Hi,
I am working for a client who has repositories on Cloud GitHub.
Because of legislative constraints, my client wants to make sure that if we use SonarCloud to analyse the code in the GitHub repositories using CI (Github Actions) no code/repository will be copied to SonarCloud and all the analysis will take place in GitHub.
Is it the case?
Thanks!
I would reccomend reading the Security Statement
To perform code analysis, report issues, decorate your source code, and provide metrics in the SonarCloud dashboard, your scan report containing your source code needs to be pushed to the SonarCloud server. We do not store all the source code from your repository, only the source code from your most recent scans.