SonarQube MCP Server
Official MCP server integrating SonarQube Server/Cloud for code quality and security analysis in agent context.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for SonarQube MCP Server, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
SonarSource's official MCP server connects agents to SonarQube Server or Cloud, enabling analysis of code snippets and retrieval of quality and security issues directly in the agent context. It exposes project issues, hotspots, and code that gets fed back to the model, creating a tool-output injection surface.
Key features
- SonarQube Server and Cloud integration
- Analyze code snippets in-context
- Security hotspots and quality issues
Use cases
- Reviewing code quality/security with an agent
- Fixing SonarQube-reported issues in an IDE