Could you elaborate a little more on why you consider allowing anyone to “Execute [the] Analysis” is a bad idea, @Colin?
In this case this is an OSS project. I would like to allow anyone to execute the analysis for their changes. It shouldn’t matter whether they start the Sonar plugin from a PR or from their local machine. We would like to find possible issues as early as possible (and not first merge them).