Is SonarQube safe to install?
SonarSource · Dev tools · stdio (local process)
Integrate SonarQube Server or Cloud for code quality and security analysis.
Scan
AxioRank has not graded SonarQube yet
AxioRank could not enumerate SonarQube's surface (server process exited (1): at org.sonarsource.sonarqube.mcp.SonarQubeMcpServer.main(SonarQubeMcpServer.java:159)). Many remote servers gate even a read-only handshake behind OAuth. This listing stays factual and updates when a scan succeeds.
View the sourceInstall
Add SonarQube to your client
Drop this into your MCP client config (Claude Desktop, Cursor, and others).
{
"mcpServers": {
"sonarqube": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SONARQUBE_TOKEN",
"-e",
"SONARQUBE_ORG",
"sonarsource/sonarqube-mcp"
]
}
}
}Embed
Show the grade in your README
[](https://axiorank.com/mcp-index/sonarqube)Directory
More Dev tools servers
How it works
About this grade
The grade reflects the blast radius of what SonarQube declares it can do, read-only, not whether it is secure or trustworthy, and not a judgment of the vendor. Maintain this server? Claim this listing or request a re-scan. See the methodology.
Email me this scorecard
Get the SonarQube grade in your inbox.
Let your agents use SonarQube safely
Route this server through AxioRank to allowlist its tools, hold risky calls for approval, and keep a signed audit trail of every action.
Start free