{"id":51306364,"url":"https://github.com/viamus/mcp-sonarqube","last_synced_at":"2026-07-01T00:02:09.816Z","repository":{"id":359410402,"uuid":"1150999689","full_name":"viamus/mcp-sonarqube","owner":"viamus","description":"MCP for SonarQube that analyzes code quality, technical debt, vulnerabilities, and coverage, enabling AI-driven engineering insights.","archived":false,"fork":false,"pushed_at":"2026-05-21T18:34:28.000Z","size":51,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T03:41:38.710Z","etag":null,"topics":["ai-agents","automation","code-quality","devops","engineering-metrics","mcp","model-context-protocol","sonarqube","static-analysis","technical-debt"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/viamus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-05T23:50:11.000Z","updated_at":"2026-05-10T02:02:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/viamus/mcp-sonarqube","commit_stats":null,"previous_names":["viamus/mcp-sonarqube"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/viamus/mcp-sonarqube","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viamus%2Fmcp-sonarqube","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viamus%2Fmcp-sonarqube/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viamus%2Fmcp-sonarqube/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viamus%2Fmcp-sonarqube/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/viamus","download_url":"https://codeload.github.com/viamus/mcp-sonarqube/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viamus%2Fmcp-sonarqube/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34987611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-30T02:00:05.919Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","automation","code-quality","devops","engineering-metrics","mcp","model-context-protocol","sonarqube","static-analysis","technical-debt"],"created_at":"2026-07-01T00:02:05.296Z","updated_at":"2026-07-01T00:02:09.808Z","avatar_url":"https://github.com/viamus.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MCP SonarQube Server\n\n[![.NET](https://img.shields.io/badge/.NET-10.0-512BD4)](https://dotnet.microsoft.com/)\n[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n[![MCP](https://img.shields.io/badge/MCP-Compatible-blue)](https://modelcontextprotocol.io/)\n[![Tools](https://img.shields.io/badge/Tools-13-orange)](#available-tools)\n[![Tests](https://img.shields.io/badge/Tests-52%20passing-success)](#development)\n\nA [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) server that lets AI assistants talk to SonarQube — query projects, drill into issues, audit pull requests, locate duplication, and check quality gates — all through a single HTTP transport.\n\n### Highlights\n\n- **PR analysis in one call** — `analyze_pull_request` aggregates quality gate, new-code measures, issues, and security hotspots in parallel\n- **Locate the offending file** — `get_component_tree_measures` breaks aggregated metrics down by file/directory so the agent knows where to fix\n- **Exact duplication blocks** — `get_duplications` returns line ranges and paired files\n- **Clear errors** — Sonar's error body (`errors[].msg`) is propagated through every wrapper\n\n---\n\n## Quick Start\n\n```bash\n# 1. Clone the repository\ngit clone https://github.com/viamus/mcp-sonarqube.git\ncd mcp-sonarqube\n\n# 2. Configure credentials\ncp .env.example .env\n# Edit .env with your SonarQube URL and token\n\n# 3. Run the server\ndocker compose up -d\n```\n\n---\n\n## Prerequisites\n\n| Requirement | Version | Purpose |\n|-------------|---------|---------|\n| .NET SDK | 10.0+ | Build and run |\n| Docker | Latest | Container deployment (optional) |\n| SonarQube Instance | 9.x+ | API access |\n\n**Required:**\n- SonarQube base URL (e.g., `https://sonarqube.example.com`)\n- SonarQube user token (generate at: Your SonarQube \u003e My Account \u003e Security \u003e Tokens)\n\n---\n\n## Available Tools\n\n13 MCP tools, grouped by domain:\n\n| Domain | Tool | Purpose |\n|--------|------|---------|\n| **Pull Requests** | `analyze_pull_request` | Aggregated PR view — quality gate, new-code measures, issues, security hotspots (4 calls in parallel) |\n| **Projects** | `search_projects` | Search projects by name or key |\n| | `get_project_status` | Quality gate status + key measures for a project |\n| **Issues** | `search_issues` | Search issues with filters; supports `pullRequest` scoping |\n| **Measures** | `get_measures` | Get metrics for a component |\n| | `get_component_tree_measures` | Break measures down by file/directory — locate offending files |\n| **Duplications** | `get_duplications` | Exact duplication blocks (line ranges + paired files) |\n| **Quality Gates** | `list_quality_gates` | List all gates with their conditions |\n| **Hotspots** | `search_hotspots` | Search security hotspots |\n| | `get_hotspot` | Detailed hotspot info |\n| **Rules** | `search_rules` | Search coding rules by language/severity/tags |\n| **System** | `get_health` | Health status of the SonarQube instance |\n\nFor the underlying SonarQube endpoints each tool wraps, see the [API Reference](#api-reference) below.\n\n---\n\n## Running Options\n\n### Option 1: Docker Compose (Recommended)\n\n```bash\ndocker compose up -d\n```\n\nThe server will be available at `http://localhost:8082`.\n\n### Option 2: .NET CLI\n\n```bash\ndotnet run --project src/Viamus.Sonarqube.Mcp.Server\n```\n\nThe server will be available at `http://localhost:5100`.\n\n### Option 3: Self-Contained Executable\n\n```bash\ndotnet publish src/Viamus.Sonarqube.Mcp.Server -c Release -o ./publish\n./publish/Viamus.Sonarqube.Mcp.Server\n```\n\n---\n\n## Client Configuration\n\n### Claude Desktop\n\nAdd to your Claude Desktop configuration (`claude_desktop_config.json`):\n\n```json\n{\n  \"mcpServers\": {\n    \"sonarqube\": {\n      \"url\": \"http://localhost:8082\"\n    }\n  }\n}\n```\n\n### Claude Code\n\n```bash\nclaude mcp add sonarqube --scope user --transport http http://localhost:8082\n```\n\n---\n\n## Usage Examples\n\n### Audit a pull request end-to-end\n\n```\nAnalyze pull request 1234 on the \"my-app\" project. Did it break the gate?\nIf yes, find which files concentrate the new duplicated lines and show me\nthe exact duplication blocks.\n```\n\n\u003e Under the hood the agent will typically chain `analyze_pull_request` → `get_component_tree_measures` (sorted by `new_duplicated_lines`) → `get_duplications` on the worst file.\n\n### Search for projects\n\n```\nSearch for all projects containing \"backend\" in my SonarQube instance.\n```\n\n### Check project quality\n\n```\nWhat is the quality gate status for the \"my-app\" project? Show me the coverage and bug count.\n```\n\n### Find critical issues\n\n```\nSearch for all CRITICAL and BLOCKER severity issues in the \"my-app\" project.\n```\n\n### Review security hotspots\n\n```\nShow me all security hotspots that need review in the \"my-app\" project.\n```\n\n### Search coding rules\n\n```\nFind all MAJOR severity rules for C# language.\n```\n\n### Check system health\n\n```\nIs my SonarQube instance healthy?\n```\n\n---\n\n## Configuration\n\n### Environment Variables\n\n| Variable | Required | Description |\n|----------|----------|-------------|\n| `SONARQUBE_BASE_URL` | Yes | SonarQube instance URL |\n| `SONARQUBE_TOKEN` | Yes | SonarQube user token |\n| `SONARQUBE_ORGANIZATION` | No | SonarCloud organization key |\n| `SERVER_REQUIRE_API_KEY` | No | Enable API key authentication (default: `false`) |\n| `SERVER_API_KEY` | No | API key for server access |\n\n### appsettings.json\n\n```json\n{\n  \"SonarQube\": {\n    \"BaseUrl\": \"https://your-sonarqube-instance.com\",\n    \"Token\": \"your-token-here\",\n    \"Organization\": \"\"\n  },\n  \"ServerSecurity\": {\n    \"RequireApiKey\": false,\n    \"ApiKey\": \"\"\n  }\n}\n```\n\n### User Secrets (Development)\n\n```bash\ncd src/Viamus.Sonarqube.Mcp.Server\ndotnet user-secrets set \"SonarQube:BaseUrl\" \"https://your-sonarqube-instance.com\"\ndotnet user-secrets set \"SonarQube:Token\" \"your-token-here\"\ndotnet user-secrets set \"SonarQube:Organization\" \"your-sonarcloud-organization\"\n```\n\n---\n\n## Troubleshooting\n\n### Common Issues\n\n**Connection refused**\n- Verify the SonarQube base URL is correct and accessible\n- Check that the server is running: `curl http://localhost:8082/health`\n\n**401 Unauthorized from SonarQube**\n- Verify your token is valid and not expired\n- Generate a new token at: Your SonarQube \u003e My Account \u003e Security \u003e Tokens\n\n**No projects found**\n- Ensure your token has sufficient permissions\n- Verify the project exists in your SonarQube instance\n\n**Docker container not starting**\n- Check logs: `docker compose logs mcp-sonarqube`\n- Verify `.env` file exists and contains valid credentials\n\n---\n\n## Project Structure\n\n```\nmcp-sonarqube/\n├── src/Viamus.Sonarqube.Mcp.Server/\n│   ├── Configuration/          # Settings classes\n│   ├── Middleware/              # API key authentication\n│   ├── Models/                  # SonarQube API DTOs\n│   ├── Services/                # HTTP client for SonarQube API\n│   ├── Tools/                   # MCP tool implementations (13 tools)\n│   └── Program.cs               # Entry point\n├── tests/Viamus.Sonarqube.Mcp.Server.Tests/\n│   ├── Configuration/           # Settings and middleware tests\n│   ├── Models/                  # Serialization tests\n│   └── Tools/                   # Tool behavior tests\n├── docker-compose.yml\n└── Solution.slnx\n```\n\n---\n\n## API Reference\n\n### SonarQube API Endpoints Used\n\n| Endpoint | Tool(s) |\n|----------|---------|\n| `/api/projects/search` | `search_projects` |\n| `/api/qualitygates/project_status` | `get_project_status`, `analyze_pull_request` |\n| `/api/qualitygates/list` | `list_quality_gates` |\n| `/api/measures/component` | `get_project_status`, `get_measures`, `analyze_pull_request` |\n| `/api/measures/component_tree` | `get_component_tree_measures` |\n| `/api/duplications/show` | `get_duplications` |\n| `/api/issues/search` | `search_issues`, `analyze_pull_request` |\n| `/api/hotspots/search` | `search_hotspots`, `analyze_pull_request` |\n| `/api/hotspots/show` | `get_hotspot` |\n| `/api/rules/search` | `search_rules` |\n| `/api/system/health` | `get_health` |\n\n---\n\n## Development\n\n### Building\n\n```bash\ndotnet build Solution.slnx\n```\n\n### Testing\n\n```bash\ndotnet test Solution.slnx\n```\n\n### Adding New Tools\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md#adding-a-new-mcp-tool) for detailed instructions.\n\n---\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviamus%2Fmcp-sonarqube","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fviamus%2Fmcp-sonarqube","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviamus%2Fmcp-sonarqube/lists"}