SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities.
An MCP server that integrates SAST, DAST, and SCA security tools to enable AI-driven vulnerability scanning and automated security reporting. It allows AI assistants to execute and analyze results from tools like Semgrep, OWASP ZAP, and Trivy within a DevSecOps workflow.
Last updated 2 months ago
6
MIT
Why this server?
Provides output formats compatible with SonarQube for static code analysis integration
Provides tools for accessing code quality and security analysis data from SonarQube instances, including project listing, issue searching (bugs, vulnerabilities, code smells), quality gate status checks, and retrieval of code metrics.
Server for SonarQube
Give AI assistants direct access to your code quality, security & analysis data
Last updated 11 days ago
MIT
Why this server?
Provides tools for interacting with SonarQube APIs, enabling token-based authentication, project listing and details retrieval, and metrics collection from SonarQube instances.
🚀 Kill the Junior AI Era. 🤖 Level up your AI code to Principal standards. No more sloppy lines or junior mistakes. Automated ESLint ✨ TypeScript 🔧 Prettier 🎨 SonarQube 🛡️ Security 🔒 Complexity 📊 in seconds. High-stakes quality, forced to ship only the best. ⚡🏆 Goodbye, bad code. Hello, Principal Engineer. 🚀✨
Last updated 10 days ago
72
12
MIT
Why this server?
Provides tools for retrieving metrics, historical data, and component tree metrics from SonarQube projects. Enables querying project status, listing projects, fetching code quality metrics (bugs, vulnerabilities, code smells, coverage, duplication density), and retrieving project issues with filtering options.
A server that provides tools for retrieving SonarQube project metrics and quality data through a simplified message-based approach, allowing users to programmatically access metrics, historical data, and component-level information from SonarQube.
Last updated 13 days ago
12
Apache 2.0
Why this server?
Integrates deep code quality metrics and linting data into the server's comprehensive analysis reports.
An orchestrator that coordinates multiple security and quality tools like Semgrep and ESLint to provide comprehensive code analysis and scoring. It enables users to perform vulnerability scanning, architecture metrics, and impact analysis through CLI, REST, or MCP interfaces.
Last updated 4 months ago
1
Why this server?
Provides access to code scan coverage metrics and attestation details from SonarQube for compliance monitoring.
Enables AI assistants to query software supply chain compliance data, including asset status, security vulnerabilities, and evidence lineage. It allows for natural language analysis of compliance posture, policy violations, and deployment blockers across an organization.
Last updated 2 months ago
Why this server?
Provides automated code quality analysis and linting gates for multiple programming languages during the verification process.