Sonar sometimes can't get the "author" of commit. It's empty

Sonar sometimes can’t get the “author” of commit. It likes as below.

“issues”: [
{
“key”: “…”,
“rule”: “…”,
“severity”: “MAJOR”,
“component”: “…”,
“project”: “…”,
“line”: 45,
“hash”: “…”,
“textRange”: {
“startLine”: 45,
“endLine”: 45,
“startOffset”: 54,
“endOffset”: 64
},
“flows”: ,
“status”: “OPEN”,
“message”: “…”,
“effort”: “10min”,
“debt”: “10min”,
"author": “”,
“tags”: [
“cwe”
],
“creationDate”: “2020-08-08T17:07:36+0000”,
“updateDate”: “2020-08-08T17:07:36+0000”,
“type”: “BUG”,
“organization”: “default-organization”,
“fromHotspot”: false
},

Hi Nghia, welcome to the Community!

What type of source control system is being used for this project? Since you say it “sometimes” doesn’t work, I’m going to assume that sometimes it does and thus you’re using something compatible.

It’s possible the author in this case isn’t a registered user in your SonarQube instance. See the section User Correlation in the docs for more info.

Hi Jeff,

Thank you so much for your information.

Git was used as SCM and also SonarQube version is 7.9.3

If the case author can’t be registered in SonarQube instance, I assume it always can’t get the “author”.

//Nghia

Correct. And in such cases it’s possible to set a default assignee for the project for when the author cannot be matched.

Hi Jeff,

Well, I wonder if it’s possible for this way. Maybe not because for project with many members, we can’t set author to default one because the issue can be from other members.

Btw, regarding this way, we have a lot of commits are pushed to Gerrit and Sonar will scan project for every commit.
Is there any way to sonar can know which commit that issue belong to?
If this is possible, I think your way is possile.

I’m not sure what you’re asking. The commit is how we determine the author of the changes in the first place. If the author isn’t a registered SonarQube user, I don’t see how “knowing” which commit the issue belongs to will help anything.

If using a default assignee isn’t acceptable, I think your only choice is to ensure every project user is registered in SonarQube. Consider delegating authentication if you don’t want to add them all manually.

Hi Jeff,

Let ignore my words related to ‘commit’. I just re-think and it seems not possible :slight_smile:

What if the user already was registered in SonaQube but it still has blank in author?
I assume that because as I mentioned previous sometimes it can get the author, sometimes not. So I think the user was registered in SonarQube.

We correlate identity based on the email address associated with the commit user on the source control side with the email used for the user on the SonarQube side. I can only guess that either the user wasn’t registered in SonarQube as you assumed, or the email address they use on the source control side does not match.

Hope this helps!

I can be pretty sure that the email address is matched.
If the user wasn’t registered in SonarQube, it should be always blank for author all the time. It’s not for my case, it’s sometimes blank.

Additional thing I can share you is that my project is private and project key was created by another user and I lack of permission to browse and see source code.
I don’t know if this point cause this case. But still confusion and wondering, why blank author just sometimes occurs.

Maybe sometimes the scanner has problems collecting the blame information from git? Look at your scanner logs see if you have any warning. A common cause for that is shallow git clones, where only a few commits are available and the authors can’t be found for lines modified in older commits.