I am using SonarScanner for MSBuild 5.3.2 with an ASP.NET MVC 5 web application using .NET Framework 4.7.2. We have generated files and third-party code scattered across multiple products, and I am trying to include just our code for analysis. I have modified the
csproj to include:
<!-- I am including only controllers for testing purposes. -->
However, when I build my project using:
> SonarScanner.MSBuild.exe begin /k:<project key>
> MSBuild.exe /t:Rebuild <sln>
> SonarScanner.MSBuild.exe end
All source code files in the project are analyzed. I can verify this by examining the
FilesToAnalyze.txt output in the
.sonarqube directory and by looking at the target output.
How do I analyze only certain source code files?
Due to how C# analysis works, all files will get analyzed during the build (and be included in
FilesToAnalyze.txt) and only get excluded during the end step. What’s important to evaluate here is whether or not the inclusions/exclusions have taken place once the results reach the SonarQube UI.
That makes sense, but does it not count against the license? If I set it up incorrectly, would I not then be analyzing 100,000s LoC instead of the 10,000s that I intended?
That’s an interesting question! Even though technically analysis was done during the build, because the files are filtered out in the End step, they don’t make their way to the server for processing and therefore don’t count against your license.
Is there a way that I can see what will be sent to the server for processing before, so I can ensure that my
sonar.inclusions works correctly?
Unfortunately, there’s no “no-op” or “what-if” mode to run, but I suppose you could halt the scanner execution locally before it actually submits the report and check the logs (or use a different, temporary project key for testing).