Fastmcp Sonarqube Metrics | AI Builder Hub Review & Alternatives | Flaex AI

VERIFIED

Fastmcp Sonarqube Metrics

Safety: 60/100

0.0(0)

Provides tools to interact with SonarQube via FastMCP, enabling programmatic access to metrics, project management, and issue retrieval for analysis and reporting.

MCP ServersProductivityDevelopmentData & DatabasesSearch & WebAI & LLMUtilitiesCloud & InfrastructureFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

Provides tools to interact with SonarQube via FastMCP, enabling programmatic access to metrics, project management, and issue retrieval for analysis and reporting.

This server provides both read and write access to SonarQube data. While the use of API tokens and privilege separation improves security, the project deletion tool and potential for information disclosure require careful management and monitoring. It's safe to use for read-only operations and project creation with proper access controls, but risky when deleting projects or handling sensitive data without adequate precautions.

Performance depends on the size of the SonarQube project and the number of components being analyzed. Retrieving large component trees can be slow.

Cost is primarily related to SonarQube API usage. Consider rate limits and optimize queries to minimize API calls.

HybridPython12 starsApache-2.0Released 6/9/2025

Connections & Capabilities

Connects To

GitHub

Capabilities

ReadWriteAdmin

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Install

pip install fastmcp

Claude Desktop Config

{
    "mcpServers": {
        "fastmcp-sonarqube-metrics": {
            "command": "uv",
            "args": [
                "--directory",
                "/ABSOLUTE/PATH/TO/PARENT/FOLDER/fastmcp-sonarqube-metrics",
                "run",
                "server.py"
            ]
        }
    }
}

Environment Variables

AZURE_OPENAI_API_KEYAZURE_OPENAI_ENDPOINT

Tools (8)

safe

get_status

Performs a health check on the configured SonarQube instance.

Read-only operation, no side effects.

moderate

create_sonarqube_project

Creates a new SonarQube project.

Requires administrator privileges, but creates a new resource.

critical

delete_sonarqube_project

Deletes a SonarQube project.

Destructive operation, irreversible data loss.

safe

list_projects

Lists all accessible SonarQube projects, optionally filtered by name or key.

Read-only operation, no side effects.

safe

get_sonarqube_metrics

Retrieves specified metrics for a given SonarQube project key.

Read-only operation, no side effects.

safe

get_sonarqube_metrics_history

Retrieves historical metrics for a given SonarQube project.

Read-only operation, no side effects.

safe

get_sonarqube_component_tree_metrics

Retrieves metric values for all components in a project.

Read-only operation, no side effects.

safe

get_project_issues

Fetch SonarQube issues for a given project, optionally filtered by type, severity, and resolution status.

Read-only operation, no side effects.

Security

Auth Method

API Key

Data Locality

hybrid

Known Risks

!Exposure of SonarQube API token in environment variables.
!Unvalidated input could lead to unexpected API calls.
!Potential for unauthorized project deletion if API token is compromised.
!Information disclosure if access is not properly restricted.

Safety Score

moderate risk

Positive

+Uses API token for authentication.
+Clear separation of read and write operations.
+Some tools require administrator privileges, limiting access.
+No direct filesystem access.

Risks

-API token compromise could lead to unauthorized access.
-Project deletion tool requires caution.
-Potential for information disclosure if not properly configured.
-Lack of input validation could lead to unexpected behavior.

Use Cases

Code Quality Analysis

-Automated reporting of code quality metrics.
-Tracking historical trends in code quality.
-Identifying specific issues in a project.

Project Management

-Creating and deleting SonarQube projects.
-Listing available projects for analysis.
-Integrating SonarQube data into project dashboards.

Security Monitoring

-Tracking vulnerabilities and security hotspots.
-Generating reports on security risks.
-Integrating security data into SIEM systems.

DevOps Automation

-Automating code quality checks in CI/CD pipelines.
-Triggering alerts based on code quality metrics.
-Integrating SonarQube data into deployment workflows.

Who Is This For?

Best For

DevOps engineers automating code quality checks.
Security analysts monitoring vulnerabilities.
Project managers tracking code quality metrics.
Developers integrating SonarQube data into their workflows.

Not Ideal For

Environments with strict security requirements and no API key management.
Users who need real-time updates on code quality metrics.
Projects that require complex data transformations or aggregations.

Autonomy & Execution

Default ModeConfigurable

Destructive ToolsSandboxed

Autonomy should be carefully configured, especially when using tools that modify or delete SonarQube projects. Consider limiting access to destructive tools.

StatelessYes

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Monitor the server logs for any errors or unexpected behavior, and implement robust error handling in client applications.

FAQ

What permissions are required for the SonarQube API token?

The API token requires permissions to access project metrics, component trees, and issues. Administrator privileges are required for creating and deleting projects.

How do I configure the SonarQube URL and API token?

Set the `SONARQUBE_URL` and `SONARQUBE_TOKEN` environment variables in the `.env` file.

Can I filter the issues retrieved by the `get_project_issues` tool?

Yes, you can filter by issue type, severity, and resolution status.

What is the maximum number of issues that can be retrieved by the `get_project_issues` tool?

The tool returns up to a specified limit, defaulting to 10 issues.

How do I use the `get_sonarqube_component_tree_metrics` tool for large projects?

The tool automatically handles pagination to retrieve all results, but performance may be slow for very large projects.

Is it safe to use the `delete_sonarqube_project` tool?

Use with extreme caution, as it permanently deletes the project and its associated data. Ensure you have proper backups before using this tool.

What transport types are supported?

The server supports stdio and SSE transport types. Configure the `TRANSPORT` environment variable to select the desired transport.

Key Features

Productivity Development Data & Databases Search & Web AI & LLM Utilities Cloud & Infrastructure

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Fastmcp Sonarqube Metrics

Overview

Connections & Capabilities

Connects To

Capabilities

Client Compatibility

Quickstart

Install

Claude Desktop Config

Environment Variables

Tools (8)

Security

Safety Score

Positive

Risks

Use Cases

Code Quality Analysis

Project Management

Security Monitoring

DevOps Automation

Who Is This For?

Best For

Not Ideal For

Autonomy & Execution

FAQ

What permissions are required for the SonarQube API token?

How do I configure the SonarQube URL and API token?

Can I filter the issues retrieved by the `get_project_issues` tool?

What is the maximum number of issues that can be retrieved by the `get_project_issues` tool?

How do I use the `get_sonarqube_component_tree_metrics` tool for large projects?

Is it safe to use the `delete_sonarqube_project` tool?

What transport types are supported?

Key Features

Metrics

Related Tools