OK googled a little more and now I know this is something called “automatic analysis” and has limitations: Automatic analysis & SonarCloud
It also appears sonarcloud does not provide static public IPs for whitelisting (which is probably a deal breaker for some orgs that want to restrict at the network boundary) is this still the case?GitHub IP Whitelist and SonarCloud