I have a public golang repo on github and I setup a sonar project for it.
It was able to scan the code directly.
Does this mean my language (golang) doesn’t require me to run the scanner in my build pipeline? What would I need to run the scanner for? Would it pick up more stuff? Is it needed for branch analysis? Or maybe its only if I have a private repo that is not public and sonarcloud doesn’t provide public IPs for whitelisting?
I don’t even have a sonar project config file in the repo yet.