We have a repository that is about to be configured for SonarQube scanning. In this repository, we have shell scripts that trigger the closure of another public repository containing shell, Go, and Python code. Does SonarQube also scan the public repository that we are cloning from our private repository? Please confirm.
SonarQube scans what is available on the disk at the time of analysis. If those shell scripts have been triggered to pull down those other repos – yes. If not, no.
Thank you so much for the information.
Is there a way that to Clone first and then Scan ?
I’m assuming you’re using CI Based Analysis rather than Automatic Analysis.
If that’s the case, then that’s up to you! If you want to run that clone… add it to your build pipeline before analysis executes.
If you are using GitHub + Automatic Analysis… that isn’t supported, and you’ll have to switch to CI-based analysis.