Analyze Submodules in SonarCloud?

I have a Repo:

the Analysis is working:

it references a Submodule:

how can i let SonarCloud analyze the Submodule also ?

seems not to work out of the Box ?


Hey there.

Let me recommend appending -X to the sonar-scanner command – you should be able to find out if the flies in question are being seen by the scanner, and if they’re excluded – why.

like this:

this run should show it now …

does this something ?

Shallow clone detected, no blame information will be provided. You can convert to non-shallow with ‘git fetch --unshallow’.


Missing blame information for the following files: …

      fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

does this help ? it is in your Sample !

i dont see why the Submodule GitHub - Meisterschulen-am-Ostbahnhof-Munchen/PlcLib: PLC Lib with IEC 61131 alike functions. is not also analyzed ?

can anybody help me ?

Hey @franz-ms-muc

Looking at the logs, it seems files in the submodule are being ignored by scm ignore settings (exclusions meant to be inferred from files like a .gitignore file)

21:34:46.755 DEBUG: File '/home/runner/work/TimeDelay/TimeDelay/TestTimeDelay/components/PlcLib/TimeLib.h' is excluded by the scm ignore settings.

I’m not sure why that is – as at a glance your .gitignore file wouldn’t try and exclude these files.

You can set -Dsonar.scm.exclusions.disabled=true in your scanner command

sonar-scanner --define"${{ env.SONAR_SERVER_URL }}" --define"${{ env.BUILD_WRAPPER_OUT_DIR }}" --define sonar.scm.exclusions.disabled=true

I’ll ping internally to see if I can get some eyes on why this exclusion happens.

Thanks for look into this.

I will test it now…


did test the Setting you recommended,
now it analyze more Files, but it ignores the gitignore of the Build folder.

so the “build” dir is now also analyzed.
i have now added the ignore to the top level gitignore.
maybe that helps.

TimeDelay/TimeDelay/TestTimeDelay/components/PlcLib/TimeLib.h is analyzed now. that is good.

can i use

Source File Exclusions

Patterns used to exclude some source files from analysis.
Key: sonar.exclusions

how to do ?




how to exclude all build folders ?

Hey there.

You can use Source File Exclusions to exclude the /build/ directory, with an exclusion such as **/build/**/*.