SonarQube MCP Server
Enables Cursor AI to query SonarQube for pull request metrics, issues, file issues, and duplication reports directly, without manual data export.
README
SonarQube MCP Server
A Model Context Protocol (MCP) server that gives Cursor AI (and any MCP-compatible AI) live access to SonarQube — so you can ask questions like:
"What SonarQube issues are in this file?" "What does Sonar say about my PR?" "Fix all issues in config.ts for PR 257"
…and Cursor fetches the data itself, no copy-pasting JSON.
Tools exposed
| Tool | When AI uses it |
|---|---|
sonar_get_pr_metrics |
"What's my coverage?" / "Does Sonar pass?" / "What are the Sonar metrics on PR 257?" |
sonar_get_pr_issues |
"What issues are on my PR?" / "What does Sonar say?" |
sonar_get_file_issues |
"What issues are in this file?" / "Fix issues in config.ts" |
sonar_get_duplication_report |
"Which files have duplicated code?" / "What's the duplication?" |
Architecture
Cursor AI
│ (MCP protocol over stdio)
▼
SonarQube MCP Server (this repo)
│ (HTTPS with Teleport client certificates)
▼
Teleport (company SSO gateway)
│
▼
SonarQube API
Note: SonarQube at OpenGov is behind Teleport, a secure access gateway. The server uses Teleport client certificates generated by
tsh apps login. If your SonarQube is directly accessible (no Teleport), the server works withouttsh.
Prerequisites
- Node.js 18+ (Node 22 recommended)
tsh(Teleport CLI) — only needed if SonarQube is behind Teleport- SonarQube user token — generate at SonarQube → My Account → Security → Generate Token
- Cursor (or any MCP-compatible AI client)
Installation
Step 1 — Clone the repo
git clone https://github.com/rahulsingh-cloud/SonarQube-MCP-Server.git
cd SonarQube-MCP-Server
Step 2 — Install dependencies
npm install
Step 3 — Build
npm run build
This compiles index.ts → dist/index.js.
Configuration
Step 4 — Get your SonarQube token
- Open SonarQube in your browser and log in
- Go to My Account → Security → Generate Token
- Name it
cursor-mcp, click Generate, copy the token
Step 5 — Register the MCP server with Cursor
Edit (or create) the Cursor MCP config file. The location depends on your OS:
| OS | Path |
|---|---|
| Windows | C:\Users\<YourName>\.cursor\mcp.json |
| macOS | ~/.cursor/mcp.json |
| Linux | ~/.cursor/mcp.json |
Windows
{
"mcpServers": {
"sonarqube": {
"command": "node",
"args": ["C:\\Users\\YourName\\SonarQube-MCP-Server\\dist\\index.js"],
"env": {
"SONARQUBE_TOKEN": "squ_your_token_here",
"SONARQUBE_URL": "https://your-sonarqube-host",
"SONARQUBE_PROJECT": "your-project-key"
}
}
}
}
Tip (Windows): Use double backslashes
\\in the path, or use forward slashes/— both work.
macOS / Linux
{
"mcpServers": {
"sonarqube": {
"command": "node",
"args": ["/Users/yourname/SonarQube-MCP-Server/dist/index.js"],
"env": {
"SONARQUBE_TOKEN": "squ_your_token_here",
"SONARQUBE_URL": "https://your-sonarqube-host",
"SONARQUBE_PROJECT": "your-project-key"
}
}
}
}
Tip (macOS): Use
pwdinside the cloned repo folder to get the full path.
Replace in both:
your-project-key— found in SonarQube → Project → Project Informationsqu_your_token_here— your SonarQube token from Step 4https://your-sonarqube-host— your SonarQube base URL (e.g.https://sonarqube.yourcompany.com)
Step 6 — Restart Cursor
Close Cursor completely (Quit, not just close the window) and reopen it.
- Windows: Right-click Cursor in the system tray → Quit
- macOS:
Cmd+Qor Cursor menu → Quit Cursor
You'll see sonarqube listed with a green dot under Cursor Settings → MCP.
If SonarQube is behind Teleport (OpenGov setup)
Teleport is a secure access gateway. The server automatically detects and uses Teleport client certificates if tsh is installed and logged in.
Install tsh (Teleport CLI)
Windows:
- Download from https://goteleport.com/download/ → Windows →
.exeinstaller - Run the installer
- Add the install folder to your
Pathenvironment variable (e.g.C:\Program Files\Teleport Connect\Programs) - Restart your terminal
tsh version # verify
macOS (Homebrew):
brew install teleport
tsh version # verify
macOS (manual):
- Download from https://goteleport.com/download/ → macOS →
.pkginstaller - Run the installer —
tshis added to/usr/local/binautomatically
tsh version # verify
Log in to Teleport
Works the same on Windows, macOS, and Linux:
# Step 1 — Log in via browser SSO (Okta)
tsh login --proxy=opengov.teleport.sh --skip-version-check
# Step 2 — Get access to SonarQube specifically
tsh apps login sonarqube-engops-production --skip-version-check
# Step 3 — Verify access
tsh apps ls --skip-version-check
After tsh login, your browser opens for Okta SSO. After authenticating, return to the terminal and run steps 2 and 3.
The server automatically finds the certificates at:
macOS / Linux:
~/.tsh/keys/opengov.teleport.sh/<username>-app/opengov.teleport.sh/sonarqube-engops-production.crt
~/.tsh/keys/opengov.teleport.sh/<username>-app/opengov.teleport.sh/sonarqube-engops-production.key
Windows:
C:\Users\<YourName>\.tsh\keys\opengov.teleport.sh\<username>-app\opengov.teleport.sh\sonarqube-engops-production.crt
C:\Users\<YourName>\.tsh\keys\opengov.teleport.sh\<username>-app\opengov.teleport.sh\sonarqube-engops-production.key
Supports both:
- Teleport v18+ —
.crt/.keyfiles - Teleport v17 and older —
-x509.pemfiles
Cert expiry: Teleport certificates expire (typically 12 hours). Run
tsh apps login sonarqube-engops-production --skip-version-checkagain and restart Cursor when they expire.
Usage
Once connected, just ask Cursor in plain English:
# Get PR metrics
"What does SonarQube say about PR 257?"
"Does my PR pass Sonar?"
"What's my coverage on PR 257?"
# Get file issues
"What SonarQube issues are in apps/web/src/og-assist/tools/config.ts?"
"Fix all issues in this file for PR 257"
# Get PR issues
"What issues were introduced in PR 257?"
"Show me all new code smells on my PR"
# Get duplication
"Which files have duplicated code in PR 257?"
"What's the duplication on my PR?"
Cursor selects the right tool automatically based on your question.
Manual testing
You can test the server without Cursor by piping JSON-RPC directly.
macOS / Linux:
# List available tools
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | \
SONARQUBE_TOKEN=your_token \
SONARQUBE_URL=https://your-sonarqube \
SONARQUBE_PROJECT=your-project \
node dist/index.js
# Call a tool
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"sonar_get_pr_metrics","arguments":{"pullRequest":"257"}}}' | \
SONARQUBE_TOKEN=your_token \
SONARQUBE_URL=https://your-sonarqube \
SONARQUBE_PROJECT=your-project \
node dist/index.js
Windows (PowerShell):
$env:SONARQUBE_TOKEN = "your_token"
$env:SONARQUBE_URL = "https://your-sonarqube"
$env:SONARQUBE_PROJECT = "your-project"
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | node dist/index.js
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"sonar_get_pr_metrics","arguments":{"pullRequest":"257"}}}' | node dist/index.js
Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
SONARQUBE_TOKEN |
✅ Yes | — | SonarQube user token (squ_...) |
SONARQUBE_URL |
No | https://sonarqube-engops-production.opengov.teleport.sh |
SonarQube base URL |
SONARQUBE_PROJECT |
No | payroll-app-web |
SonarQube project key |
Project structure
SonarQube-MCP-Server/
├── index.ts ← MCP server source (all logic)
├── dist/index.js ← compiled output (run this)
├── package.json
├── tsconfig.json
└── README.md
How it works
- Cursor reads
~/.cursor/mcp.jsonat startup and launches the server as a background process - The server registers 4 tools with names and descriptions
- When you ask a question, Cursor's AI reads the tool descriptions and decides which tool to call
- The server makes an HTTPS request to SonarQube (with Teleport certs if applicable) and returns the data
- Cursor uses the data to answer your question or take action
Troubleshooting
| Problem | Fix |
|---|---|
sonarqube not showing in Cursor MCP |
Fully quit and reopen Cursor (Cmd+Q on Mac, tray → Quit on Windows) |
Teleport session required error |
Run tsh apps login sonarqube-engops-production --skip-version-check |
401 Unauthorized |
Token is wrong or expired — generate a new one from SonarQube → My Account → Security |
Cert/key not found |
Run tsh apps login first to generate the certificates |
| Certs expired | Run tsh apps login sonarqube-engops-production --skip-version-check and restart Cursor |
tsh: command not found (Mac) |
Run brew install teleport or add the install path to your PATH |
tsh: command not found (Windows) |
Add C:\Program Files\Teleport Connect\Programs to your Path environment variable |
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.