Missing commit information on new code on worktree

Hi
I installed sonarqube locally on windows (community Edition Version 9.9.3, build 79811) with scanner version 6.2.1.
I cloned repo from bitbucket which include .Qgit folder, and edited the sonar-scanner and sonar-properties files with:

“sonar.scm.provider=.Qgit”
“sonar.scm.disabled=true”

afterward I pushed commit with vulnerability so the next scan will catch it.
I was expecting to see in the soar GUI the vulnerability with all the commit information like date, commit id and contributor, however, the only information I could see I was the commit date. any idea what is missing in order to see also the commit id and contributor? it’s mandatory as part of request I got from product, but I couldn’t find any web information for this issue.

I think this happens when the user isn’t known to Sonarqube. Force all users to log in and it should solve the issue.

Hey there.

SonarQube officially supports Git and SVN. SonarQube does not support QGit, and won’t recognize a .QGit folder.

My understanding is that QGit is just a git UI viewer, not a separate SCM provider. Does your project have a .git folder?

I forgot to mentioned my user did the commit, and I already logged in with that user to sonar and I gave it admin and analysis permissions

I tried also with .git (which exists), but same issue

@ganncamp maybe you can advise? I see similar post from the past:

Hey there.

Please don’t tag issues not engaged on a topic. You might think it bumps it to the top of their list, but it actually does the opposite!

I"m a little afraid you’re setting sonar.scm.provider to .git, which is an invalid value. If you are going to set it at all, it should be git – but you shouldn’t have to, since it gets automatically detected.

You should also not be turning off SCM information if your goal is to import that into SonarQube.

How about you remove both configuration for sonar.scm.provider and sonar.scm.disabled – and if it’s still not working, turn on DEBUG logging (sonar-scanner -X) and provide those logs here?

I forgot to mention, but I’m working on worktree, so once I’m removing the lines you said it goes to other path and fails with:

ERROR Error during SonarScanner CLI execution
java.lang.IllegalStateException: Unable to open Git repository

Thanks for that info! That explains why it isn’t working. You’ve already found this other thread discussing it.

And as I mentioned there, I’m following up on when we can expect to incorporate the new version of JGit.

So just to confirm my concern and close this thread, the reason I’m missing the blame information (commit ID and author) is since I’m running the scanner on worktree?
BTW, if it’s indeed that is the case, I think this should be mention it in your official documentation under known issues: SCM integration

Hi @arielman , thank you for your feedback. I created a ticket to improve the documentation.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.