This plugin is deprecated since SonarQube 5.0 which has built-in support for SCM information and which relies on independent plugins to cover SCM providers.
Description / Features
This plugin collects SCM blame information and displays the date of the commit and the commiter ID to the left of each line of code:
This plugin also enables the computation of:
All SCM providers currently require the native executable to be installed on the server where the SonarQube analysis will run. For example, for projects hosted on a Subversion repository and analysed on a Jenkins server, an svn executable must be available on the Jenkins server (and its slaves if any).
Subversion (1.6+ client)
Team Foundation Server (all versions)
Requires SonarTfsAnnotate.exe to be
- tested by users
- not tested
- not implemented
- Install the plugin through the Marketplace or download it into the SONARQUBE_HOME/extensions/plugins directory
- Restart the SonarQube server
Configuring the SCM Activity Plugin: SVN, Git, Mercurial and Team Foundation Server (TFS)
Information is automatically retrieved from the .git, .svn, $tf, etc. folders. Therefore, nothing has to be configured and no configuration will be taken into account.
In order for this to work, the
sonar-project.properties file needs to be located in a checked-out folder, but it does not have to be checked-in.
Alternatively, you can set the "
sonar.projectBaseDir" property to a checked-in folder (requires sonar-runner 2.4 at least), and have the
sonar-project.properties files located anywhere.
Configuring the SCM Activity Plugin: Others
At the project level, go to Configuration > Settings > SCM Activity
Set the SCM URL your project (see SCM URL Format).
- Specify the User and Password properties if needed. If the SCM URL property contains the user information (as with CVS), then these fields should be left blank.
- Launch a new quality analysis and the metrics will be computed.
SCM URL Property Key is = sonar.scm.url
Security note for SonarQube 3.4.0 to 3.6.3 included
*.secured properties to be read during the project analysis, it is necessary to set the
sonar.password properties to the credentials of a user that is:
- System administrator
- And project administrator on the project that is being analyzed
sonar-runner -Dsonar.login=admin -Dsonar.password=admin
Forcing the Retrieval of Blame Information
Note that a property should be added sooner or later to explicitly force this retrieval or not. See SONARPLUGINS-2359.
Subversion "Server certificate verification failed: issuer is not trusted"
Add the following to
CVS anonymous access not working "org.apache.maven.scm.ScmException: password is required."
Try setting an empty password for the repository in
.cvspass. For example:
I use Git and the annotated sources sometimes display a wrong/old author name
The plugin uses the '
git blame' command to get the author of each line. Because a single user can commit with multiple author names/emails, it is advised to have a
.mailmap file at the root of the repository. This file is used by '
git blame' to determine the canonical name/email of each user.
I use Git and the annotated sources sometimes display "Not Committed Yet"
If you have set the parameter
autocrlf to "
true" or "
input", and the source file was previously committed with Windows line endings, then git blame will report each line as "Not Committed Yet" as an indication that the file will be normalized to Unix line endings in case you do a modification and a commit on the same file.
The simplest workaround is to always set autocrlf to "false" on the box doing the SonarQube analysis.
Specific configuration for Jazz RTC
Additional configuration for Perforce
Since version 1.6, you have to set an additional property to define the Perforce client name while running your analysis: