Hello,
I want to run a scanning on a company’s codebase. The company does not want the code to be uploaded outside their network because of security risks. My question is : If we install a local instance of sonarqube is it safe to perform the scanning or are there still any risks that the code will leak?
The code doesn’t leave the SonarQube server. 
So if that SonarQube server is on your laptop, it’s not leaving your laptop. Just to be clear.