Is io.github.mshegolev/sonarqube-mcp safe to use?

io.github.mshegolev/sonarqube-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.mshegolev/sonarqube-mcp?

io.github.mshegolev/sonarqube-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.mshegolev/sonarqube-mcp?

io.github.mshegolev/sonarqube-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

io.github.mshegolev/sonarqube-mcp

SonarQube MCP — projects, metrics, quality gate, issues, worst-metric ranking.

0 tools GitHub

No known CVEs

No license

Maintenance unknown

No commit data

Untested

Transport: stdio

0 tools

Grade F

Analytics

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-mshegolev-sonarqube-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mshegolev-sonarqube-mcp)](https://mcppedia.org/s/io-github-mshegolev-sonarqube-mcp)

Read me

What io.github.mshegolev/sonarqube-mcp does

SonarQube MCP — projects, metrics, quality gate, issues, worst-metric ranking.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

15/100across 5 weighted dimensions

How we score →

0255075100

−85

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.mshegolev/sonarqube-mcp safe to use?: io.github.mshegolev/sonarqube-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.mshegolev/sonarqube-mcp?: io.github.mshegolev/sonarqube-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.mshegolev/sonarqube-mcp?: io.github.mshegolev/sonarqube-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

Others in analytics

View all →

Observability Mcp92

MCP Server for GCP environment for interacting with various Observability APIs.

728 10

Mcp Gitlab Server88

Enhanced MCP server for GitLab: group projects listing and activity tracking

47 2

Actions Pulse MCP Server87

Real-time GitHub Actions observability: DORA Metrics, Cost Analysis, CI/CD Health dashboards.

3 1

Llmkit MCP Server87

AI cost tracking: 11 tools for spend, budgets, and Claude Code + Cursor + Cline costs

8 11

MCP Security Weekly

Get CVE alerts and security updates for io.github.mshegolev/sonarqube-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Analytics

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-mshegolev-sonarqube-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mshegolev-sonarqube-mcp)](https://mcppedia.org/s/io-github-mshegolev-sonarqube-mcp)

Read me

What io.github.mshegolev/sonarqube-mcp does

SonarQube MCP — projects, metrics, quality gate, issues, worst-metric ranking.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

sonarqube-mcp

MCP server for SonarQube. Lets an LLM agent (Claude Code, Cursor, OpenCode, etc.) discover projects, pull headline metrics, check Quality Gate status, search issues with severity/type filters, and rank projects by the worst value of any metric.

Python, FastMCP, stdio transport.

Works with any SonarQube 9.x / 10.x instance (self-hosted) and with SonarCloud.

Why another SonarQube MCP?

A few community SonarQube MCPs exist, but they tend to stop at single-project reads. This one adds cross-project ranking (sonarqube_worst_metrics) — the operation a lead actually runs during a triage session: "show me the top 10 worst-coverage services in the org". All tools are read-only and safely parameterised (Pydantic input validation, severity / type whitelists).

Design highlights

Tool annotations — all five tools carry readOnlyHint: True, destructiveHint: False, idempotentHint: True. Nothing can mutate SonarQube from this server.
Structured output — every tool returns a typed payload (TypedDict) + a markdown summary, so clients with and without structured-content support both get a usable response.
Structured errors — 401 / 403 / 404 / 400 / 429 / 5xx mapped to actionable hints (e.g. "regenerate token", "check project key with sonarqube_list_projects").
Pydantic input validation for every argument; severity / type filters are checked against the valid SonarQube enum before the request is sent.
Cross-project worst-metric ranking — batches /api/measures/search calls under the hood, sorts ascending or descending based on whether higher is worse for the chosen metric.

Features (5 tools)

Discovery

sonarqube_list_projects — paginated project search with optional text filter

Single-project insight

sonarqube_project_metrics — measures for one project (default set covers bugs / coverage / smells / ratings / ncloc / tests / alert_status)
sonarqube_quality_gate_status — Quality Gate status + per-condition failures

Issue triage

sonarqube_get_issues — issue search filtered by severity / type / resolution status

Cross-project ranking

sonarqube_worst_metrics — top-N projects sorted by the worst value of a metric (e.g. worst coverage, most bugs)

Installation

Requires Python 3.10+.

# via uvx (recommended — no install, just run)
uvx --from sonarqube-mcp sonarqube-mcp

# or via pipx
pipx install sonarqube-mcp

Configuration

claude mcp add sonarqube -s project \
  --env SONARQUBE_URL=https://sonar.example.com \
  --env SONARQUBE_TOKEN=squ_your_token \
  --env SONARQUBE_SSL_VERIFY=true \
  -- uvx --from sonarqube-mcp sonarqube-mcp

Or in .mcp.json:

{
  "mcpServers": {
    "sonarqube": {
      "type": "stdio",
      "command": "uvx",
      "args": ["--from", "sonarqube-mcp", "sonarqube-mcp"],
      "env": {
        "SONARQUBE_URL": "https://sonar.example.com",
        "SONARQUBE_TOKEN": "${SONARQUBE_TOKEN}",
        "SONARQUBE_SSL_VERIFY": "true"
      }
    }
  }
}

Check:

claude mcp list
# sonarqube: uvx --from sonarqube-mcp sonarqube-mcp - ✓ Connected

Environment variables

Variable	Required	Description
`SONARQUBE_URL`	yes	SonarQube URL (no trailing slash)
`SONARQUBE_TOKEN`	yes	Bearer token. Generate in: My Account → Security → Tokens
`SONARQUBE_SSL_VERIFY`	no	`true`/`false`. Default: `true`.

Note on HTTP proxies. The client intentionall

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

15/100across 5 weighted dimensions

How we score →

0255075100

−85

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.mshegolev/sonarqube-mcp safe to use?: io.github.mshegolev/sonarqube-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.mshegolev/sonarqube-mcp?: io.github.mshegolev/sonarqube-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.mshegolev/sonarqube-mcp?: io.github.mshegolev/sonarqube-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.