SonarQube MCP Server

Configuration generator

1 Target client

2 SonarQube instance & authentication

Security recommendation — avoid hardcoding your user token

Pasting your user token here embeds it in plain text inside your config file, which can end up in version control or be read by other processes. Consider these safer alternatives instead:

  • Environment variable substitution — most clients support referencing a shell variable directly in the config, e.g. ${SONARQUBE_TOKEN} or $env:SONARQUBE_TOKEN (PowerShell). Leave the field empty here and set the placeholder yourself.
  • Secrets manager — inject the user token at runtime via your OS keychain, HashiCorp Vault, AWS Secrets Manager, or similar, and expose it as an env var.
  • CI/CD secrets — if you are generating a config for a pipeline, use your CI platform's native secret injection (GitHub Actions secrets, GitLab CI variables, etc.).
  • Short-lived user tokens — generate a user token with a short expiry and rotate it regularly to limit exposure.
If provided, it will be injected into the config. Keep this secret! Leave empty to keep <YourSonarQubeUserToken> placeholder. How to get a user token

3 Transport mode

4 Toolsets & advanced

Sets SONARQUBE_PROJECT_KEY in the container environment (stdio or HTTP(S) launch only). Single-project workflows: tools omit projectKey from their schema when this is set.
Required for run_advanced_code_analysis and for context augmentation when using those features. Stdio only. Mounts your project at /app/mcp-workspace so tools can read the tree via filePath instead of full file content. Use an absolute host path.
Generated configuration Not selected 
Please select a target client (step 1) to build the configuration.

Do not share this generated text with others if it contains your SonarQube user token.

Copied to clipboard
Share Feedback