I am playing around with SonarQube and SonarScanner in my local and not exposed to public Internet. While these tools are scanning my source code, is the source code being sent to SonarQube server for code analysis and the report is sent back from SonarQube server once done?
Just wondering how does the scanning process works and during the process my source code is exposing to which party.