Skip to content

MCP-84 Add a new tool to fetch dependency risks from SonarQube Server #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 19, 2025
Merged

MCP-84 Add a new tool to fetch dependency risks from SonarQube Server #73

merged 3 commits into from
Aug 19, 2025

Conversation

nquinquenel
Copy link
Member

@nquinquenel nquinquenel commented Aug 6, 2025
edited
Loading

@nquinquenel nquinquenel force-pushed the feature/nq/MCP-84-sca-issues branch 2 times, most recently from c0c7861 to 0a008fb Compare August 15, 2025 12:36
@nquinquenel nquinquenel force-pushed the feature/nq/MCP-84-sca-issues branch from 0a008fb to 4f232eb Compare August 15, 2025 12:45
@nquinquenel nquinquenel marked this pull request as ready for review August 18, 2025 06:49
damien-urruty-sonarsource
damien-urruty-sonarsource approved these changes Aug 19, 2025
View reviewed changes
@sonarqubecloud SonarQubeCloud
Copy link

🤖 Pull Request summary

This PR adds support for dependency risk analysis through SonarQube's Advanced Security features.

Main Changes:

  • New dependency risks tool - Adds search_dependency_risks tool to search for SCA issues with version/feature gating (SonarQube Server 2025.4+ Enterprise with Advanced Security enabled)
  • Enhanced version checking - Extends SonarQubeVersionChecker with version comparison and SCA enablement detection methods
  • New API integrations - Implements ScaApi for dependency risks and SettingsApi for configuration checking
  • Comprehensive testing - Adds extensive test coverage for the new functionality including edge cases

Key Review Focus:

  • Version/feature gating logic in SonarQubeMcpServer - ensure proper fallback when requirements aren't met
  • Settings API error handling in SonarQubeVersionChecker.isScaEnabled() - verify graceful degradation on API failures
  • Complex response parsing in SearchDependencyRisksTool.buildResponseFromDependencyRisksResponse() - validate null-safety for optional fields

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
2 Accepted issues

Measures
0 Security Hotspots
92.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nquinquenel nquinquenel merged commit 212f074 into master Aug 19, 2025
5 checks passed
@nquinquenel nquinquenel deleted the feature/nq/MCP-84-sca-issues branch August 19, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@damien-urruty-sonarsource damien-urruty-sonarsource damien-urruty-sonarsource approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nquinquenel @damien-urruty-sonarsource