Sonarqube: Missing blame information for the following files

Question

I am getting the warning Missing blame information for the following files during analysis by SonarQube.

[INFO] [22:19:57.714] Sensor SCM Sensor
[INFO] [22:19:57.715] SCM provider for this project is: git
[INFO] [22:19:57.715] 48 files to be analyzed
[INFO] [22:19:58.448] 0/48 files analyzed
[WARN] [22:19:58.448] Missing blame information for the following files:
(snip 48 lines)
[WARN] [22:19:58.449] This may lead to missing/broken features in SonarQube
[INFO] [22:19:58.449] Sensor SCM Sensor (done) | time=735ms

I am using SonarQube 5.5, analysis is done by Maven in a Jenkins job, on a multi-module Java project. Git plugin 1.2 is installed.

Manually running git blame in a bash shell, on any of the offending files, gives an expected output.

Related questions I found were all about SVN, my issue is with Git.

How do I get git blame information on Sonarqube?

If I understand your description, you have a simple Jenkins project using multiple git repository ? And your sonar project is a sum up of all git module pulled by Jenkins. — Flows, Jun 01 '16 at 11:57
So you may have a look to [this post](http://stackoverflow.com/questions/28295261/how-can-i-use-git-as-the-scm-provider-in-sonarqube-5-0-using-sonar-runner/28326588#28326588). I have the issue with Jenkins managing several git project in on single Jenkins project — Flows, Jun 01 '16 at 12:27
No. That was not the root cause of the problem. All files *were* committed, but JGit lied to SonarQube about this. This is a 5 year old, well documentend, and unresolved bug in JGit. See my answer below. — Amedee Van Gasse, Jun 01 '16 at 12:29

score 13 · Accepted Answer · edited May 23 '17 at 12:25

The cause was a JGit bug. JGit does not support .gitattributes. I had ident in my .gitattributes. Plain console git checked out the source, applied ident on $Id$ macros, but then JGit ignored that and saw a difference that wasn't committed, where there actually wasn't one.

The friendly people on the SonarQube mailing list helped me out, and suggested debugging with the standalone JGit command line distribution:

chmod +x /where/is/org.eclipse.jgit.pgm-<version>-r.sh
/where/is/org.eclipse.jgit.pgm-<version>-r.sh blame -w /path/to/offending/file

This particular JGit bug has not been solved for over 5 years and I have no hope that it will be solved anytime soon, so I removed the $Id$ macros from all my sources.

This is the (Bash) code I used, to remove all $Id$ macros:

find */src -name "*.java" | xargs -n 1 sed -i '/$Id.*$/d'
find */src -name "*.java" | xargs git add
git commit -m "Remove $Id$ macros"
git push

What about windows machine user, How they can remove the $Id$ macros? I tried above lines but it's not working in Git Bash — S Atah Ahmed Khan, Jan 15 '19 at 07:15
Install the Linux subsystem for Windows, or whatever the Linux-on-Windows is called nowadays, and you have a full Linux running native in Windows. But your question is outside of the scope of this question, if you still need help, start a new question. — Amedee Van Gasse, Jan 15 '19 at 08:07

score 8 · Answer 2 · answered Jan 26 '18 at 03:02

8

I ran into this issue with a build that stopped working after a Sonar upgrade.

The problem for me was that the Jenkins job was configured to do a Shallow Clone when pulling from git. This does not pull in enough history so Sonar 5.6.6 could not do an analysis because blame information was not included in the shallow copy. I used the -X option when running Sonar to view the actual commit number that it was choking on.

I'm my case I simply unchecked the shallow copy check box and BAM, it worked again (though more slowly)!

answered Jan 26 '18 at 03:02

neoscribe

2,203
1
21
18

Your answer is unrelated to the question I asked, however it is still useful because it suppresses another warning message I got from SonarQube. – Amedee Van Gasse Jun 25 '19 at 08:37
11

How it it unrelated if it results in the same warnings? – John Mercier Oct 07 '19 at 14:28
I've had the same problem, in Jenkins, and the shallow cloning was the preceding warning for me too. So to me that is a bona fide answer, in Jenkins context – Nestor Milyaev Mar 02 '21 at 16:47
It is unrelated because it has nothing to do with the aforementioned `ident` bug in JGit. – Amedee Van Gasse Apr 12 '21 at 07:45
Different causes can lead to similar results. You know, like all roads lead to Rome. – Amedee Van Gasse Aug 05 '21 at 14:25
1

Yes, same error multiple causes. For me, shallow clone was eliminating some blame information. My solution gets you the blame info that Sonar was missing, which actually answers the question.. it just wasn't the same cause. Also the title doesn't ask a question it simply is the pasted error message which gets a top hit for us poor suckers who are scratching our head as to how to get rid of it, leads us here, thankful that you posted it. – neoscribe Aug 06 '21 at 18:23

score 7 · Answer 3 · answered Oct 19 '17 at 15:42

7

I had a similar issue: a file in my project was created during the build process and was not stored in source control. In my case it was api.json.

Within the SonarQube runner build step in Team City I added this file to the exclusions within the additional parameters

-Dsonar.exclusions=**/spec/api.json

and the error disappeared.

answered Oct 19 '17 at 15:42

John Meyer

2,296
1
31
39

1

in my project i have noticed that `Missing blame information for the following files:` has list of pom.xml and every java file excluded from the scan – Sasha Bond Mar 04 '21 at 18:26
Not the exact same cause of the error as in my case, but maybe others are helped with your answer. – Amedee Van Gasse Aug 05 '21 at 14:24
2

Similarly, my DevOps build process would automatically modify an existing version file to add information specific to that build. SonarQubeAnalyze would then warn about missing blame information until I added this file to `sonar.exclusions` as you suggested. – snark Jan 27 '22 at 12:08

score 2 · Answer 4 · answered Nov 15 '22 at 06:19

For people coming from Google: it is also possible to see Missing blame information for the following files in IntelliJ when using the SonarLint plugin while it is connected to the Sonar server.

If you run mvn sonar:sonar while you have untracked files or uncommitted changes, those files will be listed as missing blame information.

Now my project is showing a failed quality gate in the SonarQube web interface, but that should go away when the analysis runs in the CI pipeline next time.

score 0 · Answer 5 · answered Jul 30 '23 at 04:41

If you are using Maven within the context, this may help you.

Quick solution is to add this parameter -Dsonar.scm.disabled=True while sonar:sonar command.

I was facing the same issue while trying to send a report to sonarqube server. the warning indicates that there are some files that are not committed which is helpful for sonarqube's diff algorithm to determining new code period issues.

score -3 · Answer 6 · edited Oct 05 '21 at 13:25

-3

There is another solution for this case that solved my problem. If you are in a company or corporate location you must log into the artifact repository for the docker to start Example

$ docker login artifactory.companyname.corp

After that the docker will ask for your corporate user and password and the issue is resolved

edited Oct 05 '21 at 13:25

Suraj Rao

29,388
11
94
103

answered Oct 05 '21 at 13:23

Jorge Trindade

55
1

2

Does not appear to be relevant to the issue described. Please add more information. – Amedee Van Gasse Oct 07 '21 at 13:21

Sonarqube: Missing blame information for the following files

6 Answers6

Linked