• ALM used: GitHub Actions (see here)
• CI system used: GitHub Actions (see here)
• Languages of the repository: C#
• Only if the SonarCloud project is public, the URL: https://sonarcloud.io/project/overview?id=mu88_Project28

Dear community

I have this .NET 7 solution and I want to accomplish the following two things:

1. Exclude all files inside src/WebApp/wwwroot/leaflet from Sonar analysis at all.
2. Disable the C# rules S1135 and S3925

Exclude files

To ignore the mentioned files, I’ve created the file SonarQube.Analysis.xml (see here) with the following content:

<?xml version="1.0" encoding="utf-8" ?>
<SonarQubeAnalysisProperties>
    <Property Name="sonar.exclusions">src/WebApp/wwwroot/leaflet/**/*.*</Property>
</SonarQubeAnalysisProperties>

Unfortunately, SonarCloud still analyzes all the files inside the directory.

Disable rules

To disable the C# rules S1135 and S3925, I’ve create the file .editorconfig (see here) with the following content:

[*.cs]
dotnet_diagnostic.S3925.severity = none
dotnet_diagnostic.S1135.severity = none

It works for S3925, but the issues for S1135 are still there.

I’d appreciate your help to solve my two issues

Hey there.

To pass a SonarQube.Analysis.xml file, you’ll need to pass /s:<custom.analysis.xml> to the dotnet sonarscanner command.

You can, alternatively, just pass your exclusion directly to the scanner command (it will still be checked into version control)! dotnet sonarscanner end /d:sonar.exclusions=<your_exclusion>

To change the rules applied to your project, you cannot use a .editorconfig file. You must change the Quality Profile applied to your project to one not including these rules.

Hey @Colin

Thanks for your reply!

Exclude files

Now I’m starting the Sonar scan like this:
dotnet sonarscanner begin /k:mu88_Project28 /o:mu88 /d:sonar.login=${{ secrets.SONAR_TOKEN }} /d:sonar.host.url=https://sonarcloud.io /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /s:SonarQube.Analysis.xml
Which immediately fails with:

SonarScanner for MSBuild 5.9.1
Using the .NET Core version of the Scanner for MSBuild
Loading analysis properties from /home/runner/work/Project28/Project28/SonarQube.Analysis.xml
Unable to read the analysis settings file '/home/runner/work/Project28/Project28/SonarQube.Analysis.xml'. Please fix the content of this file.
Error: Process completed with exit code 1.

Can you tell me what is wrong with my file?

<?xml version="1.0" encoding="utf-8" ?>
<SonarQubeAnalysisProperties>
    <Property Name="sonar.exclusions">src/WebApp/wwwroot/leaflet/**/*.*</Property>
</SonarQubeAnalysisProperties>

Disable rules

How can I configure the Quality Profile from my Git repository? I don’t want to change anything in the UI manually. And .editorconfig seems to get included, because it seems to work for S3925.

ping @Colin

Hey there.

• Take note of the format in the docs

<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
  <Property Name="sonar.host.url">https://sonarcloud.io</Property>
  <Property Name="sonar.login">[my-user-token]</Property>
</SonarQubeAnalysisProperties>

With regard to your Quality Profile, if this works (using an .editorconfig file) – it’s not officially supported, which might be why you see inconsistent behavior. The Quality Profile should be configured within the SonarCloud UI, as documented.

Do you have a ticket/CR/issue/PR that I can vote for so that rules can be configured from a config file/repo and not via UI?

Hi, Colin,
We are the new one for Sonar Cloud. There are some HTML rule that we want to exclude it. But in your link, I can find “Quality Profiles” page. But I cannot find any “Copy” button or icon or feature. Could you guide me how to find it?

image728×396 29.5 KB

image1264×600 37.3 KB

Hey @shan_shan_Wu

I encourage you to raise a new thread, instead of bumping this old one. I will close this thread.