We try to keep it to one topic per thread. Otherwise it can get messy, fast. I’ll try to answer your questions here, but if you have followups, I reserve the right to ask you to create new threads.
Analysis includes bundling the source code and sending it in the analysis report to the server for processing. Source code is then available in SonarQube to show issues, coverage, and duplications in context. There is no way to disable this.
What you can do is control who has Browse rights on sensitive projects.
At root, this is a question for your DBAs.
No. We’re aware that there are a number of SonarQube instances that run in locked-down environments, without access to the internet.
I’m not entirely sure what the question is. If you need to restore a backup of SonarQube, you’ll need
its DB - this is where 98% of everything it needs is, and what it’s most important to back up.
its $SONARQUBE-HOME/conf/sonar.properties configuration file (telling SonarQube where its DB is, among other things)
any plugins you’re using.
When a project is deleted, all parts of it are deleted.