sonarlint-mcp-server
Verified Safeby ptitmonnstree
Overview
Provides SonarLint-powered code quality analysis, bug detection, and quick fixes as an MCP server for AI clients like Claude Desktop.
Installation
npx -y @nielspeter/sonarlint-mcp-serverSecurity Notes
The server primarily uses standard I/O for communication via the Model Context Protocol (MCP), minimizing direct network attack surface. It utilizes 'child_process.spawn' to interact with a local Java-based SLOOP backend, which is generally safer than arbitrary command execution. File system operations are inherent to its code analysis function and are performed on user-specified paths. No 'eval' or directly malicious code patterns were found. Hardcoded credentials for testing purposes are isolated to test fixtures, not operational code. The Node.js path for language analyzers is set to 'process.execPath', preventing arbitrary executable injection.
Similar Servers
claude-code-mcp
Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.