What is the relationship between SonarScanner and Sonar code analyzer

Does the SonarScanner use different Sonar code analyzers to do the static analysis? I am a bit of lost about how the entire SonarQube platform works under the hood.

For example if I do a local Gradle build with SonarScanner, How does the SonarScanner get the code analyzer to do the analysis? Are these code analyzer built in the scanner or SonarScanner has to interact with SonarQube server to first download a specific anayzer to do the local analysis?

Thank you very much.

Hi @lokta_86,

sonar-scanner is connecting to the SonarQube server to download the analyzers, quality profiles and other information required to run the analysis, it indeed requires interaction with the server.

@mpaladin Thank you so much for the explanation.

Assuming I am working on a Java project. SonarScanner will certainly use the Sonar Java code analyzer.

My project also uses the checkstyle, the pmd and the findbugs Gradle plugins to do static analysis. I have two questions as follows:

  • I am not sure if SonarScanner already uses these three tools to do the analysis

  • If I use these three tools with customized configurations, and import findbugs, pmd, and checkstyle issue reports, will these reports overwrite the results generated by SonarScanner? Or will append to the results generated by SonarScanner?

Thank you very much.

Hi @lokta_86,

SonarJava analyzer has its own checks, it doesn’t run those tools, and I think it is the only analyzer you need.

They are not going to overwrite the overlapping, they will be distinct issues.

So besides the issues found by Sonar Java analyzer, these imported issues coming from my own check tools will be appended to the final result and shown in the SonarQube UI “Issues” list?

Hi @lokta_86,


Thank you very much.

1 Like