Financial Analyst

Announcing native MCP Server in SonarQube Cloud. Andrew Osborne Product Marketing Manager March 17, 2026 The rise of AI-assisted software development has introduced a new bottleneck: code verification. While AI can generate code at unprecedented speeds, manually verifying that code for quality and security often breaks a software developer's flow. To solve this, Sonar launched the SonarQube MCP Server, bridging the gap between AI agents and trusted SonarQube insights. Today, SonarSource is evolving this integration. While the SonarQube MCP server remains available as a local Docker container, SonarSource has now launched an embedded version directly within SonarQube Cloud. Now natively available, with no installation required, this update removes the "Docker barrier" and transforms the integration into a fully managed, enterprise-ready service. Cloud-native integration. The cloud-native option is designed for environments where centralized management is preferred or where local installation restrictions are in place. For many software engineering teams, especially those in regulated industries like finance or healthcare, local installations are not allowed, and this created significant friction. The SonarQube embedded MCP server solves these issues by moving the logic into SonarQube Cloud. It provides a centralized, managed endpoint that is always on, always updated, and accessible without any local software installation. Beyond analysis: conversational code intelligence. By embedding the SonarQube MCP server, SonarSource is enabling AI agents to autonomously verify the AI code they produce against your organization's specific quality gates. When connected to the embedded MCP server, your AI assistants (such as Claude Desktop, GitHub Copilot, or custom LLM agents) can perform high-value tasks directly within the conversational flow: * Natural language queries: Ask your AI, "My quality gate is failing for my project. Can you help me understand why and fix the most critical issues?" or "I want to reduce technical debt in my project. What are the top issues I should prioritize?" * Actionable issue management: Interactively update an issue's status or mark a finding as a false positive directly from your AI assistant without switching to the SonarQube UI. * Dependency risk detection: Leverage SonarQube Advanced Security insights to identify and remediate vulnerable security dependencies in real-time. * Quality at the source: Ensure AI-generated code adheres to your standards before it ever reaches a Pull Request. How to connect to the embedded MCP server. Switching to the embedded version requires a simple update to your MCP configuration (e.g., your mcp.json file). This configuration replaces the previous Docker-based image or command blocks with a direct cloud-native connection. Example for Cursor or Antigravity: Setup requirements: * User token: Generate a personal access token in your SonarQube Cloud security settings. * Organization key: Provide the unique key for your SonarQube Cloud organization. Empowering the modern AI stack. The embedded MCP server is designed for the future of "vibe coding" and agentic workflows. By providing AI agents with direct, secure access to SonarQube Cloud's 7,000+ distinct issues that can be detected SonarSource ensure that velocity never comes at the expense of code health. Deployment options Users can now choose between two methods to connect their AI tools to SonarQube: * Local deployment: Running a Docker container on a workstation to bridge the IDE and SonarQube. * Cloud native: Using the embedded endpoint in SonarQube Cloud for centralized access without local software installation. Whether you are using Amazon Q Developer, Claude Code, or building custom autonomous agents, the embedded SonarQube MCP server provides the standardized, scalable, and secure foundation needed to automate code quality and security at scale. To learn more about SonarQube MCP Server, visit its Documentation or join the discussion in the Sonar Community.

Sonar has claimed the top position on the SWE-bench leaderboard with its Foundation Agent, achieving a 79.2% success rate on SWE-bench Verified and 52.62% on SWE-bench Full. The agent, powered by Anthropic's Claude Opus 4.5, resolved issues in an average of nine minutes at a cost of $1.90 per issue. Built on AutoCodeRover technology, the agent uses advanced tool-calling, thinking model integration and test-driven remediation to navigate codebases and generate functional patches. SWE-bench evaluates AI agents on real-world software engineering tasks using GitHub issues and corresponding fixes. The Geneva and Austin-based company, which analyses over 750 billion lines of code daily, currently offers the technology in beta through Sonar Autofix. The Foundation Agent remains a research innovation and is not commercially available.

Code architecture management general availability in SonarQube. Robert Curlee Product Marketing Manager March 2, 2026 In a world that operates on software, your code is your single most valuable asset. Software architecture is essential in defining how your software should function and evolve. Yet, despite being the cornerstone of a healthy application, maintaining software architecture is frequently overlooked. As developers, SonarSource know that neglecting software architecture leads directly to stale architectural documentation and structural technical debt. Over time, this debt manifests as accumulated complexity from misplaced logic, duplicated code, and misaligned dependencies. As architectural debt accumulates, making code changes becomes a risky, slow process. If left unchecked, this structural erosion eventually stalls innovation and forces costly application rewrites. Great architecture is the secret to developer productivity. Well-designed, modular software ensures that developers can make effective code changes without worrying about unpredictable ripple effects. Today, SonarSource is thrilled to announce the general availability of architecture management in SonarQube Cloud, designed to bring software architecture back under your control to promote a healthy codebase and enable highly performant teams. The AI multiplier: why code architecture matters now more than ever. The rapid adoption of generative AI coding assistants has fundamentally changed how SonarSource write code. Software developers are now leveraging AI-native IDEs and agents to generate code at unprecedented speeds that often bypasses traditional architectural planning. Furthermore, AI coding tools don't have the context needed to provide effective coded solutions leading to "slop." While the new AI-native SDLC accelerates output, it also acts as a multiplier for architectural drift. AI-generated code can easily become a structural black box, making complex systems rapidly diverge from their intended design. To maintain the speed of modern development, you need an automatic, dependable way to ensure architectural integrity. How code architecture in SonarQube works. SonarQube helps you manage your software architecture through four essential stages: discover, formalize, prioritize, and fix. * Discover: As part of the normal scan, SonarQube automatically reverse-engineers your codebase to create an always-current, living visual representation of its actual current architecture, no additional setup is needed. It provides a real-time, navigable view of component relationships that is instantly available to all development stakeholders, including AI agents. * Formalize: Building your intended architecture is a snap. Using a graphical interface, you can start light and evolve it over time to suit your needs. * Prioritize: You maintain control by deciding when and how to enforce architecture violations in the code. * Fix: Developers gain a clear understanding of expectations for writing code that aligns with the intended architecture. This enables them to resolve architectural issues immediately to pass the quality gate. Teams also get instant notifications when AI generated code violates the architecture, allowing for timely, in-workflow fixes. Value across your engineering teams. Bringing architecture into your continuous codebase inspection delivers immediate benefits across your organization: For developers: * Improved productivity: Gain a clear picture of interdependencies through live documentation of the current architecture, eliminating guesswork and providing full context awareness. * In-workflow resolution: Build a clear understanding of expectations and resolve architectural issues within your standard developer workflow as you are developing. Other tools treat architectural integrity as a separate event, taking you out of band from your daily routine. For architects and project owners: * Architectural integrity: Maintain complete control by deciding when and how to enforce architecture violations. You can start light and evolve your intended architecture over time to suit your project's needs. * AI Governance: Instantly detect when AI-generated code violates your architecture, allowing for timely fixes. Plus, you can enable LLMs to leverage your intended and current architectures as context to generate better, more structurally sound results. Get started today. To use these new architecture capabilities in SonarQube Cloud, you'll find a new "Architecture" tab under every project. If you don't see the visual structure map of your current architecture, it will appear after your next scan. You'll need administration privilege in your organization to create the intended architecture and prioritize disallowed relationships such as tangles. Here are some great resources for further details: * Visit its Community post that has several demo videos * Explore your current architecture including advanced features * Dig into architecture details in SonarQube Cloud docs It is time to align the speed of AI development with the dependability of strong architectural governance. Stop reacting to structural debt, and start architecting for the future.