Skip to main content
Glama
dozzman

SonarCloud MCP Server

by dozzman
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

summarize_sonarcloud_issues

Provides a high-level summary of SonarCloud issues for a pull request to identify and fix code quality problems.

Instructions

Get a high-level summary of SonarCloud issues for a PR

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pullRequestNoPull request id
tokenNoSonarCloud API token (optional if set in environment)
impactSeveritiesNoComma-separated list of impact severities.
sinceLeakPeriodNoTo retrieve issues created since the leak period. If this parameter is set to a truthy value, createdAfter must not be set and one component id or key must be provided. (default: false)
issueStatusesNoComma-separated list of issue statuses

Implementation Reference

  • src/index.ts:605-645 (handler)
    The main handler function 'summarizeSonarCloudIssues' that fetches raw SonarCloud issues, then summarizes them by severity, type, status, debt, effort, top rules, and files affected.
    private async summarizeSonarCloudIssues(args: any): Promise<any> {
  // Get the raw issues first
  const issuesResponse = await this.fetchSonarCloudIssues({
    ...args,
    additionalFields: ["_all"],
    facets: ["issueStatuses", "impactSeverities", "types", "rules"],
    ps: 500 // Get more issues for better summary
  });
  
  const data = JSON.parse(issuesResponse.content[0].text);
  const issues = data.issues;
  
  // Create summary
  const summary: IssueSummary = {
    totalIssues: data.summary.total,
    criticalIssues: issues.filter((i: any) => i.severity === "BLOCKER").length,
    highImpactIssues: issues.filter((i: any) => i.severity === "CRITICAL" || i.severity === "MAJOR").length,
    mediumImpactIssues: issues.filter((i: any) => i.severity === "MINOR").length,
    lowImpactIssues: issues.filter((i: any) => i.severity === "INFO").length,
    infoIssues: issues.filter((i: any) => i.severity === "INFO").length,
    bugCount: issues.filter((i: any) => i.type === "BUG").length,
    vulnerabilityCount: issues.filter((i: any) => i.type === "VULNERABILITY").length,
    codeSmellCount: issues.filter((i: any) => i.type === "CODE_SMELL").length,
    securityHotspotCount: issues.filter((i: any) => i.type === "SECURITY_HOTSPOT").length,
    openIssues: issues.filter((i: any) => i.status === "OPEN").length,
    confirmedIssues: issues.filter((i: any) => i.status === "CONFIRMED").length,
    totalDebt: data.debtTotal?.toString() || "0",
    totalEffort: data.effortTotal?.toString() || "0",
    topRules: this.getTopRules(issues),
    filesAffected: new Set(issues.map((i: any) => i.component)).size,
  };
  
