General queries on Sonar

Hi,

We have few questions related to sonarqube. Below are them.

  1. Is building an application compulsory for getting the bugs and vulnerabilities, Can’t we do it with just parsing the source code on sonarqube server.

  2. If sonar is not supporting any of the language. Is there any way where we can integrate with directly with sonarqube and how much effort will it take to us.

  3. How secure is it to use sonar cloud, i am concerned about my code privacy.

  4. Which product of the sonar is better sonarqube or sonarcloud.

Rakesh,

One question per topic is appreciated, so I’ll be happy to address your first question and leave you to open new topics as you feel neccessary.

For compiled languages (C/C++, C#, Java), it is necessary. The analyzers get extra information at build-time for these languages to ensure an accurate analysis with few false-positives.

Colin

Thanks Colin for the reply.

Can you also provide the answers for the other questions

Hi @Rakesh,

you already opened another topic for the question 2. Sonar Restriction towards languages where I answered.
Can you open as well other threads for the questions you have? (the rule on the community forum, as Colin explained, is one question per thread, to allow other users/SonarSourcers to reply with a relevant discussion).

Thanks !
Carine

1 Like

Thanks Carine,

Will do the same