I am seeking a detailed understanding of the code analysis process within SonarQube, specifically focusing on the interaction between the SonarQube Scanner and the SonarQube server. I would greatly appreciate your assistance in clarifying the following aspects:
Code Analysis Request by SonarQube Scanner
Could you please describe in detail how SonarQube Scanner prepares and sends the code analysis request to the SonarQube server? Specifically, what information is included in this request, and how is it formatted?
Code Analysis Execution by SonarQube Server:
How does the SonarQube server perform the actual code analysis once it receives the request from the Scanner? I am interested in understanding the role of different language analyzers and how the server processes the code for various languages.
The scanner downloads analyzers & rule sets from the server, then runs them locally in your CI. Each analyzer calculates file-level metrics (lines, lines of code &etc), executes rules, reads external analyzer reports &etc. At the end, the resulting data is bundled into an analysis report - in binary format - and sent to the server. On the server, the report is queued to await processing.
When it reaches the head of the queue, it’s popped, unbundled and processed, which includes storing the files, the file-level measures, and calculating aggregate measures.