Our Organization has some general questions in regards to SonarCloud.
We are currently paying for 5M lines of code each month. Is there a way to retain our access to SonarCloud to just review results of scans in the case that they are required for SOC2 audits? Can we move our license down to a very minimal cost to retain this information?
Is there a capability of backing up the scan results for the last 1-2 years say to an Azure Blob instance? This is in case we need to go back through historical data.
In theory – yes, if you downgrade to the lowest plan, you retain access to analysis results despite not being able to process any more analyses.
That said, this is not the intended use of SonarCloud, and I can’t guarantee that after “catching on” (or simply as the service evolves), you will maintain access to these results indefinitely. For example, it is possible (however unlikely) that a significant change in SonarCloud would require a new analysis to see data.
Likely, we will see a feature similar to SonarQube’s Regulatory Report come to the Enterprise plan of SonarCloud in the future, which will make such saving of data for audit purposes easier for those organizations who need it.