- SonarQube Developer Edition v2025.5
- Docker image mcp/sonarqube latest (should be 1.4.0.1666)
- Github Copilot in IntelliJ
I use the following MCP configuration:
"sonar": {
"type": "local",
"command": "docker",
"args": [
"run",
"--name",
"sonarqube-mcp",
"-i",
"-e",
"SONARQUBE_URL=<url>",
"-e",
"SONARQUBE_TOKEN=<token>",
"-v",
"/path/to/certificates/:/usr/local/share/ca-certificates/:ro",
"mcp/sonarqube:latest"
],
"tools": ["*"]
}
The tool search_sonar_issues_in_projects seems to use the default branch by default. It can also accept a Pull Request, but apparently not a branch. Is there another way to request the issues from a specific branch without having to set up PR analysis?
Hello @peterjeschke,
This has been fixed in the last release, could you update and give it a try?
Thanks for reporting!
Branch parameters were recently added to tools search_sonar_issues_in_projects, and then quickly removed again in this commit (in Jira ).
The comment in the ticket was “The correct behavior should be to use the PR as a reference”. While there are cases where this is very useful(find me the issues in this PR), what about the case where you want to find issues in long-lived branches other than main? If you have a single long-lived main branch then this is not an issue, but if you have multiple long-lived branched then this renders the MCP useless in some cases.
A concrete example: We have one library that is built on spring boot, and we maintain multiple branches (1 for each supported spring version). and don’t use master at all (it was too confusing). Right now the Sonar MCP is pretty useless for finding issues in our 3.5.x branch, and claude code has to revert to writing on-the-fly python scripts to use the REST API just so I can find sonar issues in this 3.5.x branch and fix them. This is awful.
Other tools do support a branch parameters. e.g.
- run_advanced_code_analysis
- search_dependency_risks
- search_security_hotspots
Can we please get this raised back up as an issue and reverted? How do I raise a ticket for this (we are a paying customer)?
Hey @rsheldon-dealeron, thank you for reaching out about this.
I appreciate the feedback, and I think we should probably reconsider it. The branch parameter was removed from most tools because it often confused users and agents. In many cases, users were attempting to analyze short-lived branches, which is a concept that doesn’t exist in SonarQube. Only long-lived branches are tracked, while short-lived branches are typically tied to pull requests.
That said, we may want to revisit this decision and consider reintroducing the branch parameter - this time with clearer guidance on how and when it should be used.
I created this ticket for reference. We will see whether we can tackle it in an upcoming iteration.
Awesome, thanks Nicolas! If you need any more info/use-cases then just reach out.