-Dsonar.exclusion in bitbucket yml file not working

Hi Team, I am new to sonarcloud and this is my first issue raised here.

I am configuring sonarcloud analysis with one of my bitbucket repo for the first time. For this purpose I have set up the sonarcloud analysis step in the bitbucket-pipelines.yml as follows:

step: &build-test-sonarcloud
          size: 2x
          name: Analyze on SonarCloud
            - sonar
            - docker
           - npm install --quiet
           - pipe: sonarsource/sonarcloud-scan:1.4.0
               DEBUG: 'true'
               EXTRA_ARGS: '-Dsonar.exclusions="config/**,drivers/**,public/**,scripts/**,src/vendor/**,src/assets/**,src/components/**/*.test.js,craco.config.js,node_modules"   -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info'
               SONAR_SCANNER_OPTS: -Xmx256m
               SONAR_TOKEN: ${SONAR_TOKEN}
           - pipe: sonarsource/sonarcloud-quality-gate:0.1.4

And following is my folder structure:

However, this step fails in the pipeline at “- pipe: sonarsource/sonarcloud-scan:1.4.0” and I can see an error message in the Background tasks section of my repo with the following msg:

This analysis will make your organization 'generalaeronautics' to reach the maximum allowed lines limit (having 105567 lines). 
Please contact the administrator of the organization to resolve this issue.

Following is the SonnarScanner context report shown in background tasks:

SonarCloud plugins:
  - IaC Code Quality and Security (iac)
  - PL/SQL Code Quality and Security (plsql)
  - Scala Code Quality and Security (sonarscala)
  - C# Code Quality and Security (csharp)
  - Vulnerability Analysis (security)
  - Java Code Quality and Security (java)
  - HTML Code Quality and Security (web)
  - Flex Code Quality and Security (flex)
  - XML Code Quality and Security (xml)
  - Text file Code Quality and Security (text)
  - VB.NET Code Quality and Security (vbnet)
  - Swift Code Quality and Security (swift)
  - CFamily Code Quality and Security (cpp)
  - Python Code Quality and Security (python)
  - Dataflow Bug Detection Rules for Python (dbdpythonfrontend)
  - Dataflow Bug Detection (dbd)
  - Go Code Quality and Security (go)
  - JaCoCo (jacoco)
  - Kotlin Code Quality and Security (kotlin)
  - Dataflow Bug Detection Rules for Java (dbdjavafrontend)
  - T-SQL Code Quality and Security (tsql)
  - Apex Code Quality and Security (sonarapex)
  - JavaScript/TypeScript/CSS Code Quality and Security (javascript)
  - Ruby Code Quality and Security (ruby)
  - Vulnerability Rules for C# (securitycsharpfrontend)
  - Vulnerability Rules for Java (securityjavafrontend)
  - License for SonarLint (license)
  - Vulnerability Rules for JS (securityjsfrontend)
  - COBOL Code Quality (cobol)
  - Vulnerability Rules for Python (securitypythonfrontend)
  - PHP Code Quality and Security (php)
  - ABAP Code Quality and Security (abap)
  - Configuration detection fot Code Quality and Security (config)
  - Vulnerability Rules for PHP (securityphpfrontend)
Global server settings:
  - email.from=noreply@sonarcloud.io
  - email.fromName=SonarCloud
  - email.prefix=[SonarCloud]
  - sonar.auth.bitbucket.enabled=true
  - sonar.auth.microsoft.enabled=true
  - sonar.core.id=1BD809FA-AWHW8ct9-T_TB3XqouNu
  - sonar.core.serverBaseURL=https://sonarcloud.io
  - sonar.core.startTime=2022-09-26T10:49:34+0200
  - sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=4
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=1
  - sonar.global.exclusions=**/build-wrapper-dump.json
  - sonar.lf.enableGravatar=true
  - sonar.lf.logoWidthPx=105
  - sonar.maintenance_mode.link=https://sonarcloud.statuspage.io/incidents/66vlr4dc3jwy
  - sonar.maintenance_mode.message=Results of analyses performed prior to 6:15am CET may not be available yet and will be progressively provided throughout coming hours. Results of analysis performed after 8:00am CET are available.
  - sonar.maintenance_mode.start_date=2022-03-26T23:00:00.000+01:00
  - sonar.organizations.anyoneCanCreate=true
  - sonar.organizations.createPersonalOrg=true
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.tsql.file.suffixes=.tsql
Project server settings:
  - sonar.exclusions=**/*.test.js,**/config,**/drivers,**/public,**/scripts,**/src/assets
Project scanner properties:
  - sonar.exclusions=config/**,drivers/**,public/**,scripts/**,src/vendor/**,src/assets/**,src/components/**/*.test.js,craco.config.js,node_modules
  - sonar.host.url=https://sonarcloud.io
  - sonar.javascript.lcov.reportPaths=coverage/lcov.info
  - sonar.organization=generalaeronautics
  - sonar.projectBaseDir=/opt/atlassian/pipelines/agent/build
  - sonar.projectKey=generalaeronautics_ga_hub
  - sonar.scanner.app=ScannerCLI
  - sonar.scanner.appVersion=
  - sonar.sourceEncoding=UTF-8
  - sonar.verbose=true
  - sonar.working.directory=/opt/atlassian/pipelines/agent/build/.scannerwork

I have reason to believe that the sonar.exclusion is not working because my another project (similar in size) works perfectly good without any file exclusion. I suppose I am in the right enterprize-plan bracket. My judgment may be wrong but I need to clarify that it’s really my enterprise-plan that is the problem and not the file exclusions.

Attaching the sonarscan report :
ezyzip.zip (605.9 KB)

Thanks for the help in advanced!

Hey there.

It sure looks like your exclusions are being taken into account:

10:53:46.027 INFO:   Excluded sources: **/build-wrapper-dump.json, api/**/test/*, api/**/v1/test/*, api/**/v2/test/*, api/**/v1/route.js, api/**/v2/route.js, api/**/route.js, dbscripts/*, api/**/model.js, api/**/v1/model.js, api/**/v2/model.js, api/**/model.js, service/deleteService.js
10:53:54.927 INFO: 162 files indexed
10:53:54.940 INFO: 555 files ignored because of inclusion/exclusion patterns
10:53:54.940 INFO: 21940 files ignored because of scm ignore settings

And the exact list of files analyzed can (most easily) be found by searching your logs for

10:53:58.608 INFO: Sensor Text Sensor [text]
10:53:58.617 INFO: 159 source files to be analyzed

You may want to ask your organization admin what the current status of your SonarCloud plan is (if there’s still room to grow based on the license)

Thanks for the reply colin!

But I am sorry I have made a mistake. The logs that are shared previously are of another project.
These are the correct logs:
ezyzip.zip (1.8 MB)

Okay! Once again, it seems exclusions are being taken into account.

11:44:02.558 INFO: 487 files indexed
11:44:02.558 INFO: 408 files ignored because of inclusion/exclusion patterns
11:44:02.559 INFO: 148403 files ignored because of scm ignore settings
11:43:25.251 INFO:   Excluded sources: **/build-wrapper-dump.json, /config/**, /drivers/**, /public/**, /scripts/**, src/vendor/**, src/assets/**, src/components/**/*.test.js, craco.config.js

If you can point to a file in the logs that should be excluded that isn’t, that might help.

Thank you colin for helping out. We upgraded the plan and now its functioning as expected.
Also i want to appreciate the new sonar UI. Its amazing!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.