AI is transforming software development and turbocharging many aspects of a developer's daily work. But it’s also bringing new challenges to your teams: how do you maintain code quality and security standards as the volume of AI-generated code doubles, triples, or increases even more exponentially?
Today, we’re excited to announce the general availability of the SonarQube Model Context Protocol (MCP) Server, a new tool designed to bridge the divide between the productivity offered by AI coding tools and the quality assured by Sonar with its SonarQube automated code review solutions.
Rated #1 on G2, SonarQube is the industry’s leading integrated code quality and security solution trusted by over 7 million developers. With SonarQube MCP Server, your favorite coding agents can work seamlessly on issues identified by SonarQube, ensuring all agent-generated code meets established code quality standards.
What is SonarQube MCP Server?
The SonarQube MCP Server is a Model Context Protocol (MCP) server that runs locally on any machine and enables a seamless connection between your AI agents and your SonarQube platform. The SonarQube MCP Server integrates directly with SonarQube (Cloud and Server). Its primary purpose is to facilitate code quality and security analysis within the context of an AI agent’s workflow inside of the IDE or CLI. Instead of context-switching between your AI-native IDE and SonarQube, your developers can get instant, governed feedback directly from their AI agent.
By acting as a universal translator, the MCP server provides a standardized way for AI applications to communicate with SonarQube’s powerful analysis capabilities. It allows AI tools to do everything from analyzing a code snippet for issues to checking a project's quality gate status.
Key use cases
The SonarQube MCP Server transforms your AI coding agent from a simple code generator into a full-fledged code review and quality assurance co-pilot. Here are some of the ways you can use it to improve your workflow:
- Code quality management: Manage and analyze code quality issues across multiple projects at once. Your AI agent can retrieve a list of all projects, filter issues based on severity or status, and even change an issue’s status, such as marking it as a false positive.
- On-demand code analysis: Ask your AI agent to analyze a new file or code snippet for quality and security issues before it’s even committed. The local MCP server allows AI agents to retrieve metrics and project health information.
- Project health checks: An AI agent can use the server to retrieve a project’s quality gate status, instantly letting you know if a project is ready for release.
- Software Composition Analysis (SCA): For teams using SonarQube with Advanced Security, the server can be used to check a project for SCA dependency issues.
Integrations & availability
The SonarQube MCP Server connects to a wide and growing ecosystem of AI assistants, CLIs, and code editors. Deploy it from MCP marketplaces and bring SonarQube code quality analysis into your AI-driven workflow.
- Marketplaces: SonarQube MCP Server is available on MCP marketplaces such as Docker MCP Hub, Anthropic MCP Market, and MCP.so.
- Claude: Give the Claude assistant family (including Claude Code and Desktop) direct access to SonarQube’s analysis capabilities.
- Codex CLI: Enable the Codex CLI to invoke SonarQube's analysis within your prompts, ensuring AI-assisted tasks consider code quality from the start.
- Cursor: Achieve seamless integration with the Cursor IDE, allowing its agent to communicate directly with SonarQube Server and Cloud.
- Devin: Integrate SonarQube's code quality and security standards directly into the workflow of the Devin AI software engineer.
- Windsurf: The MCP server is fully supported and available as a dedicated plugin for the Windsurf IDE.
- Gemini CLI: The MCP server acts as a bridge for the Gemini CLI, giving the agent access to SonarQube's custom tools and analysis.
- GitHub Copilot: Integrate with Copilot in your IDE (like VS Code) to create a secure, quality-aware coding agent that can list issues, suggest fixes, and write tests based on SonarQube's analysis.
- GitHub Copilot CLI: Add SonarQube's analysis capabilities to your command-line workflows powered by the GitHub CLI.
- Amazon Q Developer: Connect with Amazon Q in your IDE to analyze and fix code issues directly within the chat interface, streamlining your workflow.
- Kiro: Use the MCP Server to act as a bridge, allowing the Kiro AI agentic IDE to access data from your SonarQube.
- Zed: Add the SonarQube MCP Server to the Zed code editor using the official extension available in Zed's marketplace.
Getting started
The SonarQube MCP Server is free, source-available, and ready for you to deploy. We’ve made it easy to get up and running in minutes, with options for Docker or with Java by running the Jar directly (requires downloading or building the Jar).
All you need is a SonarQube Cloud account or a SonarQube Server instance.
The SonarQube MCP Server provides a secure and verifiable foundation for bringing your trusted code quality standards into the agentic software development workflow.
We invite you to get started today and bring your team’s software quality to the next level.