we are using sonarqube 6.7 community for java sources analysis. Currently we are investigating some security issues and are wondering if (if so then how and where) are source codes and other potentially “sensitive” data stored inside sonarqube.
Analysis are probably stored inside elasticsearch. But what about source code? When we display source file from where is it loaded? Are sources stored somewhere on sonarqube server?