Why does a project need to be built before SonarQube's analysis?

Hello SonarQube community!

I would like to understand why a project needs to be built, before it can be analyzed by SonarQube. Since it’s a SAST analysis, this seems illogical. Anyone who can elaborate?

Thank you in advance for your reply!


Hello Mitchell,
Some analysers like SonarJava & SonarCFamily indeed need the project to be built before analysed.
Sonarjava analyse the bytecode (see java example) and SonarCFamily uses the build-wrapper output to add analysis informations.
This leads to more accurate analysis than only parsing the code.