Checked-out code

During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth.

The SonarScanners run on code that is checked out from the repository. During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth. Indeed, the so-retrieved SCM integration enables various features such as:

New Code detection:
- On pull requests, not just the last commit but all the commits that are not on the target branch are considered. This requires a history long enough to find the common commit.
- On long-living branches, the New Code definition can be set in different ways but a longer history is always better.
Blame information display and automatic issue assignment based on the blame information.
Issue management solution.

For more information on SCM integration, seeSCM integration.

In addition, we recommend cloning all the branches of the repository to avoid reference errors during the checkout.

With Git, this means using fetch-depth: 0. This disables shallow clones and fetches all branches.

Avoid any attempt at performing actions on the cloned repository to make sure the repository contains valid repository metadata (e.g. the .git folders have not been removed).
The code in the cloned repository matches the code in the original repository (e.g no code is added to the branch on the cloned repository before analysis).

PreviousTLS certificates on client side NextSonarScanner CLI

Last updated 10 days ago

Was this helpful?