Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

CVS Plugin

Build Status

Description / Features

Implements SCM dependent features of SonarQube for CVS projects. Pure Java implementation so no need to have CVS command line tool installed on the computer doing the SQ analysis.


Install the plugin in SonarQube. Auto-detection will work if there is a CVS folder in the project root directory. Otherwise you can force the provider using -Dsonar.scm.provider=cvs. You can also configure some optional properties:

KeyDescriptionDefault value
sonar.cvs.username Username to be used for CVS authentication. Optional if already present in CVS/Root.
sonar.cvs.password.secured Password to be used for CVS authentication.
sonar.cvs.passphrase.secured Passphrase to be used for SSH authentication using public key.
sonar.cvs.compression.disabled Disable compression. false
sonar.cvs.compressionLevel Compression level. 3
sonar.cvs.useCvsrc Consider content of .cvsrc file. false
sonar.cvs.cvsRoot CVSRoot string. For example :pserver:host:/folder. Will be automatically detected by default (reading CVS/Root).
sonar.cvs.revision Revision/tag used to execute annotate (equivalent to -r command line option). Required if you are working on a branch since CVS returns annotations from HEAD by default.

Known Limitations

  • Blame is not executed in parallel since we are not confident in the thread safety of cvsclient library.
  • cvs annotate returns information from server for the given file in HEAD revision. If you are working on a branch you have to manually pass the branch using sonar.cvs.revision property.
  • consequence of previous point is that we are not able to properly detect that there are local uncommited changes. So annotate result can be inconsistent with source code analyzed by SonarQube.
  • cvs annotate only returns date of the change (and not datetime like most other providers). This lack of precision can be an issue to distinguish changes commited in the same day.

Developer informations

The plugin use the Netbeans pure Java implementation of CVS client:


Copyright 2014-2018 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0