{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 姐就是有狂的资本 的问题《How sonarqube works - Part 2》','https://www.manongdao.com/q-1038330.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am creating this as a follow-up question to this original one: How sonarqube works
To repeat for ease of reading this is the original question:
I have a question that, how analysis happen in sonarqube. when I do mvn sonar:sonar -Dsonar.host.url=http://sonar.com what will happen in background. what I felt is like
Maven will use some plugins and communicate with sonarqube server Load all the rules that it have in sonarqube server in location we run mvn sonar:sonar Analyze source code using set of rules we loaded from sonarqube server push it back to SonarQube database and results will be displayed on SonarQube server Is this is the proper way that it works? or source code will go into sonarqube server and analysis will happen in sonarqube server itself?
Below is the answer from G. Ann - SonarSource Team who actually directed me to post this brand new question instead of commenting there:
You've got it mostly right:
Maven will use some plugins and communicate with SonarQube server Load all the rules that it have in SonarQube server in location we run mvn sonar:sonar Analyze source code using set of rules we loaded from SonarQube server Calculate file-level metrics Read coverage reports if any Compile data into an analysis report and push it back to the SonarQube server The server pops the uploaded report from the queue, and integrates it, storing issues and calculating high-level metrics User sees updated project status on Project homepage
And here are my additional questions for the above answer:
1- Sonar rules are fetched from server and code is analyzed in another server(location where we run sonar:sonar). It is not the other way around? The code is not loaded TO sonarqube server? When I look at the rule violations in sonar UI I can see the code inside sonarqube itself. How does that happen?
2- if rules are loaded to a diffferent server then that server should have the code right? How is the analysis performed? Do we need an agent in this "other" server where the rules are loaded into?
3- During analysis, data is requested from the server, the files provided to the analysis are analyzed, and the resulting data is sent back to the server at the end in the form of a report, which is then analyzed asynchronously server-side (docs.sonarqube.org/latest/analysis/overview). what are the requested(and then analyzed) and sent back data here? Who is requesting the data? The server where we run sonar:sonar? (P.S.: sonar version 6.5 here)
Thanks a bunch!!