Git blame information missing from SonarQube projects

SonarQube server Enterprise Edition v2025.1 (102418)

I’m pretty sure git blame information used to be visible in my SonarQube projects - i.e., I could see who last changed each line of code when browsing the code file in SonarQube and assign issues to users. But something’s changed such that now I only see the date of the last commit for each line.

I’m using Azure DevOps with a self-hosted ubuntu agent to run the sonar scans using SonarScanner CLI 7.0.2.4839. The DevOps pipeline doesn’t do a shallow fetch (i.e., fetchDepth: 0 for the checkout step). The scanner is installed under /app/sonar-scanner on the machine but, during a pipeline run, the scan is launched from the root folder of my workspace where the sonar-project.properties file is also checked out and the .git folder lives too. I’ve confirmed I can run git blame successfully from that folder, and git status reports this just before running the scanner:

HEAD detached at 07941ef1
Untracked files:
  (use "git add <file>..." to include in what will be committed)
	build-wrapper-linux-x86/
	build-wrapper.zip
	build/os/linux_x64/azure/build-wrapper-output/
	coverage/

nothing added to commit but untracked files present (use "git add" to track)

I expect those files to be added by the pipeline after the checkout step but they’re not directly relevant to the SQ analysis (this is a C++ project). My sonar-project.properties file does not specify sonar.projectBaseDir but the scanner is run from the same folder as sonar-project.properties anyway.

The verbose sonar-scanner logs don’t show any warnings about missing blame information. It’s just that no git blame info is visible on any files when I browse them in the SQ server’s web UI.

Some other projects on the SQ server do appear to have git blame info, so I don’t think the server admins have disabled git blame visualisation for the whole server.

Does anyone have any ideas how to get git blame info back for my projects in SQ please?

Hi,

Could you start by sharing an analysis log (yes, I know you’ve said there are no warnings. I’m i-dotting.) and a screenshot of what you do see in SonarQube? Bonus points if the screenshot includes the popup you get when you click in the margin to get the SCM details.

 
Thx,
Ann

Sure, many thanks for looking at this Ann! I sent you the log file privately.

Here’s a sample screenshot from the SQ UI showing that all I see now is the commit date - no author name or commit message/id, just the date.

Hi,

Thanks for the log.

Here we go (this is toward the top, not the bottom):

2025-06-11T11:10:22.3637445Z 11:10:22.361 DEBUG SCM Step is disabled by configuration

This can be set in the server, either globally or at project level, or in your analysis parameters with sonar.scm.disabled=true

 
HTH,
Ann

1 Like

Thanks Ann! How embarrassing, I’d not seen that before. Yes, in the settings for my affected projects it has this, which I’d not spotted before:

When I toggle it off it says the setting is saved successfully, but then the toggle moves back to disabled again. I’ll speak to the server admins…

1 Like

BTW I can’t find any reference to sonar.scm.disabled in SQ’s docs; e.g., it’s not at Analysis parameters | SonarQube Server Documentation

Hi,

The intent of the Analysis Parameters listing was to give you the things that cannot be found in the UI, and can only set from the anlaysis.

 
HTH,
Ann

I’m happy to say that after the server admins untoggled that setting in the global admin settings, then I could also permanently untoggle it in my projects and, after running the DevOps pipelines, finally see the full git blame info in SQ again - author, commit date, revision id; as well as see author names in the margin.

I thought it wasn’t a global setting because some other projects did have git blame info, but perhaps that was from analyses that were run before the setting was turned off. Also, I don’t know why it was turned off in the first place - maybe it was the new default after an upgrade of SQ? Or maybe they thought it hampers performance?

(Also, what I really meant was that I could find no reference to the sonar.scm.disabled setting anywhere in the SQ docs, not just on that Analysis Parameters page.)

Thanks again for your help, @ganncamp!

1 Like

Update: at SCM integration | SonarQube Server Documentation however, I now see it says this about SCM integration:

If need be, you can toggle it off at the global level via administration settings and at a project level via project settings.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.