Audit report
SonarSource/sonarqube-mcp-server
https://github.com/SonarSource/sonarqube-mcp-server
Type: mcp · Audited 2026-05-22
Top fixes
- high
Get the server into public MCP config files
Get the server into public MCP config files. Few or none reference it today, and real adoption is the strongest trust signal an agent has.
Sub-scores
Discoverability
Agents can only recommend tools they can find. llms.txt and open robots.txt are the fastest wins.
Passing
- ✓Repository has a clear description (72)
- ✓Repository has topics/tags (8)
- ✓Identifiable as an MCP server
- ✓README opens with a one-line summary
Installation
Config-file appearances are the closest thing to a real install count for MCP servers.
Passing
- ✓README shows an MCP client config block
- ✓README has an install or run command
- ✓Ships a package manifest
- ✓Transport or configuration is documented
Tool definitions
Structured markup lets agents extract facts reliably instead of guessing from prose.
Passing
- ✓Ships a server.json manifest
- ✓README enumerates the tools
- ✓Tools are described, not just named
- ✓README shows usage examples
Documentation
Thin or poorly-described content gives agents nothing to summarise or cite.
Passing
- ✓Substantive README (1200+ chars) (68044)
- ✓README states what the server is for
- ✓README is organized into sections (50)
- ✓Versioned releases or a changelog
Trust & adoption
Models pattern-match provenance signals before recommending — missing basics trigger silent skips.
Missing
- ✗Appears in public MCP config files (0)
Passing
- ✓Open-source license (NOASSERTION)
- ✓Pushed in the last 90 days (0)
- ✓Multiple contributors (24)
- ✓25+ GitHub stars (556)
- ✓Has tests or CI
- ✓Has tagged releases (1.18.1.2664)
- ✓Discussed on Hacker News or Reddit (3)
Generated llms.txt
Drop this at /llms.txt on your domain.
# SonarQube MCP Server > An MCP server implementation that provides programmatic access to SonarQube code quality analysis data. This project implements the Model Context Protocol (MCP) to expose SonarQube's code quality metrics, issues, and analysis results to AI agents. It enables automated inspection and understanding of code quality data from SonarQube instances through a standardized protocol. ## Products - MCP Server: Protocol implementation connecting to SonarQube instances for quality data access - Issue Analysis: Retrieval and analysis of code issues, vulnerabilities, and technical debt - Metrics Exposure: Access to project metrics, coverage data, and quality gates ## Documentation - [GitHub Repository](https://github.com/SonarSource/sonarqube-mcp-server): Source code, setup instructions, and implementation details - [MCP Specification](https://modelcontextprotocol.io/): Protocol standard that this server implements - [SonarQube API Documentation](https://docs.sonarqube.org/latest/): API reference for underlying SonarQube data access ## Policies - Requires active SonarQube instance with network access - Authentication credentials needed for SonarQube connection - Access permissions depend on SonarQube user roles and project permissions
Embed badge
Paste this into your README to display your live score.
[](https://mcprank-green.vercel.app/r/github.com-sonarsource-sonarqube-mcp-server-3100ee)
Get notified when this changes
We re-audit periodically. We'll email you when this score moves.
Discovery Report · free
The audit tells you whether agents CAN pick this server. Want to know whether they actually DO?
The Discovery Report measures which queries agents route to this server vs its rivals across multiple AI model families. It picks the one intent where you have the most leverage and gives you a concrete change to ship this week. Free.