Skip to content
Latchkey

SonarScanner "Shallow clone detected, please configure a full clone" in CI

The default CI checkout fetches only the latest commit. Sonar needs full git history to compute SCM blame and to attribute new code correctly, so it warns about the shallow clone.

What this error means

The scan log shows "Shallow clone detected, please configure a full clone. Some files will miss SCM information." New-code detection and blame-based features are degraded.

sonar-scanner
WARN: Shallow clone detected during the analysis. Some files will miss SCM information.
This will affect features like auto-assignment of issues. Please configure a full clone.

Common causes

The checkout is shallow by default

actions/checkout fetches depth 1, so git has no history for Sonar to read blame from.

New-code period relies on history the clone lacks

Without full history, Sonar cannot reliably determine which lines are new, weakening new-code measures.

How to fix it

Fetch full history in the checkout

  1. Set fetch-depth: 0 on the checkout step so all history is available.
  2. Place the checkout before the scanner step.
  3. Re-run so blame and new-code detection have full history.
.github/workflows/ci.yml
- uses: actions/checkout@v4
  with:
    fetch-depth: 0

Unshallow an existing checkout

If you cannot change the checkout, unshallow the repo before the scan.

Terminal
git fetch --unshallow || true

How to prevent it

  • Set fetch-depth: 0 for any job that runs Sonar analysis.
  • Run the scanner after a full checkout, not a shallow one.
  • Keep the checkout and scan in the same job so history is present.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →