How to Use SonarQube MCP for Code Quality

Analyze code quality metrics, inspect issues, track technical debt, and enforce quality gates in SonarQube directly from Claude Code.

sonarqubecode-qualitystatic-analysissecurityclaude-code

What is the SonarQube MCP?

SonarQube is the industry-standard platform for continuous code quality and security analysis. The SonarQube MCP connects Claude Code to your SonarQube or SonarCloud instance, enabling it to inspect quality issues, review security hotspots, track technical debt, and check quality gate status — integrating static analysis directly into your coding workflow.

Installation

mcpizy install sonarqube

Generate a SonarQube user token from My Account > Security > Tokens and provide it along with your SonarQube server URL during setup. For SonarCloud, use https://sonarcloud.io.

Key Capabilities

List and filter issues — search bugs, vulnerabilities, code smells, and security hotspots by severity, type, or component.
Read issue details — get full context including the affected line, rule description, and remediation guidance.
Check quality gate status — verify if a project passes the quality gate before merging.
Track metrics — query code coverage, duplication ratio, maintainability rating, and technical debt.
Manage projects — list analyzed projects and their last analysis timestamps.

Example Usage

Before merging a PR, verify code quality:

// Claude will:
// 1. Check the quality gate status for the branch analysis
// 2. List any new blocker or critical issues introduced by the PR
// 3. Show the full rule description and fix guidance for each issue
// 4. Report the coverage delta vs. the main branch

Tips and Best Practices

Configure Quality Gates to fail on new issues — this makes Claude's pre-merge checks meaningful.
Focus on new code — SonarQube's "new code" concept lets you set stricter standards for changed code while gradually improving legacy code.
Combine with the GitHub MCP to post SonarQube issue summaries as PR review comments.
Use SonarQube's security hotspot review workflow — Claude can help you understand if a hotspot is a true vulnerability or a false positive.

View on MCPizy Marketplace

Found this useful? Share it.

MCP Servers Mentioned

Sonarqube Github Sentry

All Articles Browse Marketplace

What is the SonarQube MCP?

Key Capabilities

List and filter issues — search bugs, vulnerabilities, code smells, and security hotspots by severity, type, or component.

Read issue details — get full context including the affected line, rule description, and remediation guidance.

Check quality gate status — verify if a project passes the quality gate before merging.

Track metrics — query code coverage, duplication ratio, maintainability rating, and technical debt.

Manage projects — list analyzed projects and their last analysis timestamps.

Example Usage

Before merging a PR, verify code quality:

// Claude will: // 1. Check the quality gate status for the branch analysis // 2. List any new blocker or critical issues introduced by the PR // 3. Show the full rule description and fix guidance for each issue // 4. Report the coverage delta vs. the main branch

Tips and Best Practices

Configure Quality Gates to fail on new issues — this makes Claude's pre-merge checks meaningful.

Focus on new code — SonarQube's "new code" concept lets you set stricter standards for changed code while gradually improving legacy code.

Combine with the GitHub MCP to post SonarQube issue summaries as PR review comments.

Use SonarQube's security hotspot review workflow — Claude can help you understand if a hotspot is a true vulnerability or a false positive.