Does the SonarScanner use different Sonar code analyzers to do the static analysis? I am a bit of lost about how the entire SonarQube platform works under the hood.
For example if I do a local Gradle build with SonarScanner, How does the SonarScanner get the code analyzer to do the analysis? Are these code analyzer built in the scanner or SonarScanner has to interact with SonarQube server to first download a specific anayzer to do the local analysis?
sonar-scanner is connecting to the SonarQube server to download the analyzers, quality profiles and other information required to run the analysis, it indeed requires interaction with the server.
Assuming I am working on a Java project. SonarScanner will certainly use the Sonar Java code analyzer.
My project also uses the checkstyle, the pmd and the findbugs Gradle plugins to do static analysis. I have two questions as follows:
I am not sure if SonarScanner already uses these three tools to do the analysis
If I use these three tools with customized configurations, and import findbugs, pmd, and checkstyle issue reports, will these reports overwrite the results generated by SonarScanner? Or will append to the results generated by SonarScanner?
So besides the issues found by Sonar Java analyzer, these imported issues coming from my own check tools will be appended to the final result and shown in the SonarQube UI “Issues” list?