Currently, Sonar scans run daily on the tip of the Git repos. 

When triggering Sonar using "run-sonar" in any Gerrit, the Sonar job will run on the tip of the branch. Even if someone comments "run-sonar" on a non-merged Gerrit change, the job is designed to run on the tip of the branch, not on non-merged changes.

Talking to the security team in ONAP in ONS, they mentioned that Sonar supports now the capability of running on non-merged changes. The teams would like to see some Sonar scans before they can merge their patches and they wonder if we can enable this feature.

In the past, I know that running Sonar jobs on non-merged changes can mess up the reports and make them less reliable. Apparently, there is a way of allowing this. 

More info on the blog ONAP pointed me to:

https://blog.sonarsource.com/three-options-for-pre-commit-analysis

More on our Sonar job:

https://github.com/lfit/releng-global-jjb/blob/master/jjb/lf-maven-jobs.yaml#L837