SonarQube MCP Server
io.github.SonarSource/sonarqube-mcp-server
Analyze code quality and security with SonarQube Server or Cloud directly in AI assistants.
Install surfaces
How SonarQube MCP Server runs, per the official MCP registry entry.
- oci
docker.io/mcp/sonarqube:sha256:d9dc2f44f4f624bdc5fb5817abc74f6244dd40b2d03036380cd6253eff374ae5
Governed execution
How KLA gates calls to SonarQube MCP Server once it is connected.
A published policy defines which SonarQube MCP Server actions an agent may take and under what conditions. Each call passes through a policy gate at the tool-call boundary. Permitted actions execute, with the policy basis recorded. Flagged actions execute and are sampled for scheduled human review. High-stakes actions pause and route to a named reviewer on the Decision Desk. The call, the policy decision, and any approval are sealed as an evidence record.
KLA also governs the agent frameworks and model providers you already run. See integrations.
