Hi
I installed sonarqube locally on windows (community Edition Version 9.9.3, build 79811) with scanner version 6.2.1.
I cloned repo from bitbucket which include .Qgit folder, and edited the sonar-scanner and sonar-properties files with:
afterward I pushed commit with vulnerability so the next scan will catch it.
I was expecting to see in the soar GUI the vulnerability with all the commit information like date, commit id and contributor, however, the only information I could see I was the commit date. any idea what is missing in order to see also the commit id and contributor? it’s mandatory as part of request I got from product, but I couldn’t find any web information for this issue.
Please don’t tag issues not engaged on a topic. You might think it bumps it to the top of their list, but it actually does the opposite!
I"m a little afraid you’re setting sonar.scm.provider to .git, which is an invalid value. If you are going to set it at all, it should be git – but you shouldn’t have to, since it gets automatically detected.
You should also not be turning off SCM information if your goal is to import that into SonarQube.
How about you remove both configuration for sonar.scm.provider and sonar.scm.disabled – and if it’s still not working, turn on DEBUG logging (sonar-scanner -X) and provide those logs here?
So just to confirm my concern and close this thread, the reason I’m missing the blame information (commit ID and author) is since I’m running the scanner on worktree?
BTW, if it’s indeed that is the case, I think this should be mention it in your official documentation under known issues: SCM integration