Hello SonarQube community!
I would like to understand why a project needs to be built, before it can be analyzed by SonarQube. Since it’s a SAST analysis, this seems illogical. Anyone who can elaborate?
Thank you in advance for your reply!
Mitchell
Hello Mitchell,
Some analysers like SonarJava & SonarCFamily indeed need the project to be built before analysed.
Sonarjava analyse the bytecode (see java example) and SonarCFamily uses the build-wrapper output to add analysis informations.
This leads to more accurate analysis than only parsing the code.
Alex.