Is source code sent to SonarLint servers?


(Mikkel Høgh) #1

It’s kinda important to software devs SonarLint doesn’t somehow violate our confidentiality agreements, and it’s a bit unclear from some of the descriptions, so I wanted to ask to be sure:

Does SonarLint send my source code anywhere?

Does SonarLint otherwise communicate with the internet?


(Alexandre Gigleux) #2

Hello Mikkel,

SonarLint is performing a local analysis of your source code. So the code remains in your IDE and don’t leave it.

If you want, you can help us improving SonarLint by ticking the “Share anonymous SonarLint statistics” option. Otherwise, SonarLint doesn’t communicate with the Internet.

Regards


(Mikkel Høgh) #3

Ok, thanks for the answer. Strangely enough, I just installed the plugin, and got this connection warning, even though I didn’t check any “Share statistics” checkboxes. 28


(Mikkel Høgh) #4

I just found out the checkbox is checked by default. And since it’s rather well hidden, its not something the typical user would find on their own.

Not only is that a bit user-hostile, it is also most likely a GDPR violation. If I were you, I’d make that disabled by default, or at the very least make sure the user has a chance to see the checkbox before you start sending data.

22


(Christophe Lévis) #5

Hello Mikkel,

I can understand your reaction. We’ve chosen to tick this checkbox by default since SonarLint doesn’t send any personal data but only a very few information. And of course, since no personally identifying information is shared, it conforms to GDPR.
As you probably saw, we try to be clear about the data that is sent and why it’s done. You can have a detailed view of the content by taking a look at the example.

Cheers