Storing Source Code

Hi,

I have a requirement where we don’t want to store the source code inside the sonar database, any idea how we can achieve that? I can understand that we might not be able to get details of the issue along with line number, its file etc, any help will be appreciated.

Pravin,

This is not possible. SonarQube relies on the source code for many if not all of its features beyond just issues (knowing what has changed, coverage/duplication information).

Without being able to get the details of an issue, what purpose does SonarQube even serve for you?

Colin

Hi Colin,

Actually we are creating small portal for clients who are C-Level executives, they just want to see numbers and progress of their team so code is not important for them, any idea how we can achieve this? We are trying to show them value and then once they agree to share the code we can give more insights. Thoughts how to achieve this?

Pravin,

Project-level reports are available, of course, after you scan your code to show high-level information such as # of bugs, vulnerabilities, code smell, code coverage, duplications, etc.

To extract information from SonarQube to display somewhere else, we have Web APIs that cover just about everything (Web API documentation linked in the footer of every instance).

All of this does require that the code be scanned and stored in the SonarQube database.

Colin

Thanks Colin.

If we want build a product without storing the code then can we delete code from database somehow after scan? We are working on one idea where code storage is not needed, so using comm edition for now want to achieve the same and later will migrate to paid one where we will get moee languages and deeper branch level analysis etc, also offcourse we will be using web api as you mentioned, as its under lgpl I dont think deleting from db should be an issue, right?

Any thoughts Colin?

Hi,

You SHOULD NOT interact directly with the database, especially to delete code. As Colin said, SonarQube does not support not storing the source code. The closest you’ll be able to come is

  • analyze
  • pull measure values
  • delete project

And then you’ll loose all historical perspective.

Or, you could run analysis, take a screenshot of the project homepage, and give that to the execs.

 
Ann

Thanks Ann. Will see what we can do. BTW, deleting from database will break the licensing agreement? I am not sure if I understood it correctly.

Hi Pravin,

Deleting from database will break the product altogether.

I was going through this topic and to me you haven’t clearly expressed why do you wish to delete the code ? (i.e. what is the true problem with having source code stored in DB). You’ve mentioned the following:

That is a functional use-case, and SonarQube does offer a functional answer for that:

  • Enterprise Edition , with its Portfolios Management and Executive Reporting features
  • standard Permissions Management , with the ability to control access to source code via the See Source Code permission

Beyond that, if there are specific reasons why it’s not acceptable for you to have source code stored in DB, please explain those specific reasons so we can discuss them and address your true concern here.

Thanks for the revert Nicolas. Enterprise edition is too costly and that’s why we are creating small portal for CXO with limited things, storing code is thats why not needed, many CXO are against storing the code(we did short survey and found this) for seeing high level reports, like number of issues, graph showing progress of issue resolution, security rating etc.