Analyze specific files only in pipeline but no in sonarqube cmd

Hello,

I have a question; there are some projects that handle ‘pck’ extensions. I don’t want these projects to be analyzed by SonarQube directly using CMD commands. I only want them to be analyzed through an Azure pipeline. Is there a way to achieve this? Currently, I analyze them through CMD using commands that directly provide results to SonarQube. I specifically don’t want to allow this and prefer to have the only option to perform the entire process within the pipeline.

Hi,

Sorry, but there’s no tooling on our side to enforce this.

 
Ann

Hi,

please avoid multiple posts on the same topic.
This is the answer if you don’t want to scan *.pck files in your local cmd scan

The prohibition of local scans can perhaps be achieved in this way =
restrict the Sonarqube permissions so that only the technical Azure Devops user can
start an analysis !?

Then if only dedicated pipelines under your control run after Git events it might be ok.
But if ‘normal’ users have access to Azure Devops and are able to create their own pipelines
that run in context of the technical user, it’s almost impossible.

Keep in mind that Sonarqube server properties like i.e. sonar.exclusions can easily be overwritten
at scanner side.

Gilbert