"No tools, prompts, or resources" when creating a HTTPS Sonarqube MCP inCursor

Environment

• SonarQube Server or Cloud? Sonarqube Cloud
• Deployment type (STDIO/HTTP, Docker/JAR): HTTPS - Docker
• Client / AI tool using MCP (if applicable): Cursor in Free account

Hi everyone,

First of all, I would like to congratulate the team on the project. It has been extremely helpful for code quality and curation tasks.

I am currently testing and configuring a SonarQube MCP setup to enable communication between (and currently only) my IDE (via SonarQube for IDE, a.k.a SonarLint?) and SonarQube Cloud.

Sonarqube_Architecture.drawio592×267 4.72 KB

I was able to successfully configure and use scenarios where SonarQube MCP communicates via both Stdio and HTTP protocols with my IDE and Sonarcloud.

However, when attempting to use HTTPS communication, I am unable to establish a connection between the IDE and SonarQube MCP.

My SonarQube MCP container is currently configured as follows:

my-docker-compose.yaml

services:
  mcp-https:
    image: mcp/sonarqube
    container_name: mcp-https
    pull_policy: always
    ports:
      - "8443:8443"
    volumes:
      - "C:/path/to/my/autocert/keystore.p12:/etc/ssl/mcp/keystore.p12:ro"
    environment:
      SONARQUBE_ORG: "${SONARQUBE_ORG}"
      SONARQUBE_TOKEN: "${SONARQUBE_TOKEN}"
      SONARQUBE_URL: "${SONARQUBE_URL}"
      SONARQUBE_TRANSPORT: "${SONARQUBE_TRANSPORT}"
      SONARQUBE_HTTP_HOST: "${SONARQUBE_HTTP_HOST}"
      SONARQUBE_HTTP_PORT: "${SONARQUBE_HTTP_PORT}"
      SONARQUBE_HTTPS_KEYSTORE_PASSWORD: "${SONARQUBE_HTTPS_KEYSTORE_PASSWORD}"
      SONARQUBE_HTTPS_KEYSTORE_PATH: "${SONARQUBE_HTTPS_KEYSTORE_PATH}"
      SONARQUBE_HTTPS_KEYSTORE_TYPE: "${SONARQUBE_HTTPS_KEYSTORE_TYPE}"
    init: true


.env file

SONARQUBE_ORG=my-organization
SONARQUBE_TOKEN=my_server_token_https
SONARQUBE_URL=https://sonarcloud.io
SONARQUBE_TRANSPORT=https
SONARQUBE_HTTP_HOST=0.0.0.0
SONARQUBE_HTTP_PORT=8443
SONARQUBE_HTTPS_KEYSTORE_PASSWORD=sonarlint
SONARQUBE_HTTPS_KEYSTORE_PATH=/etc/ssl/mcp/keystore.p12
SONARQUBE_HTTPS_KEYSTORE_TYPE=PKCS12

And the container logs are as follows:

Sonarqube MCP Log

INFO SonarQube MCP Server - Created HTTPS transport provider for https://0.0.0.0:8443/mcp with authentication: TOKEN
WARN SonarQube MCP Server - SECURITY WARNING: MCP HTTP server is configured to bind to all network interfaces (0.0.0.0). This exposes the server to your entire network. For local development, consider using 127.0.0.1 instead.
INFO SonarQube MCP Server - Starting backend service
INFO SonarQube MCP Server - Using discovered analyzers, enabling languages: []
INFO SonarQube MCP Server - Backend service initialized
INFO SonarQube MCP Server - Standard analysis mode (no IDE bridge)
INFO SonarQube MCP Server - All tools loaded: 25 tools after category filtering
WARN SonarQube MCP Server - MCP HTTP server is bound to all network interfaces (0.0.0.0). This is less secure. Consider binding to 127.0.0.1 for local use only.
INFO SonarQube MCP Server - Authentication filter initialized with mode: TOKEN
INFO SonarQube MCP Server - Configuring SSL with keystore: /etc/ssl/mcp/keystore.p12 (type: PKCS12)
INFO SonarQube MCP Server - MCP HTTPS server started successfully on https://0.0.0.0:8443/mcp
INFO SonarQube MCP Server - ========================================
INFO SonarQube MCP Server - SonarQube MCP Server Started:
INFO SonarQube MCP Server - Transport: HTTP (0.0.0.0:8443)
INFO SonarQube MCP Server - Instance: SonarQube Cloud
INFO SonarQube MCP Server - URL: https://sonarcloud.io
INFO SonarQube MCP Server - Organization: ##############
INFO SonarQube MCP Server - Workspace: none
INFO SonarQube MCP Server - Status: Server ready - tools loading in background
INFO SonarQube MCP Server - ========================================
INFO SonarQube MCP Server - Downloading analyzers in background...

