Is source code sent to SonarLint servers?

It’s kinda important to software devs SonarLint doesn’t somehow violate our confidentiality agreements, and it’s a bit unclear from some of the descriptions, so I wanted to ask to be sure:

Does SonarLint send my source code anywhere?

Does SonarLint otherwise communicate with the internet?

Hello Mikkel,

SonarLint is performing a local analysis of your source code. So the code remains in your IDE and don’t leave it.

If you want, you can help us improving SonarLint by ticking the “Share anonymous SonarLint statistics” option. Otherwise, SonarLint doesn’t communicate with the Internet.

Regards

1 Like

Ok, thanks for the answer. Strangely enough, I just installed the plugin, and got this connection warning, even though I didn’t check any “Share statistics” checkboxes. 28

I just found out the checkbox is checked by default. And since it’s rather well hidden, its not something the typical user would find on their own.

Not only is that a bit user-hostile, it is also most likely a GDPR violation. If I were you, I’d make that disabled by default, or at the very least make sure the user has a chance to see the checkbox before you start sending data.

22

Hello Mikkel,

I can understand your reaction. We’ve chosen to tick this checkbox by default since SonarLint doesn’t send any personal data but only a very few information. And of course, since no personally identifying information is shared, it conforms to GDPR.
As you probably saw, we try to be clear about the data that is sent and why it’s done. You can have a detailed view of the content by taking a look at the example.

Cheers

As this thread is almost 5 years old and this information is pretty important when working with code that must remain local for whatever reason:
Is your answer is still correct and no code at all is being sent to any external server when working with SonarLint? And going further, is there an official document by Sonar that clearly says so?

Hello Leander,

The situation has not changed, we still don’t collect any code from our users. We don’t have any plans to change that.

The only things that we collect as mentioned before are some anonymous statistics about the usage of the product. You can find a sample of the collected data in the About tab as shown above.

I don’t think we have an official page or statement about that, apart again from the small text in this About tab.