We are running Sonarqube Enterprise 10.6 server and we have noticed that version 10.7 includes AI features that might be interesting for us in our development process.
Documentation points to the requirement about communication to Sonar’s servers, so we can assume part of data/code would be sent to external servers (from our point of view).
Is there any documentation which can be accessed by us to understand:
• What data will be sent to external servers? What is size of this data?
• What would happen with company’s intellectual property rights to the part of code that would be exposed to the outside world?
• Is this process covered by any NDA? What is the scope if it is covered?
• What is the policy to cleanup data sent to Sonar’s AI servers?
Welcome to the community! Thanks for reaching out.
To provide the best suggestions, we are sending code snippets through a secure channel to OpenAI servers. The data is not used to train any third-party AI model and will never be exposed to the outside world.
is a conflation of the two AI-related features. AI Code Assurance (intended to mark projects that include AI-generated code) enforces the use of the Sonar way Quality Gate. Fix suggestions are entirely separate.
thanks for clarification, the documentation is a bit vague on that.
AI is currently shaking things up and changing everything.
I am skeptical whether this will still make sense in the future if you can no longer distinguish whether code is generated by AI or hand crafted.
You can’t be sure if a team member has used AI support.
Thanks for your answer. We are currently updating the documentation to be clearer.
To answer your first question, we are looking into adding a possibility to plug self hosted LLMs to AI CodeFix.
You are mentioning Tabnine. Is it the one you use? How do you use it today?
