Source code/analysis storage

sonarqube

(Lukáš Vasek) #1

Hi,
we are using sonarqube 6.7 community for java sources analysis. Currently we are investigating some security issues and are wondering if (if so then how and where) are source codes and other potentially “sensitive” data stored inside sonarqube.
Analysis are probably stored inside elasticsearch. But what about source code? When we display source file from where is it loaded? Are sources stored somewhere on sonarqube server?

Thanks

Lukas


(Benoit) #2

Hi,

The source code is stored in the database, as everything else. ElasticSearch is only used for indexing.

Benoit