.
.
.

INFO SonarQube MCP Server - Restarting backend with downloaded analyzers...
INFO SonarQube MCP Server - Restarting backend with new analyzers...
INFO SonarQube MCP Server - Starting backend service
INFO SonarQube MCP Server - Using discovered analyzers, enabling languages: [ANSIBLE, AZURERESOURCEMANAGER, CLOUDFORMATION, CSS, DOCKER, GO, HTML, IPYTHON, JAVA, JS, JSP, KOTLIN, KUBERNETES, PHP, PYTHON, RUBY, SECRETS, TERRAFORM, TS, XML]
INFO SonarQube MCP Server - Backend service initialized
INFO SonarQube MCP Server - Backend restarted with new analyzers
INFO SonarQube MCP Server - Background initialization completed successfully - analyzers are now available

It is worth mentioning that, for testing purposes, I am using a self-signed certificate. As far as I understand, using a self-signed certificate for testing should not be an issue—is that correct?

On the client side, I am using Cursor as the HTTPS client, configured as follows:

root_project/.cursor/mcp.json
{
    "mcpServers": {
      "new-sonarqube": {
        "url": "https://localhost:8443/mcp",
        "headers": {
          "Authorization": "Bearer my_client_token_https"
        }
      }
    }
  }

When I attempt to initiate the connection, it reports that “No tools, prompts, or resources” can be loaded, and the MCP Server output tab in Cursor shows the following message:

image1402×370 28.3 KB

As an additional check, I tried accessing the URL https://localhost:8443/mcp directly from my browser to verify if the container is accessible. The container responds with a “missing token” json message, which indicates that the service is reachable and it logs the communication with the browser in the container’s logs, as you can see below:

image1259×186 8.29 KB

Based on all this information, can I assume that the SonarQube MCP container is correctly configured, right?

What should I adjust or correct in order to fully enable HTTPS communication and make proper use of SonarQube MCP in my IDE?

Thank you in advance for your attention. I hope I have provided all the necessary information to help identify and resolve the issue—or at least to better understand its root cause.

Hey @Kasamaaa, thank you for reaching out!

I suspect the issue is that Cursor cannot validate your self-signed certificate, so the TLS handshake fails before any HTTP request is sent - which could explain the fetch failed message.

Which OS are you using?

Assuming you’re on Linux, you could try:

• Trusting your self-signed certificate on the OS. On Ubuntu you could copy the certificate to /usr/local/share/ca-certificates and run update-ca-certificates
• Starting Cursor with a specific NODE_EXTRA_CA_CERTS command: NODE_EXTRA_CA_CERTS=/absolute/path/to/your-cert.crt cursor
• I think that making sure your certificate is issued for localhost could help → It should have CN=localhost (on recent Node, I think is might require a SAN entry for localhost)
• As a last resort, you could try with NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass TLS verification, but I wouldn’t recommend this

Let us know if that helped!

Hi @nicolas.quinquenel, thank you for the quick response.

In my case, I was running the tests on Windows 11, and the issue turned out to be related to the recognition of my self-signed certificate by both the operating system and Cursor.

To resolve it, I performed the following steps:

• Imported the .p12 certificate into the Windows Certificate Manager

• Added the path to the .pem certificate file to the NODE_EXTRA_CA_CERTS environment variable setx NODE_EXTRA_CA_CERTS “C:\path\to\my\autocert\cert.pem”

• Restarted Cursor to apply the changes

After restarting the IDE, the connection between SonarQube MCP and Cursor was successfully established over HTTPS.

So, the root cause was the lack of proper trust configuration for the self-signed certificate.

Thanks again for the guidance!

Many thanks for identifying the root cause and confirming the fix - much appreciated!