Can recipient of Sonar Analysis data extract all code in anyway?

Must-share information (formatted with Markdown):

  • which versions are you using 7.9.1
  • what are you trying to achieve - allow 3rd party audit/analysis of our code
  • what have you tried so far to achieve this - run it locally


Welcome to the community!

When you say “allow 3rd party audit/analysis of our code” I assume you mean that you want to give 3rd parties access to the analysis that you have run via SonarQube.

Based on that assumption, then this is something you can manage with permissions by granting your 3rd parties “Browse” permission but not “See Source Code”. Then they’ll have access to measures and issues, but not the source code itself. More detail in the docs.


Thanks! Is there a way they can see the source code in the report but turn off the View Raw Source button? So they can’t just pull the whole source file?


There is not.