Set up SonarQube MCP in VS Code

Code quality analysis, security hotspot detection, and vulnerability tracking from SonarQube Cloud or Server. Official SonarSource implementation.

Locate the config file

VS Code reads MCP server configuration from the following file:

.vscode/settings.json → mcp section

Create this file if it does not already exist. For VS Code, this is inside your workspace .vscode/settings.json file under the mcp section.

Add the configuration

Add the following to your VS Code config file:

json

{
  "servers": {
    "sonarqube-mcp": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "-i",
        "--rm",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN",
        "SONARQUBE_URL": "YOUR_SONARQUBE_URL",
        "SONARQUBE_ORG": "YOUR_SONARQUBE_ORG"
      }
    }
  }
}

Set up environment variables

SonarQube MCP requires the following environment variables:

SONARQUBE_TOKENRequired

SonarQube authentication token

SONARQUBE_URLOptional

SonarQube Server URL (omit for SonarQube Cloud)

SONARQUBE_ORGOptional

SonarQube Cloud organization key

Verify it works

Restart VS Code. SonarQube MCP should appear in your MCP server list with 13 tools available.

This server adds approximately 6,500 tokens to your context window for tool definitions.

Set up SonarQube MCP in other editors

Claude Code Cursor Windsurf Claude Desktop Continue

← Back to SonarQube MCP