Need help with git scm publisher

Must-share information (formatted with Markdown):

  • SQ 6.7.3, SonarJava 5.6, Git plugin
  • Trying to see blame annotations in SQ
  • Enabling git plugin (& restarting)

Trying to get blame annotations by using git plugin. In first analysis run, I saw the message indicating download of jar file for scm git. I’m getting these messages on the client host:

[sonar:sonar] Sensor CPD Block Indexer
[sonar:sonar] Sensor CPD Block Indexer (done) | time=84ms
[sonar:sonar] SCM Publisher is disabled
[sonar:sonar] 2 files had no CPD blocks
[sonar:sonar] Calculating CPD for 3 files

Why/How is the publisher disabled?

I’ve looked at the documentation page, and tried adding sonar.scm.provider=git, but I don’t think this should be needed as there is a .git folder.


There’s a setting at global and project levels to disable the SCM sensor. It’s off by default. Look under Administration > SCM > Disable the SCM Sensor.


Thanks for your quick reply Ann.

I checked the setting for Disable SCM Sensor at both the global and project level. It is unset/default/left - which should mean that the sensor is NOT disabled.

I even tried deleting the project and recreating via new analysis. The project created with the SCM sensor not disabled (confusing having settings as negative booleans). Still seeing same behavior.


Let’s back up for a minute. Do you see ‘blame’ data in SonarQube?

Because I’m not actually sure about “SCM Publisher”. If you’re not seeing this data, are there any other SCM-related lines in your analysis log?


I am not seeing any blame data (just a narrow column of line numbers) - that’s why I wanted to set up git plugin.

By “analysis log”, I assume you mean the client-side analysis operation?

The only SCM messages are 1) on the first run, I saw that it downloaded a jar for git scm. 2) the SCM publisher disabled message that I posted above.


Can you provide your full checkout-build-analysis procedure?


Unfortunately, that’s difficult. Much of that procedure is proprietary.

The initial checkout is performed by a proprietary script. I know that after the checkout, I can use all of the standard git commands. There is a .git folder at the root of the environment. I usually checkout a mainline branch, create a local branch, tracking mainline.

Build is again a proprietary mechanism that uses ANT to perform the build process. At the end of the build, the SQ ANT task is invoked to perform analysis.

Among other standard properties, this is set. I’ve also tried unsetting it, and I’ve compared it to the information in the .git folder:
sonar.scm.url= scm:git:ssh://

Here is the (slightly redacted) analysis output:

