Source Code Exposure on SonarQube Server


Have a question about how secure my source code is with SQ. I understand all the scanning happens on our build server. However, I can view the SQ dashboard from the SQ server. Earlier we had the machine that had the SQ server within our company firewall but now that we have moved to the cloud the SQ server is on the public cloud. Does the source code live on the SQ server?


Hi Rajeev

The source code is kept in the SonarQube database, so that we can clearly and accurately show you what’s present/missing in it quality-wise.