Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 176 Next »

Unknown macro: {iframe}

Your browser does not support iframes.

Description / Features

This plugin collects SCM blame information and displays the date of the commit and the commiter ID to the left of each line of code:

This plugin also enables the computation of:


On by default

This plugin is enabled by default for all projects.

If this plugin is enabled for a project, but its settings are neither configured nor discoverable (e.g. available in a pom.xml file) analyses for the project will fail.

SCM Activity can be disabled on a project-by-project basis, or disabled globally at Settings > General Settings > SCM Activity and then enabled on a project-by-project basis.



All SCM providers currently require the native executable to be installed on the server where the SonarQube analysis will run. For example, for projects hosted on a Subversion repository and analysed on a Jenkins server, an svn executable must be available on the Jenkins server (and its slaves if any).

(tick) - supported

(star) - tested by users

(question) - not tested

(error) - not implemented


  1. Install the plugin through the Marketplace or download it into the SONARQUBE_HOME/extensions/plugins directory
  2. Restart the SonarQube server


Configuring the SCM Activity Plugin

At the project level, go to Configuration > Settings > SCM Activity

  1. Set the SCM URL of your project (see SCM URL Format): sonar.scm.url properties. For Git, SVN and Mercurial, the SCM provider is automatically discovered, so what's defined in this property is ignored.

  2. Specify User (sonar.scm.user.secured) and Password (sonar.scm.password.secured) if needed. If it is set, developerConnection will be used, otherwise connection will be used. If your sonar.scm.url contains the user information (as with CVS), then these fields should be left blank.
  3. Launch a new quality analysis and the metrics will be fed.


Security note for SonarQube 3.4.0 to 3.6.3 included

For the *.secured properties to be read during the project analysis, it is necessary to set the sonar.login and sonar.password properties to the credentials of a user that is:

  • System administrator
  • And project administrator on the project that is being analyzed
sonar-runner -Dsonar.login=admin -Dsonar.password=admin


Forcing the Retrieval of Blame Information

In some cases, it is necessary to retrieve blame information on files that have not been changed (for example when a user has been renamed). To force this retrieval, here are the steps to follow:

  1. Deactivate the SCM Activity plugin at the project level: sonar.scm.enabled = false
  2. Run an analysis on your project
  3. Reactivate the SCM Activity plugin on the project: sonar.scm.enabled = true
  4. Run an analysis on your project


Note that a property should be added sooner or later to explicitly force this retrieval or not. See SONARPLUGINS-2359.



Subversion "Server certificate verification failed: issuer is not trusted"

Add the following to .subversion/servers:

ssl-authority-files = /path/certificate.crt
ssl-trust-default-ca = yes

CVS anonymous access not working "org.apache.maven.scm.ScmException: password is required."

Try setting an empty password for the repository in .cvspass. For example:

/1 A

I use Git and the annotated sources sometimes display a wrong/old author name

The plugin uses the 'git blame' command to get the author of each line. Because a single user can commit with multiple author names/emails, it is advised to have a .mailmap file at the root of the repository. This file is used by 'git blame' to determine the canonical name/email of each user.


I use Git and the annotated sources sometimes display "Not Committed Yet"

If you have set the parameter autocrlf to "true" or "input", and the source file was previously committed with Windows line endings, then git blame will report each line as "Not Committed Yet" as an indication that the file will be normalized to Unix line endings in case you do a modification and a commit on the same file.

The simplest workaround is to always set autocrlf to "false" on the box doing the SonarQube analysis.

Additional configuration for Perforce

You have to set an additional property to define the Perforce client name while running your analysis: This property can only be passed via command line (do not set it in the file).


Change Log

type key summary priority

Data cannot be retrieved due to an unexpected error.

View these issues in Jira


type key summary priority

Data cannot be retrieved due to an unexpected error.

View these issues in Jira


type key summary priority

Data cannot be retrieved due to an unexpected error.

View these issues in Jira

  • No labels