We have lots of Sonar projects and teams in our company and some of the developer deliberately exclude the whole sources of their project for not to have Sonar bugs to correct…
It is quite hard to detect those type of projects, especially when there are only few portion of code that are excluded. One review has to checkout the project and check the maven configuration of sonar properties.
So my proposal is : sonarcli could send this information of code exclusion to the server and display it in the sonar UI in the project information for example with the list of the exclusions during project analysis.
Such a way, in one click, anybody could find that sonar has been tricked. And it would help detect these situations of developer hiding the problems.