  return {
    content: [
      {
        type: "text",
        text: JSON.stringify(summary, null, 2),
      },
    ],
  };
}
  • src/index.ts:350-389 (schema)
    Input schema for 'summarize_sonarcloud_issues' defining parameters: pullRequest, token, impactSeverities, sinceLeakPeriod, and issueStatuses.
    inputSchema: {
  type: "object",
  properties: {
    pullRequest: {
      type: "string",
      description: "Pull request id",
    },
    token: {
      type: "string",
      description: "SonarCloud API token (optional if set in environment)",
    },
    impactSeverities: {
      type: "array",
      items: {
        type: "string",
        enum: ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"],
      },
      description: "Comma-separated list of impact severities.",
    },
    sinceLeakPeriod: {
      type: "boolean",
      description: "To retrieve issues created since the leak period. If this parameter is set to a truthy value, createdAfter must not be set and one component id or key must be provided. (default: false)",
    },
    issueStatuses: {
      type: "array",
      items: {
        type: "string",
        enum: [
          "OPEN",
          "CONFIRMED",
          "FALSE_POSITIVE",
          "ACCEPTED",
          "FIXED",
        ],
      },
      description: "Comma-separated list of issue statuses",
    },
  },
  required: [],
},
  • src/index.ts:94-393 (registration)
    Registration of the tool in the ListToolsRequestSchema handler, under 'tools' array entry with name 'summarize_sonarcloud_issues'.
    this.server.setRequestHandler(ListToolsRequestSchema, async () => {
  return {
    tools: [
      {
        name: "fetch_sonarcloud_issues",
        description: "Fetch SonarCloud issues for a specific pull request",
        inputSchema: {
          type: "object",
          properties: {
            additionalFields: {
              type: "array",
              items: {
                type: "string",
                enum: ["_all", "comments", "languages", "actionPlans", "rules", "ruleDescriptionContextKey", "transitions", "actions", "users"]
              },
              description: "Comma-separated list of the optional fields to be returned in response. Action plans are dropped in 5.5, it is not returned in the response.",
            },
            asc: {
              type: "boolean",
              description: "Ascending sort (default: true)",
            },
            assigned: {
              type: "boolean",
              description: "To retrieve assigned or unassigned issues",
            },
            assignees: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of assignee logins. The value '__me__' can be used as a placeholder for user who performs the request",
            },
            author: {
              type: "array",
              items: {
                type: "string"
              },
              description: "SCM accounts. To set several values, the parameter must be called once for each value.",
            },
            branch: {
              type: "string",
              description: "Branch key",
            },
            cleanCodeAttributeCategories: {
              type: "array",
              items: {
                type: "string",
                enum: ["ADAPTABLE", "CONSISTENT", "INTENTIONAL", "RESPONSIBLE"]
              },
              description: "Comma-separated list of clean code attribute categories.",
            },
            componentKeys: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of component keys. Retrieve issues associated to a specific list of components (and all its descendants). A component can be a project, directory or file.",
            },
            createdAfter: {
              type: "string",
              description: "To retrieve issues created after the given date (inclusive). Either a date (server timezone) or datetime can be provided. If this parameter is set, createdSince must not be set",
            },
            createdAt: {
              type: "string",
              description: "Datetime to retrieve issues created during a specific analysis",
            },
            createdBefore: {
              type: "string",
              description: "To retrieve issues created before the given date (inclusive). Either a date (server timezone) or datetime can be provided.",
            },
            createdInLast: {
              type: "string",
              description: "To retrieve issues created during a time span before the current time (exclusive). Accepted units are 'y' for year, 'm' for month, 'w' for week and 'd' for day. If this parameter is set, createdAfter must not be set",
            },
            cwe: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of CWE identifiers. Use 'unknown' to select issues not associated to any CWE.",
            },
            facets: {
              type: "array",
              items: {
                type: "string",
                enum: [
                  "projects",
                  "moduleUuids",
                  "fileUuids",
                  "assigned_to_me",
                  "severities",
                  "statuses",
                  "issueStatuses",
                  "resolutions",
                  "rules",
                  "assignees",
                  "author",
                  "directories",
                  "languages",
                  "tags",
                  "types",
                  "owaspTop10",
                  "owaspTop10-2021",
                  "cwe",
                  "createdAt",
                  "sonarsourceSecurity",
                  "impactSoftwareQualities",
                  "impactSeverities",
                  "cleanCodeAttributeCategories",
                ],
              },
              description: "Comma-separated list of the facets to be computed. No facet is computed by default.",
            },
            impactSeverities: {
              type: "array",
              items: {
                type: "string",
                enum: ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"],
              },
              description: "Comma-separated list of impact severities.",
            },
            impactSoftwareQualities: {
              type: "array",
              items: {
                type: "string",
                enum: ["MAINTAINABILITY", "RELIABILITY", "SECURITY"]
              },
              description: "Comma-separated list of software qualities.",
            },
            issueStatuses: {
              type: "array",
              items: {
                type: "string",
                enum: [
                  "OPEN",
                  "CONFIRMED",
                  "FALSE_POSITIVE",
                  "ACCEPTED",
                  "FIXED",
                ],
              },
              description: "Comma-separated list of issue statuses",
            },
            issues: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of issue keys",
            },
            languages: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of languages. Available since 4.4",
            },
            onComponentOnly: {
              type: "boolean",
              description: "Return only issues at a component's level, not on its descendants (modules, directories, files, etc). This parameter is only considered when componentKeys or componentUuids is set. (default: false)",
            },
            organization: {
              type: "string",
              description: "Organization key",
            },
            owaspTop10: {
              type: "array",
              items: {
                type: "string",
                enum: ["a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"]
              },
              description: "Comma-separated list of OWASP Top 10 lowercase categories.",
            },
            "owaspTop10-2021": {
              type: "array",
              items: {
                type: "string",
                enum: ["a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "a10"]
              },
              description: "Comma-separated list of OWASP Top 10 - 2021 lowercase categories.",
            },
            p: {
              type: "number",
              description: "1-based page number (default: 1)",
              minimum: 1,
            },
            ps: {
              type: "number",
              description: "Page size. Must be greater than 0 and less or equal than 500 (default: 100)",
              minimum: 1,
              maximum: 500,
            },
            pullRequest: {
              type: "string",
              description: "Pull request id",
            },
            resolved: {
              type: "boolean",
              description: "To match resolved or unresolved issues",
            },
            rules: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of coding rule keys. Format is <repository>:<rule>",
            },
            s: {
              type: "string",
              enum: [
                "CREATION_DATE",
                "ASSIGNEE",
                "STATUS",
                "UPDATE_DATE",
                "CLOSE_DATE",
                "HOTSPOTS",
                "FILE_LINE",
                "SEVERITY",
              ],
              description: "Sort field",
            },
            sinceLeakPeriod: {
              type: "boolean",
              description: "To retrieve issues created since the leak period. If this parameter is set to a truthy value, createdAfter must not be set and one component id or key must be provided. (default: false)",
            },
            sonarsourceSecurity: {
              type: "array",
              items: {
                type: "string",
                enum: [
                  "buffer-overflow", "permission", "sql-injection", "command-injection", "path-traversal-injection",
                  "ldap-injection", "xpath-injection", "rce", "dos", "ssrf", "csrf", "xss", "log-injection",
                  "http-response-splitting", "open-redirect", "xxe", "object-injection", "weak-cryptography",
                  "auth", "insecure-conf", "encrypt-data", "traceability", "file-manipulation", "others"
                ]
              },
              description: "Comma-separated list of SonarSource security categories. Use 'others' to select issues not associated with any category",
            },
            tags: {
              type: "array",
              items: {
                type: "string"
              },
              description: "Comma-separated list of tags.",
            },
            token: {
              type: "string",
              description: "SonarCloud API token (optional if set in environment)",
            },
          },
          required: [],
        },
      },
      {
        name: "summarize_sonarcloud_issues",
        description: "Get a high-level summary of SonarCloud issues for a PR",
        inputSchema: {
          type: "object",
          properties: {
            pullRequest: {
              type: "string",
              description: "Pull request id",
            },
            token: {
              type: "string",
              description: "SonarCloud API token (optional if set in environment)",
            },
            impactSeverities: {
              type: "array",
              items: {
                type: "string",
                enum: ["INFO", "LOW", "MEDIUM", "HIGH", "BLOCKER"],
              },
              description: "Comma-separated list of impact severities.",
            },
            sinceLeakPeriod: {
              type: "boolean",
              description: "To retrieve issues created since the leak period. If this parameter is set to a truthy value, createdAfter must not be set and one component id or key must be provided. (default: false)",
            },
            issueStatuses: {
              type: "array",
              items: {
                type: "string",
                enum: [
                  "OPEN",
                  "CONFIRMED",
                  "FALSE_POSITIVE",
                  "ACCEPTED",
                  "FIXED",
                ],
              },
              description: "Comma-separated list of issue statuses",
            },
          },
          required: [],
        },
      },
    ],
  };
});
  • src/index.ts:395-407 (registration)
    Call routing: when 'summarize_sonarcloud_issues' is called, it dispatches to summarizeSonarCloudIssues method.
    this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
  const { name, arguments: args } = request.params;

