SonarQube MCP Server Issues Connecting with SONARQUBE_TOKEN

SonarQube MCP Server
,
1

Environment

  • SonarQube Server
  • Deployment type (STDIO/HTTP, Docker/JAR): Http
  • Client / AI tool using MCP (if applicable): Kiro (mcp.json)

Description

Hello, I am trying to connect to the official Sonarqube MCP server via http and am having issues with the SONARQUBE_TOKEN. Has anyone else had this issue when deploying to an ecs service? Current container env variables include SONARQUBE_TRANSPORT: http, SONARQUBE_HOST, SONARQUBE_PORT, and SONARQUBE_URL. SONARQUBE_TOKEN is set in the header on the client side (kiro: mcp.json) as each individual will provide their own token. Yet when I try to connect via Kiro, I obtain an error: “SonarQube token required. Provide via SONARQUBE_TOKEN header.” despite providing the token in the header. According to the readme this is the correct way to proceed for multiple users correct? The token is not needed in the initialization as long as it set in the client header? I did see that there was a new update to move from SONARQUBE_TOKEN to Authorization: Bearer , however it seems the mcp/sonarqube docker image hasn’t been updated yet. What is the best way to proceed? Thankyou!

4

Hey @jj01, thanks for reaching out!

Could you share your anonymized Kiro configuration for MCP?

it seems the mcp/sonarqube docker image hasn’t been updated yet

Correct! We must admit that our process is currently not ideal - the documentation does not always reflect the actual state, as the Docker image can take a few days to be updated.

1 Like
5

Hi Nicolas, thanks for the quick reply! Yes, below is my Kiro mcp.json. I have tried two different ways:

{
  "mcpServers": {
    "sonarqube": {
      "url": "https://sonar-mcp.example.com/mcp",
      "headers": {
        "SONARQUBE_TOKEN": "YOUR_TOKEN"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

and I tried adding “type” as I initially thought it might be an issue with Kiro expecting SSE while the SonarQube MCP server is stateless. However, both return the same error.

{
  "mcpServers": {
    "sonarqube": {
    "type": "http"
      "url": "https://sonar-mcp.example.com/mcp",
      "headers": {
        "SONARQUBE_TOKEN": "YOUR_TOKEN"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

Perfect, will key an eye out for the Docker image update. Thank you!

6

Your configuration seems to be correct. Could you explain how is your MCP server hosted? I suspect the SONARQUBE_TOKEN header is not being forwarded to the MCP server.

For information, in the next version, we will rely on Authorization <Bearer xxx> which is more conventional - although it may not solve the issue.

1 Like
7

Yes of course. The MCP server is hosted on AWS ECS. It uses the official mcp/sonarqube Docker image with internal certs. Runs behind ALB for external access. I thought the alb might be the potential issue here, with it converting the SONARQUBE_TOKEN to lowercase when the mcp server expects it in all caps. I tried fixing this with a proxy to convert the headers back, but even testing locally with the proxy, I get the same “SonarQube token required” error. The health endpoint (/health) returns 200. Server logs show “Missing or empty SonarQube token” warnings. Thanks!

8

Update: Redeployed with the latest docker image and the new Authorization: Bearer seems to have solved the issue. I am connected to the mcp server via kiro and am able to access my tools. Thank you!

1 Like
10

Sorry for the lack of reply, and thank you for confirming that everything works fine!

Let us know if you face any other problem :slight_smile:

1 Like