Hi Sonar Community,
I’m exploring ways to use SonarQube or SonarScanner for code analysis and have two key questions:
1. Local-only scanning
Is it possible to scan files locally without setting up a server or specifying a projectKey? Can the analysis results be directly output in JSON format (similar to Semgrep or CodeNarc)?
The reason for this request is that we are automating the following workflow:
- AI generates code → SAST scan → pass the code and scan results to an LLM → LLM generates improved code → repeat the scan.
- If no new issues are found in the scan results, the process ends. Otherwise, the process repeats.
Currently, when using SonarQube for scanning, we must set up a server, configure a projectKey, and acquire a token for every user. This setup might limit scalability, as every user would need to configure these settings individually. Therefore, I’d like to ask if SonarQube supports directly scanning files and outputting results without requiring a server setup.
2. Gosu language support
Does SonarQube or SonarScanner natively support Gosu language analysis? If not, are there any plugins or workarounds to enable Gosu support?
Thank you for your guidance and recommendations!