Is it safe to use SonarQube regarding my source code?

I am playing around with SonarQube and SonarScanner in my local and not exposed to public Internet. While these tools are scanning my source code, is the source code being sent to SonarQube server for code analysis and the report is sent back from SonarQube server once done?

Just wondering how does the scanning process works and during the process my source code is exposing to which party.

Hey there.

The analysis is done where the SonarScanner is executed, and the analysis is processed on the SonarQube server. No source code is sent anywhere except to the SonarQube server that you’ve installed.