search
Start Free

Checked-out code

During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth.

The SonarScanners run on code that is checked out from the repository. During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth. Indeed, the so-retrieved SCM data enables various features such as:

  • New Code detection:

    • On pull requests, not just the last commit but all the commits that are not on the target branch are considered. This requires a history long enough to find the common commit.

    • On long-living branches, the New Code definition can be set in different ways but a longer history is always better.

  • Blame information display and automatic issue assignment based on the blame information.

  • Issue backdating.

circle-exclamation

A full Git clone is required. If a shallow clone is found, the blame information retrieval will be skipped and the analysis may fail.

In addition, we recommend cloning all the branches of the repository to avoid reference errors during the checkout.

With Git, this means using fetch-depth: 0. This disables shallow clones and fetches all branches.

circle-exclamation

  • Avoid any attempt at performing actions on the cloned repository to make sure the repository contains valid repository metadata (e.g. the .git folders have not been removed).

  • The code in the cloned repository matches the code in the original repository (e.g no code is added to the branch on the cloned repository before analysis).

hashtag
Related pages

SCM integration Issue backdating (new issues raised on old code)

PreviousTLS certificates on client sideNextManaging JRE auto-provisioning

Last updated

Was this helpful?