Storing Source Code

scanner
sonarqube

(Pravin) #1

Hi,

I have a requirement where we don’t want to store the source code inside the sonar database, any idea how we can achieve that? I can understand that we might not be able to get details of the issue along with line number, its file etc, any help will be appreciated.


(Colin Mueller) #2

Pravin,

This is not possible. SonarQube relies on the source code for many if not all of its features beyond just issues (knowing what has changed, coverage/duplication information).

Without being able to get the details of an issue, what purpose does SonarQube even serve for you?

Colin


(Pravin) #3

Hi Colin,

Actually we are creating small portal for clients who are C-Level executives, they just want to see numbers and progress of their team so code is not important for them, any idea how we can achieve this? We are trying to show them value and then once they agree to share the code we can give more insights. Thoughts how to achieve this?


(Colin Mueller) #4

Pravin,

Project-level reports are available, of course, after you scan your code to show high-level information such as # of bugs, vulnerabilities, code smell, code coverage, duplications, etc.

To extract information from SonarQube to display somewhere else, we have Web APIs that cover just about everything (Web API documentation linked in the footer of every instance).

All of this does require that the code be scanned and stored in the SonarQube database.

Colin


(Pravin) #5

Thanks Colin.

If we want build a product without storing the code then can we delete code from database somehow after scan? We are working on one idea where code storage is not needed, so using comm edition for now want to achieve the same and later will migrate to paid one where we will get moee languages and deeper branch level analysis etc, also offcourse we will be using web api as you mentioned, as its under lgpl I dont think deleting from db should be an issue, right?


(Pravin) #7

Any thoughts Colin?


(G Ann Campbell) #8

Hi,

You SHOULD NOT interact directly with the database, especially to delete code. As Colin said, SonarQube does not support not storing the source code. The closest you’ll be able to come is

  • analyze
  • pull measure values
  • delete project

And then you’ll loose all historical perspective.

Or, you could run analysis, take a screenshot of the project homepage, and give that to the execs.

 
Ann


(Pravin) #9

Thanks Ann. Will see what we can do. BTW, deleting from database will break the licensing agreement? I am not sure if I understood it correctly.


(Nicolas Bontoux) #10

Hi Pravin,

Deleting from database will break the product altogether.

I was going through this topic and to me you haven’t clearly expressed why do you wish to delete the code ? (i.e. what is the true problem with having source code stored in DB). You’ve mentioned the following:

That is a functional use-case, and SonarQube does offer a functional answer for that:

  • Enterprise Edition , with its Portfolios Management and Executive Reporting features
  • standard Permissions Management , with the ability to control access to source code via the See Source Code permission

Beyond that, if there are specific reasons why it’s not acceptable for you to have source code stored in DB, please explain those specific reasons so we can discuss them and address your true concern here.