// Analyze a file or code snippet for quality and security issues using SonarQube
| name | sonar-analyze |
| description | Analyze a file or code snippet for quality and security issues using SonarQube |
| argument-hint | [file-path] |
Analyze code for quality and security issues using the SonarQube MCP Server.
sonar-analyze # analyze the file currently in context
sonar-analyze src/auth/login.py # analyze a specific file
This skill requires the SonarQube MCP Server to be configured and the tool mcp__sonarqube__analyze_code_snippet to be available in your session.
If the tool call fails, surface the tool error verbatim and stop. Auth, credentials, and MCP server configuration are runtime infrastructure concerns and are not user-fixable from chat ā do not ask the user to verify env vars or to install or run any CLI.
The tool analyses one file at a time. Resolve a single file path:
Do not accept a directory as input. If the user provides one, ask them to specify a single file.
codeSnippet and language detection).| Extension | Language key |
|---|---|
.py | py |
.js .jsx | js |
.ts .tsx | ts |
.java | java |
.go | go |
.php | php |
.cs | cs |
.rb | rb |
.swift | swift |
.kt | kotlin |
.c .cpp .cc .h | cpp |
"TEST" or "MAIN". If the path contains test, spec, or __tests__, use "TEST"; otherwise "MAIN".mcp__sonarqube__analyze_code_snippetThe SonarQube MCP Server often has a default project for this workspace (e.g. via SONARQUBE_PROJECT_KEY configured in the server env), so projectKey is sometimes unnecessary ā pass it only when the tool schema requires it or the user targets another project.
{
"projectKey": "<only-if-required>",
"filePath": "src/auth/login.py",
"codeSnippet": "<full file content>",
"language": "py",
"scope": "MAIN"
}
Omit projectKey when the integration default applies.
If issues are found, present them as a table sorted by line number:
## SonarQube Analysis ā `src/auth/login.py`
Found **3 issue(s)**:
| Line | Severity | Rule | Message |
| ---- | ---------- | ------------ | ----------------------------------------------------- |
| 12 | š“ Blocker | python:S2077 | Make sure that executing this SQL query is safe here. |
| 34 | š Major | python:S1481 | Remove the unused local variable "token". |
| 67 | š” Minor | python:S1135 | Complete the task associated to this "TODO" comment. |
Severity icons (the label depends on the server version):
If no issues are found:
## SonarQube Analysis ā `src/auth/login.py`
ā
No issues found.
After the results, always add:
<rule> <file>:<line> to fix a specific issue, or ask me to fix them all."Find files with low test coverage and inspect uncovered lines in a SonarQube project (project key optional when MCP integration already defines the default project)
Search for software composition analysis (SCA) dependency risks in a SonarQube project (project key optional when MCP integration already defines the default project)
Find files with code duplications in a SonarQube project and inspect duplication blocks for a file (project key optional when MCP integration already defines the default project)
Fix a specific SonarQube issue in code by rule key and location
Search and filter SonarQube issues for a project, branch, or pull request via the SonarQube MCP Server (project key optional when MCP integration already defines the default project)
List SonarQube projects accessible to the current user via the SonarQube MCP Server