SonarQube MCP Server
Official MCP server integrating SonarQube Server/Cloud for code quality and security analysis in agent context.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for SonarQube MCP Server, derived from its capabilities.
AIVSS 8.5 · High
View MAESTRO 7-layer threat model →Overview
SonarSource's official MCP server connects agents to SonarQube Server or Cloud, enabling analysis of code snippets and retrieval of quality and security issues directly in the agent context. It exposes project issues, hotspots, and code that gets fed back to the model, creating a tool-output injection surface.
Key features
- SonarQube Server and Cloud integration
- Analyze code snippets in-context
- Security hotspots and quality issues
Use cases
- Reviewing code quality/security with an agent
- Fixing SonarQube-reported issues in an IDE