional string arrayimpactSeveritiesoptional string array for newer SonarQube versionsimpactSoftwareQualitiesoptional string array for newer SonarQube versionspageSizeoptional number, defaults to100maxIssuesoptional number, defaults to200includeSourceoptional boolean, defaults totrueincludeRulesoptional boolean, defaults tofalsecontextLinesoptional number, defaults to5
Example for new code:
{
"projectName": "hvmb-app-feature-branch",
"scope": "new_code",
"includeSource": true,
"includeRules": true
}
Example for overall code:
{
"projectKey": "hvmb-app",
"scope": "overall",
"maxIssues": 500
}
Returns clean JSON with:
- resolved project identity
- issue count and truncation flag
- optional rule details keyed by rule key
- files sorted by issue count
- issues per file
- merged source ranges around affected lines
get_sonar_issue_context
Gets one issue plus surrounding source lines and optional rule details.
Inputs:
issueKeyrequiredbranchoptionalpullRequestoptionalcontextLinesoptional number, defaults to5includeRuleoptional boolean, defaults totrue
search_sonar_issues
Searches /api/issues/search and handles pagination.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchbranchoptionalpullRequestoptionalseveritiesoptional string arraystatusesoptional string arraytypesoptional string arrayimpactSeveritiesoptional string array for newer SonarQube versionsimpactSoftwareQualitiesoptional string array for newer SonarQube versionsinNewCodePeriodoptional booleanresolvedoptional boolean, defaults tofalsepageSizeoptional number, defaults to100
Returns clean JSON with issue key, rule, severity, type, message, component, filePath, line, textRange, effort, status, and tags.
get_quality_gate_status
Calls /api/qualitygates/project_status.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchbranchoptionalpullRequestoptional
get_rule_details
Calls /api/rules/show.
Inputs:
ruleKeyrequired
get_component_measures
Calls /api/measures/component.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchmetricKeysrequired string arraybranchoptionalpullRequestoptional
get_sonar_sources
Calls /api/sources/lines.
Inputs:
componentrequiredfromoptional numbertooptional numberbranchoptionalpullRequestoptional
Errors
SonarQube API errors are wrapped as JSON strings containing:
endpointstatusmessage
HTML error pages are never returned directly.
Development
npm install
npm run build
prepublishOnly runs the build before publishing.
Install Sonarqube Api in Claude Desktop, Claude Code & Cursor
unyly install sonarqube-api-mcpInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add sonarqube-api-mcp -- npx -y sonarqube-api-mcpFAQ
Is Sonarqube Api MCP free?
Yes, Sonarqube Api MCP is free — one-click install via Unyly at no cost.
Does Sonarqube Api need an API key?
No, Sonarqube Api runs without API keys or environment variables.
Is Sonarqube Api hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Sonarqube Api in Claude Desktop, Claude Code or Cursor?
Open Sonarqube Api on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Sonarqube Api with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
