SonarQube’s MCP server lands for Claude …

CLAUDE-CODE PUB_DATE: 2026.06.27

SONARQUBE’S MCP SERVER LANDS FOR CLAUDE CODE; 2.1.195 FIXES RISKY TOOL MATCHING

SonarQube now publishes an MCP server and generator for Claude Code, and Claude Code 2.1.195 tightens tool matching and agent stability. Sonar published a deta...

SonarQube now publishes an MCP server and generator for Claude Code, and Claude Code 2.1.195 tightens tool matching and agent stability.

Sonar published a detailed quickstart for the SonarQube MCP Server, including a config generator, stdio/HTTP(S) transports, and clear token guidance for using Sonar tools from terminal AI workflows with Claude Code docs.

Claude Code v2.1.195 fixes hook matchers so hyphenated MCP tool IDs now exact‑match instead of substring‑matching, and ships a raft of stability improvements across agents, plugins, and remote sessions release. The companion system prompts update expands security guardrails for autonomous actions and cloud/cluster operations prompts.

If you wire Claude into CI, the Claude Code Action also shipped a token revocation cleanup fix action v1.0.159.

[ WHY_IT_MATTERS ]

01.

You can now call SonarQube analysis directly from Claude Code with a supported, documented MCP server.

02.

Exact tool matching in 2.1.195 reduces wrong-tool activations, which is critical as you add more MCP servers.

[ WHAT_TO_TEST ]

terminal
Stand up the SonarQube MCP server via stdio locally, then switch to HTTPS; validate auth flows and rate/latency impact on agent loops.
terminal
Create a hyphenated MCP tool and confirm 2.1.195 exact-match behavior prevents accidental triggers in hooks and automations.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

01.
Point Claude Code at your existing SonarQube Server/Cloud; audit tokens and ensure user-token scope to avoid broken bindings.
02.
Trial the updated security prompts in auto mode against staging infra to see what gets blocked (mass deletes, force-pushes, cluster ops).

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

01.
Adopt stdio for dev and HTTPS for team deployments from day one; bake Sonar analysis into agent plans.
02.
Define allow/deny rules for agent actions early; pair the prompts’ security monitor with infra tags and namespaces.

Enjoying_this_story?

Get daily CLAUDE-CODE + SDLC updates.

Practical tactics you can ship tomorrow
Tooling, workflows, and architecture notes
One short email each weekday

arrow_back

PREVIOUS_DATA_LOG

Reco launches Agent Security to inventory and control AI agents across your enterprise stack

Initialize_Return_to_Core

LINK_STATUS: 127.0.0.1 (SECURE)

NEXT_DATA_LOG

Azure Migrate adds Copilot-powered code insights (preview) for AKS/App Service modernization

arrow_forward