Sonrqube Enterprise

hi I am new to Sonarqube and have some queries can someone please help me.

  1. How to avoid importing of source code in the database, since we have few projects which are highly confidential. What is the impact.

  2. Can someone see/export the imported source code directly from the database(we are using MSSQL express edition).

  3. Will the activation of licenses and plugin require internet.

  4. We do backup of VM by taking snapshots if the current working VM goes down, will the backup snapshot needs to be reactivated.

  5. does source code deleted in SonarQube DB once project is deleted, if imported?


Welcome to the community!

We try to keep it to one topic per thread. Otherwise it can get messy, fast. I’ll try to answer your questions here, but if you have followups, I reserve the right to ask you to create new threads.

Analysis includes bundling the source code and sending it in the analysis report to the server for processing. Source code is then available in SonarQube to show issues, coverage, and duplications in context. There is no way to disable this.

What you can do is control who has Browse rights on sensitive projects.

At root, this is a question for your DBAs.

No. We’re aware that there are a number of SonarQube instances that run in locked-down environments, without access to the internet.

I’m not entirely sure what the question is. If you need to restore a backup of SonarQube, you’ll need

  • its DB - this is where 98% of everything it needs is, and what it’s most important to back up.
  • its $SONARQUBE-HOME/conf/ configuration file (telling SonarQube where its DB is, among other things)
  • any plugins you’re using.

When a project is deleted, all parts of it are deleted.