sonarqube-mcp-server
Verified Safeby SonarSource
Overview
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
Installation
docker run -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG mcp/sonarqubeEnvironment Variables
- STORAGE_PATH
- SONARQUBE_TOKEN
Security Notes
The server employs robust security practices including TTL-based session token management, explicit authentication via 'SONARQUBE_TOKEN' header, and CORS protection to prevent DNS rebinding. It explicitly warns about binding to all network interfaces (0.0.0.0) and running without HTTPS. While a default keystore password ('sonarlint') is present for HTTPS setup, it's meant to be configurable. No direct 'eval' or arbitrary code execution vulnerabilities were found in the provided code snippets.
Similar Servers
easy-code-reader
Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
mcp-zap-server
Orchestrates OWASP ZAP security scanning actions (spider, active scan, OpenAPI import, reporting) via the Model Context Protocol, enabling AI agents like Claude Desktop or Cursor to perform security testing.
athena-protocol
An intelligent MCP server that acts as an AI tech lead for coding agents, providing expert validation, impact analysis, and strategic guidance before code changes are made.