This recipe showed you how to quickly detect security vulnerabilities and bugs in your project.

In the Adding a project recipe, in step 5, when we start analyzing our example, the files that are provided to the analysis are analyzed on the server-side, and the result of the analysis is sent back to the server as a report. This report is analyzed in an asynchronous way on the server-side.

Reports are added to a queue and processed by the server in order. If multiple reports are sent back to the server, the results may take some time to be displayed on the SonarQube Dashboard.

By default, only the files that can be detected by the installed code analyzer are loaded into the project. This means that if you only have SonarJava code written in C or Go and YAML files that are very common in the Kubernetes world, they will be ignored.