[sonar:sonar] Apache Ant(TM) version 1.9.8 compiled on February 28 2018
[sonar:sonar] SonarQube Ant Task version: 2.5
[sonar:sonar] Loaded from: file:/xxxxx/sonarqube-ant-task-2.5.jar
[sonar:sonar] User cache: /home/xxxxx/.sonar/cache
[sonar:sonar] Publish mode
[sonar:sonar] Load global settings
[sonar:sonar] Load global settings (done) | time=93ms
[sonar:sonar] Server id: AWIbG0NUGqJOeglEfZca
[sonar:sonar] User cache: /home/xxxxx/.sonar/cache
[sonar:sonar] Load plugins index
[sonar:sonar] Load plugins index (done) | time=54ms
[sonar:sonar] Default locale: "en_US", source code encoding: "UTF-8"
[sonar:sonar] Process project properties
[sonar:sonar] Load project repositories
[sonar:sonar] Load project repositories (done) | time=143ms
[sonar:sonar] Load quality profiles
[sonar:sonar] Load quality profiles (done) | time=42ms
[sonar:sonar] Load active rules
[sonar:sonar] Load active rules (done) | time=588ms
[sonar:sonar] Load metrics repository
[sonar:sonar] Load metrics repository (done) | time=39ms
[sonar:sonar] Project key: XXXTest-1.0
[sonar:sonar] -------------  Scan XXXTest-1.0
[sonar:sonar] Base dir: /xxxxx/XXXTest
[sonar:sonar] Working dir: /xxxxx/sonar
[sonar:sonar] Source paths: src
[sonar:sonar] Test paths: tst
[sonar:sonar] Source encoding: UTF-8, default locale: en_US
[sonar:sonar] Load server rules
[sonar:sonar] Load server rules (done) | time=70ms
[sonar:sonar] Index files
[sonar:sonar] Excluded sources: 
[sonar:sonar]   **/*.scala
[sonar:sonar] 6 files indexed
[sonar:sonar] 0 files ignored because of inclusion/exclusion patterns
[sonar:sonar] Quality profile for java: MY_PROFILE
[sonar:sonar] Sensor JavaSquidSensor [java]
[sonar:sonar] Configured Java source version ( 8
[sonar:sonar] JavaClasspath initialization
[sonar:sonar] JavaClasspath initialization (done) | time=14ms
[sonar:sonar] JavaTestClasspath initialization
[sonar:sonar] Bytecode of dependencies was not provided for analysis of test files, you might end up with less precise results. Bytecode can be provided using property
[sonar:sonar] JavaTestClasspath initialization (done) | time=0ms
[sonar:sonar] Java Main Files AST scan
[sonar:sonar] 5 source files to be analyzed
[sonar:sonar] 5/5 source files have been analyzed
[sonar:sonar] Java Main Files AST scan (done) | time=1407ms
[sonar:sonar] Java Test Files AST scan
[sonar:sonar] 1 source files to be analyzed
[sonar:sonar] 1/1 source files have been analyzed
[sonar:sonar] Java Test Files AST scan (done) | time=66ms
[sonar:sonar] Sensor JavaSquidSensor [java] (done) | time=2397ms
[sonar:sonar] Sensor CheckstyleSensor [checkstyle]
[sonar:sonar] Execute Checkstyle 8.11...
[sonar:sonar] Checkstyle configuration: /xxxxx/checkstyle.xml
[sonar:sonar] Checkstyle charset: UTF-8
[sonar:sonar] Execute Checkstyle 8.11 done: 882 ms
[sonar:sonar] Sensor CheckstyleSensor [checkstyle] (done) | time=893ms
[sonar:sonar] Sensor FindBugs Sensor [findbugs]
[sonar:sonar] Loading findbugs plugin: /xxxxx/sonar/findbugs/findsecbugs-plugin.jar
[sonar:sonar] Findbugs output report: /xxxxx/sonar/findbugs-result.xml
[sonar:sonar] The following classes needed for analysis were missing:
[sonar:sonar]   execute
[sonar:sonar] Sensor FindBugs Sensor [findbugs] (done) | time=5263ms
[sonar:sonar] Sensor SurefireSensor [java]
[sonar:sonar] parsing [/xxxxx/target/surefire-reports]
[sonar:sonar] Sensor SurefireSensor [java] (done) | time=1ms
[sonar:sonar] Sensor JaCoCoSensor [java]
[sonar:sonar] You are not using the latest JaCoCo binary format version, please consider upgrading to latest JaCoCo version.
[sonar:sonar] Analysing /xxxxx/coverage/jacoco.exec
[sonar:sonar] No information about coverage per test.
[sonar:sonar] Sensor JaCoCoSensor [java] (done) | time=123ms
[sonar:sonar] Sensor SonarJavaXmlFileSensor [java]
[sonar:sonar] Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
[sonar:sonar] Sensor Zero Coverage Sensor
[sonar:sonar] Sensor Zero Coverage Sensor (done) | time=28ms
[sonar:sonar] Sensor CPD Block Indexer
[sonar:sonar] Sensor CPD Block Indexer (done) | time=43ms
[sonar:sonar] SCM Publisher is disabled
[sonar:sonar] 2 files had no CPD blocks
[sonar:sonar] Calculating CPD for 3 files
[sonar:sonar] CPD calculation finished
[sonar:sonar] Analysis report generated in 212ms, dir size=63 KB
[sonar:sonar] Analysis reports compressed in 29ms, zip size=27 KB
[sonar:sonar] Analysis report uploaded in 51ms
[sonar:sonar] ANALYSIS SUCCESSFUL, you can browse
[sonar:sonar] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[sonar:sonar] More about the report processing at
[sonar:sonar] Task total time: 11.232 s


This looks odd to me (are you making un-checked-in changes before analysis?) but is probably not the problem.

Poking at the SQ code a little, it appears that somewhere you really are setting a parameter to turn off SCM blame info. Please try adding this parameter: to your command line. As described in the docs it will output

to the specified file the full list of properties passed to the scanner API as a means to debug analysis.


Thanks Ann. That did it. I found sonar.scm.disabled was set in one of the buried ANT files.