what are you trying to achieve- wanted to understand the AI Features of Sonarqube.
I have a couple of questions regarding the AI features in SonarQube:
Could you please confirm whether the AI features are cloud-based or self-hosted? If they are self-hosted, can you assure that no data is shared externally?
Who will have access to the data ingested and the output generated by the AI? Is this data visible within SonarQube’s UI, and do SonarSource or any third-party applications have access to it?
When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.
If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
Hi G Ann, am I correct in my understanding about this:
When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.
If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
With a self-hosted LLM, code stays inside your network, but SonarQube still needs internet access for updates (not for sending code). The update is like knowing if there’s a new Sonarqube version?
With Sonar’s AI CodeFix cloud LLM, code snippets are sent to Sonar’s servers, but not used for training or stored long-term.
In the context of LLMs, it’s not about knowing there’s a new SonarQube version (altho that’s good to know ). Again:
To be clear, we get lots of feedback, every day. We’re continually improving things, whether it’s rule descriptions, prompts, or the code itself. So that network connection is to get the best, most up-to-date data to send to your LLM.
Hey - Im particularly interested in this part too.
So that network connection is to get the best, most up-to-date data to send to your LLM.
So in this case, Sonar’s externally hosted service will be sending data to my LLM, but my prompts and and rule descriptions are not going to Sonar’s AI Service?
When you select a self-hosted LLM, your code stays within your network. However, Sonar’s AI CodeFix service needs to send the latest prompts and supported rule descriptions therefore, your instance of SonarQube server will still need internet connectivity.
If you use Sonar’s AI CodeFix LLM, the affected code snippet will be sent by the AI CodeFix service to the selected LLM. Service agreements with Sonar’s LLMs prevent your code from being used to train those models.
Prompts are what gets sent to an LLM. If you own the LLM, then the prompts get sent to your LLM. But what prompt to use? For that you query us to get the most up-to-date, correct version.
). Again: