StackMCP

Set up SonarQube MCP in Windsurf

Code quality analysis, security hotspot detection, and vulnerability tracking from SonarQube Cloud or Server. Official SonarSource implementation.

1

Locate the config file

Windsurf reads MCP server configuration from the following file:

~/.codeium/windsurf/mcp_config.json

Create this file if it does not already exist.

2

Add the configuration

Add the following to your Windsurf config file:

json
{
  "mcpServers": {
    "sonarqube-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "-i",
        "--rm",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN",
        "SONARQUBE_URL": "YOUR_SONARQUBE_URL",
        "SONARQUBE_ORG": "YOUR_SONARQUBE_ORG"
      }
    }
  }
}
3

Set up environment variables

SonarQube MCP requires the following environment variables:

SONARQUBE_TOKENRequired

SonarQube authentication token

SONARQUBE_URLOptional

SonarQube Server URL (omit for SonarQube Cloud)

SONARQUBE_ORGOptional

SonarQube Cloud organization key

4

Verify it works

Restart Windsurf. SonarQube MCP should appear in your MCP server list with 13 tools available.

This server adds approximately 6,500 tokens to your context window for tool definitions.

Set up SonarQube MCP in other editors

Claude CodeCursorVS CodeClaude DesktopContinue
← Back to SonarQube MCP