Skip to content
SonarQube CVS Plugin
Branch: master
Clone or download
Latest commit 4ac0a7c Jan 17, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
src SONARSCCVS-5 drop usage of Guava Apr 11, 2018
.travis.yml Fix travis build Jan 17, 2019
LICENSE.txt Add LICENSE.txt file [ci skip] Jan 13, 2017
NOTICE.txt Add NOTICE.txt file [ci skip] Jan 13, 2017 Update Jul 6, 2018
pom.xml [maven-release-plugin] prepare for next development iteration Jul 6, 2018 Add file [ci skip] Jan 13, 2017

CVS Plugin

Build Status

Description / Features

Implements SCM dependent features of SonarQube for CVS projects. Pure Java implementation so no need to have CVS command line tool installed on the computer doing the SQ analysis.


Install the plugin in SonarQube. Auto-detection will work if there is a CVS folder in the project root directory. Otherwise you can force the provider using -Dsonar.scm.provider=cvs. You can also configure some optional properties:

KeyDescriptionDefault value
sonar.cvs.username Username to be used for CVS authentication. Optional if already present in CVS/Root.
sonar.cvs.password.secured Password to be used for CVS authentication.
sonar.cvs.passphrase.secured Passphrase to be used for SSH authentication using public key.
sonar.cvs.compression.disabled Disable compression. false
sonar.cvs.compressionLevel Compression level. 3
sonar.cvs.useCvsrc Consider content of .cvsrc file. false
sonar.cvs.cvsRoot CVSRoot string. For example :pserver:host:/folder. Will be automatically detected by default (reading CVS/Root).
sonar.cvs.revision Revision/tag used to execute annotate (equivalent to -r command line option). Required if you are working on a branch since CVS returns annotations from HEAD by default.

Known Limitations

  • Blame is not executed in parallel since we are not confident in the thread safety of cvsclient library.
  • cvs annotate returns information from server for the given file in HEAD revision. If you are working on a branch you have to manually pass the branch using sonar.cvs.revision property.
  • consequence of previous point is that we are not able to properly detect that there are local uncommited changes. So annotate result can be inconsistent with source code analyzed by SonarQube.
  • cvs annotate only returns date of the change (and not datetime like most other providers). This lack of precision can be an issue to distinguish changes commited in the same day.

Developer informations

The plugin use the Netbeans pure Java implementation of CVS client:


Copyright 2014-2018 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0

You can’t perform that action at this time.