I’m currently working on a project where the client has strict data security requirements.
Currently they need to check that the test code meets a minimum standard before moving it to the production environment (hence SonarQube). Historical analysis of the code isn’t important, as soon as the code meets minimum standards it will be moved and work will progress to the next section of code.
However, I cannot assure them that the db won’t retain snippets of code after deleting the project.
I’ve been trawling the web for an answer to this question, so far here are the most relevant things I’ve found:
Simon Brandhof (from SonarSource) states that:
Source code is indeed dropped from db when deleting a project.
However the documentation says SonarQube:
… selectively keeping data from previous analyses
When you run a new analysis of your project or its branches or pull requests(PRs), some data that was previously available is cleaned out of the database
’[Housekeeping | SonarQube Docs] (implying that the data is retained until the next analysis of the project, even if it is never analysed again)
So my request is:
Can I please get confirmation that deleting the project in SonarQube purges the database of all code related to that project? (not just make it inaccessible from the GUI)