Start Free
10.6 | Analyzing source code | Various setups | Verifying the code checkout step

Was this page helpful?

Verifying the code checkout step of your build pipeline

The SonarScanners run on code that is checked out from the repository. During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth. Indeed, the so-retrieved SCM metadata enables various features such as:

  • New Code detection:
    • On pull requests, not just the last commit but all the commits that are not on the target branch are considered. This requires a history long enough to find the common commit. 
    • On long-living branches, the New Code definition can be set in different ways but a longer history is always needed.
  • Blame information display and automatic issue assignment based on the blame information.
  • Issue backdating

In addition, we recommend cloning all the branches of the repository to avoid reference errors during the checkout. 

With Git, this means using fetch-depth: 0. This disables shallow clones and fetches all branches.  

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License