sonarqube-mcp
Verified Safeby nggocnn
Overview
Enables AI Agent applications to manage and retrieve code quality and analysis data from a SonarQube server.
Installation
sonarqube-mcp --transport stdioEnvironment Variables
- SONARQUBE_URL
- SONARQUBE_TOKEN
- SONARQUBE_USERNAME
- SONARQUBE_PASSWORD
- SONARQUBE_ORGANIZATION
Security Notes
The server correctly handles sensitive information by requiring it via environment variables (SONARQUBE_TOKEN, SONARQUBE_USERNAME/PASSWORD). It performs input validation for API parameters (e.g., positive page numbers, non-empty strings). The underlying HTTP client (`httpx`) includes timeouts and connection limits, and error handling for network issues. The server binds to '0.0.0.0', which is standard but requires appropriate network configuration (e.g., firewalls) in production environments. No 'eval' or other direct arbitrary code execution patterns were found.
Similar Servers
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
easy-code-reader
Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.
ultrascript-tools-mcp
An expert developer tool for comprehensive code analysis, semantic search, refactoring, code modification, and automated documentation. It leverages AI and specialized runtime environments (Node.js/Bun) for high performance, featuring deep Git integration for branch-aware indexing and merge conflict resolution across multiple programming languages.