What actually the SQ is scanning?

My understanding is that the SQ doesn’t compile any source code, but it scans code and apply language based rule matrix in order to produce its analysis. I’m trying to understand what SQ is actually scanning: is that source code, which is what goes into the compiler, not what is generated by the compiler? Thanks,


Yes, Sonar’s language analyzers look for issues in source code before any sort of compilation.

For compiled languages, understanding the build environment helps to provide richer and more accurate results but ultimately, the analysis and results focus on your source.


Thanks Brian for your response. But for the line of code Coverage analysis, doesn’t the SQ depend on the output of the unit tests executed by the Build i.e. MSVS test, etc.?


Yes if you are planning on importing coverage reports, you must have run those tests and generated the reports.

Since you mentioned .NET, our scanner for MSBuild and .NET Core does require a build as the analyzer is integrated with the Roslyn Framework. However, the analysis still focuses on the source code and you cannot only provide binaries to the scanner.

I hope this clarifies for you,


Makes sense. Thanks

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.