Sonarqube Api
БесплатноНе проверенRead-only MCP server that exposes SonarQube Web API tools for issue retrieval, quality gate status, and source context, enabling coding agents to fix code issue
Описание
Read-only MCP server that exposes SonarQube Web API tools for issue retrieval, quality gate status, and source context, enabling coding agents to fix code issues.
README
Docker-free SonarQube MCP server for read-only access to the SonarQube Web API.
Run it with:
npx sonarqube-api-mcp
Requirements
- Node.js 20+
- SonarQube token with permission to browse the target project
- No Docker
This package uses the public SonarQube Web API only. It does not use private SonarQube UI GraphQL endpoints.
It is designed for coding-agent workflows like:
- "fix all new code issues"
- "fix all overall code issues"
- "fix issues for this SonarQube project name"
The server stays read-only: it fetches SonarQube issues, source context, rule details, and quality data so the calling agent can edit the checked-out repository.
Configuration
Configure the server entirely through environment variables in mcp.json.
| Variable | Required | Description |
|---|---|---|
SONAR_HOST_URL |
Yes | SonarQube base URL. Trailing slashes are normalized. |
SONAR_TOKEN |
Yes | SonarQube token. Sent as Basic Auth using Authorization: Basic base64("${SONAR_TOKEN}:"). |
SONAR_PROJECT_KEY |
No | Default project key used by project-scoped tools when projectKey and projectName are omitted. |
Startup fails clearly when SONAR_HOST_URL or SONAR_TOKEN is missing.
Published package usage
{
"mcpServers": {
"sonarqube": {
"command": "npx",
"args": ["-y", "sonarqube-api-mcp"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Local package development
Build first:
npm install
npm run build
Then point your MCP client at the compiled entrypoint:
{
"mcpServers": {
"sonarqube-local": {
"command": "node",
"args": ["/absolute/path/to/sonarqube-api-mcp/dist/index.js"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Default project key
Set SONAR_PROJECT_KEY once and omit projectKey from project-scoped tool calls.
{
"mcpServers": {
"sonarqube": {
"command": "npx",
"args": ["-y", "sonarqube-api-mcp"],
"env": {
"SONAR_HOST_URL": "https://sonarqube.yourcompany.com",
"SONAR_TOKEN": "YOUR_SONAR_TOKEN",
"SONAR_PROJECT_KEY": "hvmb-app"
}
}
}
}
Example tool input:
{
"resolved": false,
"severities": ["BLOCKER", "CRITICAL"]
}
Per-tool project override
Every project-scoped tool accepts projectKey or projectName, which override SONAR_PROJECT_KEY for that call.
{
"projectKey": "another-project",
"branch": "main",
"metricKeys": ["coverage", "bugs", "vulnerabilities"]
}
If your infrastructure creates a SonarQube project per branch, pass the SonarQube project name directly:
{
"projectName": "repo-name-feature-branch",
"scope": "new_code"
}
If a name matches multiple projects, the tool returns candidates and asks the caller to retry with projectKey.
Tools
search_sonar_projects
Searches /api/projects/search to find project keys by SonarQube project name or key.
Inputs:
queryoptional stringpageSizeoptional number, defaults to100
get_sonar_fix_plan
Gets unresolved issues grouped by file for agentic fixing workflows.
Use this for prompts like "fix all new code issues" or "fix all overall code issues".
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchscopeoptional,new_codeoroverall, defaults tonew_codebranchoptionalpullRequestoptionalseveritiesoptional string arraystatusesoptional string arraytypesoptional string arrayimpactSeveritiesoptional string array for newer SonarQube versionsimpactSoftwareQualitiesoptional string array for newer SonarQube versionspageSizeoptional number, defaults to100maxIssuesoptional number, defaults to200includeSourceoptional boolean, defaults totrueincludeRulesoptional boolean, defaults tofalsecontextLinesoptional number, defaults to5
Example for new code:
{
"projectName": "hvmb-app-feature-branch",
"scope": "new_code",
"includeSource": true,
"includeRules": true
}
Example for overall code:
{
"projectKey": "hvmb-app",
"scope": "overall",
"maxIssues": 500
}
Returns clean JSON with:
- resolved project identity
- issue count and truncation flag
- optional rule details keyed by rule key
- files sorted by issue count
- issues per file
- merged source ranges around affected lines
get_sonar_issue_context
Gets one issue plus surrounding source lines and optional rule details.
Inputs:
issueKeyrequiredbranchoptionalpullRequestoptionalcontextLinesoptional number, defaults to5includeRuleoptional boolean, defaults totrue
search_sonar_issues
Searches /api/issues/search and handles pagination.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchbranchoptionalpullRequestoptionalseveritiesoptional string arraystatusesoptional string arraytypesoptional string arrayimpactSeveritiesoptional string array for newer SonarQube versionsimpactSoftwareQualitiesoptional string array for newer SonarQube versionsinNewCodePeriodoptional booleanresolvedoptional boolean, defaults tofalsepageSizeoptional number, defaults to100
Returns clean JSON with issue key, rule, severity, type, message, component, filePath, line, textRange, effort, status, and tags.
get_quality_gate_status
Calls /api/qualitygates/project_status.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchbranchoptionalpullRequestoptional
get_rule_details
Calls /api/rules/show.
Inputs:
ruleKeyrequired
get_component_measures
Calls /api/measures/component.
Inputs:
projectKeyoptional, falls back toSONAR_PROJECT_KEYprojectNameoptional, resolved through/api/projects/searchmetricKeysrequired string arraybranchoptionalpullRequestoptional
get_sonar_sources
Calls /api/sources/lines.
Inputs:
componentrequiredfromoptional numbertooptional numberbranchoptionalpullRequestoptional
Errors
SonarQube API errors are wrapped as JSON strings containing:
endpointstatusmessage
HTML error pages are never returned directly.
Development
npm install
npm run build
prepublishOnly runs the build before publishing.
Установить Sonarqube Api в Claude Desktop, Claude Code, Cursor
unyly install sonarqube-api-mcpСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add sonarqube-api-mcp -- npx -y sonarqube-api-mcpFAQ
Sonarqube Api MCP бесплатный?
Да, Sonarqube Api MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Sonarqube Api?
Нет, Sonarqube Api работает без API-ключей и переменных окружения.
Sonarqube Api — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Sonarqube Api в Claude Desktop, Claude Code или Cursor?
Открой Sonarqube Api на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Sonarqube Api with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
