Where does sonarqube save source post analysis?
Where does sonar save the source code on which the analysis is run? How secure is it?
SonarQube saves the source into the database, so it as secure as your database that you are using. But it only keeps only the last version of the source. If you don't want to upload the source to the database, then turn off the Import Sources feature. You can do that with the following property: sonar.importSources=false or you can set on the settings page under the security options. In this case the source code will stay on your machine when you analyze.