SonarScanner "Shallow clone detected, please configure a full clone" in CI
The default CI checkout fetches only the latest commit. Sonar needs full git history to compute SCM blame and to attribute new code correctly, so it warns about the shallow clone.
What this error means
The scan log shows "Shallow clone detected, please configure a full clone. Some files will miss SCM information." New-code detection and blame-based features are degraded.
sonar-scanner
WARN: Shallow clone detected during the analysis. Some files will miss SCM information.
This will affect features like auto-assignment of issues. Please configure a full clone.Common causes
The checkout is shallow by default
actions/checkout fetches depth 1, so git has no history for Sonar to read blame from.
New-code period relies on history the clone lacks
Without full history, Sonar cannot reliably determine which lines are new, weakening new-code measures.
How to fix it
Fetch full history in the checkout
- Set
fetch-depth: 0on the checkout step so all history is available. - Place the checkout before the scanner step.
- Re-run so blame and new-code detection have full history.
.github/workflows/ci.yml
- uses: actions/checkout@v4
with:
fetch-depth: 0Unshallow an existing checkout
If you cannot change the checkout, unshallow the repo before the scan.
Terminal
git fetch --unshallow || trueHow to prevent it
- Set
fetch-depth: 0for any job that runs Sonar analysis. - Run the scanner after a full checkout, not a shallow one.
- Keep the checkout and scan in the same job so history is present.
Related guides
SonarCloud "You are running CI analysis while Automatic Analysis is enabled" in CIFix SonarCloud "You are running CI analysis while Automatic Analysis is enabled" in CI - both analysis modes…
SonarQube "The main branch has not been analyzed yet" / no default branch in CIFix SonarQube "The main branch has not been analyzed yet" and "Could not find a default branch" in CI - a PR…
SonarScanner "sonar.pullrequest.key ... required for PR analysis" in CIFix SonarScanner errors about missing pull request parameters in CI - both sonar.pullrequest.key and the bran…