  if (name === "fetch_sonarcloud_issues") {
    return await this.fetchSonarCloudIssues(args);
  }
  
  if (name === "summarize_sonarcloud_issues") {
    return await this.summarizeSonarCloudIssues(args);
  }

  throw new Error(`Unknown tool: ${name}`);
});
  • src/index.ts:647-657 (helper)
    Helper function 'getTopRules' that counts rule occurrences and returns the top 10 most common rules.
    private getTopRules(issues: any[]): Array<{rule: string; count: number}> {
  const ruleCounts = issues.reduce((acc, issue) => {
    acc[issue.rule] = (acc[issue.rule] || 0) + 1;
    return acc;
  }, {} as Record<string, number>);
  
  return Object.entries(ruleCounts)
    .sort(([,a], [,b]) => (b as number) - (a as number))
    .slice(0, 10)
    .map(([rule, count]) => ({rule, count: count as number}));
}
  • src/index.ts:52-72 (helper)
    IssueSummary interface used as the return type schema for the summarized output.
    interface IssueSummary {
  totalIssues: number;
  criticalIssues: number;
  highImpactIssues: number;
  mediumImpactIssues: number;
  lowImpactIssues: number;
  infoIssues: number;
  bugCount: number;
  vulnerabilityCount: number;
  codeSmellCount: number;
  securityHotspotCount: number;
  openIssues: number;
  confirmedIssues: number;
  totalDebt: string;
  totalEffort: string;
  topRules: Array<{
    rule: string;
    count: number;
  }>;
  filesAffected: number;
}

Tool Definition Quality

B3.1/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations. Description does not disclose whether the tool modifies state, requires authentication beyond token (optional in schema), or any side effects.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Single sentence, front-loaded, no redundant information. Efficient but perhaps too brief for a 5-param tool.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Description lacks details about the output format, what 'high-level summary' means, and any prerequisites. Despite full schema coverage, the return value and usage constraints are unclear.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema descriptions already cover 100% of parameters. The tool description adds no additional semantic meaning for any parameter.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'Get', the resource 'high-level summary of SonarCloud issues', and the scope 'for a PR', distinguishing it from the sibling tool 'fetch_sonarcloud_issues'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this summary tool vs the sibling 'fetch_sonarcloud_issues'. Lacks explicit conditions or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dozzman/sonarcloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server