> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SonarQube

> Connect SonarQube to CloudThinker for continuous code quality analysis, security scanning, and technical debt tracking

Connect your SonarQube instance to enable CloudThinker agents to analyze code quality, review security hotspots, and monitor quality gate statuses across your projects.

***

## Supported Platforms

| Platform             | Support           |
| -------------------- | ----------------- |
| **SonarQube Cloud**  | All organizations |
| **SonarQube Server** | 2025.4 and above  |

<Info>
  CloudThinker uses the official SonarSource MCP server, which requires SonarQube Server 2025.4+ or SonarQube Cloud.
</Info>

***

## Setup

<Tabs>
  <Tab title="SonarQube Cloud">
    <Steps>
      <Step title="Generate a Token">
        Go to [SonarQube Cloud](https://sonarcloud.io/) → **My Account → Security → Generate Tokens**:

        * **Name**: `cloudthinker`
        * **Type**: `User Token`
        * **Expires in**: Set an appropriate duration

        Copy the token — it will not be shown again.
      </Step>

      <Step title="Find Your Organization Key">
        Go to **My Organizations** and note the organization key from the URL:

        ```
        https://sonarcloud.io/organizations/YOUR_ORG_KEY
        ```
      </Step>

      <Step title="Add Connection in CloudThinker">
        Navigate to **Connections → SonarQube** and enter:

        * **Token**: The token you generated
        * **Deployment Type**: Select **SonarQube Cloud**
        * **Organization**: Your organization key
      </Step>
    </Steps>
  </Tab>

  <Tab title="SonarQube Server (Self-Hosted)">
    <Steps>
      <Step title="Generate a Token">
        Go to your SonarQube instance → **My Account → Security → Generate Tokens**:

        * **Name**: `cloudthinker`
        * **Type**: `User Token`
        * **Expires in**: Set an appropriate duration

        Copy the token — it will not be shown again.
      </Step>

      <Step title="Find Your Server URL">
        Your SonarQube Server URL is the address of your instance, e.g., `https://sonarqube.your-domain.com`.
      </Step>

      <Step title="Add Connection in CloudThinker">
        Navigate to **Connections → SonarQube** and enter:

        * **Token**: The token you generated
        * **Deployment Type**: Select **SonarQube Server**
        * **Server URL**: Your SonarQube instance URL
      </Step>
    </Steps>
  </Tab>
</Tabs>

<Warning>
  Copy the token immediately after generation. SonarQube will not show it again, and you'll need to create a new token if lost.
</Warning>

***

## Connection Details

| Field                           | Description                   | Example                             |
| ------------------------------- | ----------------------------- | ----------------------------------- |
| **SONARQUBE\_TOKEN**            | User token for authentication | `squ_xxxxx...`                      |
| **SONARQUBE\_DEPLOYMENT\_TYPE** | `cloud` or `self_hosted`      | `cloud`                             |
| **SONARQUBE\_ORG**              | Organization key (Cloud only) | `my-org`                            |
| **SONARQUBE\_URL**              | Server URL (Self-Hosted only) | `https://sonarqube.your-domain.com` |

***

## Required Permissions

### Minimum

* **Browse** permission on projects you want to analyze
* **Execute Analysis** permission for triggering scans

### Recommended

All minimum permissions, plus:

* **Administer** permission on projects for full quality gate management
* **Create Projects** permission for onboarding new projects

***

## Agent Capabilities

Once connected, agents can:

| Capability            | Description                                                    |
| --------------------- | -------------------------------------------------------------- |
| **Project Browsing**  | List and inspect all projects in your organization             |
| **Issue Analysis**    | Retrieve and categorize bugs, vulnerabilities, and code smells |
| **Quality Gates**     | Check quality gate statuses across projects                    |
| **Security Hotspots** | Review and prioritize security hotspots                        |
| **Code Duplication**  | Analyze code duplication metrics                               |
| **Code Metrics**      | Inspect coverage, complexity, and maintainability ratings      |

### Example Prompts

```bash theme={null}
@oliver analyze code quality metrics across all projects and check quality gate statuses
@oliver review all security hotspots and categorize them by risk level
@oliver list all blocker and high severity issues broken down by type
@tony check code coverage trends for the main project
```

***

## Troubleshooting

<Accordion title="Authentication failed">
  * Verify the token is correct and has not expired
  * Ensure the token type is `User Token`
  * Check the token has not been revoked
</Accordion>

<Accordion title="Organization not found (Cloud)">
  * Verify the organization key is correct
  * Ensure you are a member of the organization
  * Check the organization has not been deleted
</Accordion>

<Accordion title="Server unreachable (Self-Hosted)">
  * Verify the SonarQube URL is correct and accessible
  * Check firewall rules allow connections from CloudThinker
  * Ensure the SonarQube service is running
</Accordion>

<Accordion title="No projects visible">
  * Verify the token owner has Browse permission on the projects
  * Check project visibility settings (public vs. private)
  * Ensure projects exist in the organization
</Accordion>

***

## Security Best Practices

* **User token** - Use a dedicated user token, not a global analysis token
* **Token expiration** - Set appropriate expiration dates
* **Minimal permissions** - Grant only Browse permission for read-only analysis
* **Token rotation** - Rotate tokens every 90 days
* **HTTPS only** - Always use HTTPS for self-hosted instances

***

## Related

<CardGroup cols={2}>
  <Card title="Elasticsearch Connection" icon="https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/elasticsearch.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=c7389cfcd0bc8d303aeeb68bd19199ca" href="/guide/connections/elasticsearch" width="24" height="24" data-path="images/icons/elasticsearch.svg">
    Search code quality logs
  </Card>

  <Card title="Grafana Connection" icon="https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/grafana.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=c1329049025cd3c3a0909b400baef7be" href="/guide/connections/grafana" width="24" height="24" data-path="images/icons/grafana.svg">
    Visualize code quality metrics
  </Card>
</CardGroup>