https://github.com/SonarSource/sonarqube-mcp-server.git
· scanned 2026-05-16 13:31 UTC (3 weeks, 3 days ago)
· 10 languages
28 raw signals (10 security + 18 graph) 67th percentile · Java · medium (20-100K LoC) System graph score 66 (higher by 12)
Last scanned 3 weeks, 3 days ago · v1 · 6 actionable findings from 1 signal source. 2 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.
All 580 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
gemini-extension.json |
software | healthy | gemini-extension.json |
GEMINI.md |
software | healthy | GEMINI.md |
README.md |
software | healthy | README.md |
telemetry-sample.md |
software | healthy | telemetry-sample.md |
mise.toml |
software | healthy | mise.toml |
Dockerfile |
software | healthy | Dockerfile |
server.json |
software | healthy | server.json |
build.gradle.kts |
software | healthy | build.gradle.kts |
SECURITY.md |
software | healthy | SECURITY.md |
stdio-transport-architecture.md |
software | healthy | docs/stdio-transport-architecture.md |
tool-loading.md |
software | healthy | docs/tool-loading.md |
proxied-mcp-servers.md |
software | healthy | docs/proxied-mcp-servers.md |
PULL_REQUEST_TEMPLATE.md |
software | healthy | docs/PULL_REQUEST_TEMPLATE.md |
http-authentication-architecture.md |
software | healthy | docs/http-authentication-architecture.md |
contributing.md |
software | healthy | docs/contributing.md |
install-certificates.sh |
software | healthy | scripts/install-certificates.sh |
docker-entrypoint.sh |
software | healthy | scripts/docker-entrypoint.sh |
mcp.json |
software | healthy | agent_configurations/kiro_power/mcp.json |
POWER.md |
software | healthy | agent_configurations/kiro_power/POWER.md |
libs.versions.toml |
software | healthy | gradle/libs.versions.toml |
renovate.json |
software | healthy | .github/renovate.json |
PullRequestCreated.yml |
software | healthy | .github/workflows/PullRequestCreated.yml |
pr-cleanup.yml |
software | healthy | .github/workflows/pr-cleanup.yml |
PullRequestClosed.yml |
software | healthy | .github/workflows/PullRequestClosed.yml |
SubmitReview.yml |
software | healthy | .github/workflows/SubmitReview.yml |
docker-publish.yml |
software | healthy | .github/workflows/docker-publish.yml |
shadow_scans.yml |
software | healthy | .github/workflows/shadow_scans.yml |
release.yml |
software | healthy | .github/workflows/release.yml |
notify-failure.yml |
software | healthy | .github/workflows/notify-failure.yml |
docker-build-check.yml |
software | healthy | .github/workflows/docker-build-check.yml |
build.yml |
software | healthy | .github/workflows/build.yml |
RequestReview.yml |
software | healthy | .github/workflows/RequestReview.yml |
test-mcp-server.py |
software | healthy | src/test/resources/test-mcp-server.py |
README.md |
software | healthy | src/test/resources/ssl/README.md |
SonarQubeMcpServerGenericTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/SonarQubeMcpSer… |
SonarQubeMcpServerIdeBridgeTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/SonarQubeMcpSer… |
SonarQubeVersionCheckerTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/SonarQubeVersio… |
SonarQubeMcpServerHttpTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/SonarQubeMcpSer… |
AuthModeTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication/… |
AuthenticationFilterTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication/… |
AuthenticationIntegrationTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication/… |
ProxiedMcpToolTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedM… |
TransportModeTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/Transpor… |
ManagedStdioClientTransportConcurrencyTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ManagedS… |
McpClientManagerTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/McpClien… |
ProxiedServerConfigParserTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedS… |
ProxiedToolsLoaderTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedT… |
ProxiedToolsLoaderInstructionsTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedT… |
InitializeMetaInjectingClientTransportTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/Initiali… |
ProxiedMcpServerConfigTest.java |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client/ProxiedM… |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
docs |
software | healthy | docs |
scripts |
software | healthy | scripts |
agent_configurations |
software | healthy | agent_configurations |
kiro_power |
software | healthy | agent_configurations/kiro_power |
gradle |
software | healthy | gradle |
.github |
software | healthy | .github |
workflows |
software | healthy | .github/workflows |
src |
software | healthy | src |
test |
software | healthy | src/test |
resources |
software | healthy | src/test/resources |
ssl |
software | healthy | src/test/resources/ssl |
java |
software | healthy | src/test/java |
org |
software | healthy | src/test/java/org |
sonarsource |
software | healthy | src/test/java/org/sonarsource |
sonarqube |
software | healthy | src/test/java/org/sonarsource/sonarqube |
mcp |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp |
authentication |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication |
client |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/client |
analytics |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/analytics |
http |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/http |
configuration |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/configuration |
serverapi |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/serverapi |
users |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/serverapi/users |
organizations |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/serverapi/organ… |
system |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/serverapi/system |
a3s |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/serverapi/a3s |
transport |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/transport |
log |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/log |
analysis |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/analysis |
tools |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools |
enterprises |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/enterpris… |
portfolios |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/portfolios |
qualitygates |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/qualityga… |
rules |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/rules |
projects |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/projects |
issues |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/issues |
measures |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/measures |
sources |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/sources |
duplications |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/duplicati… |
pullrequests |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/pullreque… |
analysis |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/analysis |
system |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/system |
hotspots |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/hotspots |
dependencyrisks |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/dependenc… |
metrics |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/metrics |
languages |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/languages |
webhooks |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/tools/webhooks |
bridge |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/bridge |
slcore |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/slcore |
plugins |
software | healthy | src/test/java/org/sonarsource/sonarqube/mcp/plugins |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
PullRequestCreated_job |
cicd | healthy | .github/workflows/PullRequestCreated.yml |
cleanup |
cicd | healthy | .github/workflows/pr-cleanup.yml |
PullRequestMerged_job |
cicd | healthy | .github/workflows/PullRequestClosed.yml |
SubmitReview_job |
cicd | healthy | .github/workflows/SubmitReview.yml |
prepare |
cicd | healthy | .github/workflows/docker-publish.yml |
build |
cicd | healthy | .github/workflows/docker-publish.yml |
test |
cicd | healthy | .github/workflows/docker-publish.yml |
publish |
cicd | healthy | .github/workflows/docker-publish.yml |
scan |
cicd | healthy | .github/workflows/shadow_scans.yml |
release |
cicd | healthy | .github/workflows/release.yml |
notify |
cicd | healthy | .github/workflows/notify-failure.yml |
build-amd64 |
cicd | healthy | .github/workflows/docker-build-check.yml |
build-arm64 |
cicd | healthy | .github/workflows/docker-build-check.yml |
build |
cicd | healthy | .github/workflows/build.yml |
integration |
cicd | healthy | .github/workflows/build.yml |
promote |
cicd | healthy | .github/workflows/build.yml |
RequestReview_job |
cicd | healthy | .github/workflows/RequestReview.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::PullRequestCreated |
cicd | healthy | .github/workflows/PullRequestCreated.yml |
gha::pr-cleanup |
cicd | healthy | .github/workflows/pr-cleanup.yml |
gha::PullRequestClosed |
cicd | healthy | .github/workflows/PullRequestClosed.yml |
gha::SubmitReview |
cicd | healthy | .github/workflows/SubmitReview.yml |
gha::docker-publish |
cicd | healthy | .github/workflows/docker-publish.yml |
gha::shadow_scans |
cicd | healthy | .github/workflows/shadow_scans.yml |
gha::release |
cicd | healthy | .github/workflows/release.yml |
gha::notify-failure |
cicd | healthy | .github/workflows/notify-failure.yml |
gha::docker-build-check |
cicd | healthy | .github/workflows/docker-build-check.yml |
gha::build |
cicd | healthy | .github/workflows/build.yml |
gha::RequestReview |
cicd | healthy | .github/workflows/RequestReview.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
send_message |
software | healthy | src/test/resources/test-mcp-server.py:31 |
receive_message |
software | healthy | src/test/resources/test-mcp-server.py:38 |
handle_initialize |
software | healthy | src/test/resources/test-mcp-server.py:49 |
handle_list_tools |
software | healthy | src/test/resources/test-mcp-server.py:81 |
handle_call_tool |
software | healthy | src/test/resources/test-mcp-server.py:128 |
main |
software | healthy | src/test/resources/test-mcp-server.py:175 |
| Label | Layer | Status | Path |
|---|---|---|---|
auth::src/test/java/org/sonarsource/sonarqube/mcp/authentic… |
security | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication/… |
auth::.github/workflows/build.yml |
security | healthy | .github/workflows/build.yml |
auth::src/main/java/org/sonarsource/sonarqube/mcp/authentic… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/authentication/… |
auth::src/test/java/org/sonarsource/sonarqube/mcp/authentic… |
security | healthy | src/test/java/org/sonarsource/sonarqube/mcp/authentication/… |
auth::src/main/java/org/sonarsource/sonarqube/mcp/transport… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/transport/HttpS… |
auth::src/main/java/org/sonarsource/sonarqube/mcp/authentic… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/authentication/… |
| Label | Layer | Status | Path |
|---|---|---|---|
generic_api_key::src/main/java/org/sonarsource/sonarqube/mc… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/analytics/Analy… |
password_literal::src/main/java/org/sonarsource/sonarqube/m… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/configuration/M… |
password_literal::src/main/java/org/sonarsource/sonarqube/m… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/configuration/M… |
password_literal::src/main/java/org/sonarsource/sonarqube/m… |
security | healthy | src/main/java/org/sonarsource/sonarqube/mcp/configuration/M… |
| Label | Layer | Status | Path |
|---|---|---|---|
0.8.0.355 |
network | healthy | Dockerfile |
1.2.3.456 |
network | healthy | .github/workflows/release.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-xofdt8sk |
software | healthy | /tmp/repobility-clone-xofdt8sk |
| Label | Layer | Status | Path |
|---|---|---|---|
port:04 |
network | healthy | .github/workflows/shadow_scans.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
image::Dockerfile |
hardware | healthy | Dockerfile |
| Label | Layer | Status | Path |
|---|---|---|---|
GITHUB_TOKEN |
cicd | healthy | — |
This page is publicly accessible at:
https://repobility.com/scan/a58aa863-5768-47a2-b62f-d9274388aedc/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/a58aa863-5768-47a2-b62f-d9274388aedc/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.