Commit info dissapears on second analysis

Hi, everyone:

I just found out an abnormal behaviour I could reproduce but I cannot explain.

Whenever I run a second analysis over a branch on a project whose new code period is set to reference branch, commit info dissapears on the SonarQube UI (on an Enterprise Edition)

This is the way to reproduce the behaviour. I used NodeGoat project for demo purposes:

In my case, I have forked the project here in order to not disturb the original repo: You could use it if you will

  1. Clone the repo: git clone
  2. git checkout develop
  3. run an analisis of the develop branch
  4. go to SonarQube and set new code to reference branch (develop)
  5. git checkout the branch. In our case, git checkout test/new_code
  6. run an analisis of the test/new_code branch.

I have modified app/data/profile-dao.js in order to add a line of code:

const password = ‘1234567234523test’

You will see this in SonarQube, and that’s fine:

As you see, commit info is on SonarQube, as well as the issue is raised. Everything ok.

  1. run another analysis of the test/new_code branch

And there you are.

Commit info has disappeared. The issue is still there and is correct, as well as the issue date but blaming info has dissapeared:

I found this in one of our customers and then tried to reproduce it. They have a daily pipeline and commits occurs every two to three days, so if you look at the code in SonarQube the second or the third day, this will show up.

I have tried this on several projects and instances. If you introduce some more commits, and therefore, some more lines, or separated blocks, none of the commit info inside your branch is displayed.

I have reproduced it in:
SonarQube 9.9.4 LTA, SonarQube 10.5, both Enterprise Edition (have not a Developer or Data Center to play with) with SonarScanners 4.6, 4.8 and 5.0.1

Am I maybe doing smth wrong?
I can provide more info if necessary.

1 Like

This screenshot is on 9.9.4 LTA:


And this analysis is made over Jenkins. Is the second run of the analysis.

I just found out this (sonarscanner 4.6):

In the second analysis we have no SCM provider info.

I have reproduced it also in sonarscanner 5.0.1:

Hello Mariote,

We tried to reproduce the issue by doing the steps you provided but we still have the commit info on the lines after multiple analysis.
You are saying that you no longer have the commit info, but we can see on the screenshots that the commit author is there (“kcheta”). Do you mean that you don’t get the full commit info when clicking on the author?

Hi, Eric,

Thank you for your response. Looking at my first image i just realized i misuploaded that screenshot.

Here’s a screenshot of github: “kcheta” is not the commiter of the line 15 “const password = ‘1234567234523test’;”, but myself:

As you can see in the second screenshot in my post above, the first time I make an analysis, which it will show as I am the commiter, but in the second analysis (third and fourth), it will appear as if it was “kcheta”.

The point I am trying to proof here is that in the first analysis, it will show the correct blaming info, but in the second one, we have all the new code, but it won’t show any of the commiters of that new code. (screenshot on the second post).

Thank you in advance.


Hi Mariote,
Thank you for the details. I understand better now and I can indeed reproduce the issue.
I’ll investigate more next week.


Hi Mariote,

Apologies for the delay. I identified the issue and created a bug ticket SONAR-22265.
In the meantime, if it is problematic for you, you can force the reloading of all the commit info on every analysis with the analysis property sonar.scm.forceReloadAll=true.



Hi, Eric!

Thank you so much for your time and effort. I’m glad to have helped to discover a bug and excited to see the upcoming changes!

In the meanwhile, we will force the scm info reload in this particular customer :slight_smile:

Thank you again!