Before we get to your exclusions, I’d like to take a look at your other settings.
First, your projectBaseDir is by default the directory from which analysis is launched. It’s rare that you actually need to set this. I’m going to guess that analysis would otherwise launch from the workspace directory and you’re using projectBaseDir to drill into that directory so that when you set sonar.sources to ., it works. You’re going around your ear to scratch your elbow.
Instead, eliminate sonar.projectBaseDir and simply set sonar.sources to dev_A/src/github.com/ABC/A/. Or… you could set sonar.sources=dev_A/src/github.comABC/A/X,dev_A/src/github.comABC/A/Y,dev_A/src/github.comABC/A/static-analysis.xml and eliminate the need to exclude vendor.
As for your inclusion, it looks like you’re trying to restrict analysis to a single language. I’m curious why.
truly appreciated your pro-active response on the mentioned blocker which is an impediment on work execution.
Well, you wanted to know about why only one language is targeted. Most recently we have started with sonar and initially just targeting Golang microservices which contains the 3rd party packages, which may include .js, .jsx, .xml and .json files. I believe to analyze technical debt & its better to target
own source code instead 3rd party as, we can continuously improve our quality of code.
However, I have implemented your suggestion but its hard luck and really its very tough time as I have tried more than 50+ permutation and combination to get the success on this area but all FAILED.
This is the jenkins job modified according to your suggestions:
Under jenkins job logs it is still showing that vendor directory is invoked. Please do consider the following logs:
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\godep-DATA-DOG-go-sqlmock\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\godep-DATA-DOG-go-sqlmock\examples\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\godep-DATA-DOG-go-sqlmock\examples\basic\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\godep-DATA-DOG-go-sqlmock\examples\blog\coverage.xml
INFO: no coverage file in package E:\Jenkins\workspace\dev_A\src\github.com\ABC\A\vendor\github.com\ABC\godep-DATA-DOG-go-sqlmock\examples\orders\coverage.xml
your further suggestions/solutions will definately give a kick start to this area. Your time and efforts are truly appreciated
Does the vendor directory actually show up in the project’s code page in SonarQube? Also, could you share your analysis command? And finally, keeping 3rd-party code out of your analysis is what I would use exclusions for. But I would set them via the UI.
When I used sonar.exclusions the execution failed and when I used sonar.sources.exclusions it passed. So, can you please explain why is this happening?
Could you clarify what you mean by “the codescan page”? To be clear, I was talking about your project’s Code page.
…
What your screenshot shows is that you’ve set up a coverage exclusion. I.e. you’ve said, not “don’t look at these files at all”, but instead “exclude these files from coverage calculations”. You want to scroll down to the Files section and set your exclusion there:
You’ll have to give me the error it’s failing with first. Off-hand, I’m guessing that sonar.sources.exclusions is unknown and therefore ignored.
You’re still defining exclusions in your analysis properties, and this value overrides any set via the UI. You should remove the sonar.exclusions line; it’s redundant now that you’re defining this in the UI. Fully moving this value to the UI should also sidestep any questions about character set. But also, your screenshot shows that you’ve defined this exclusion globally. You should really move that to the project level.
That said, it’s odd that I don’t see anything about exclusions in your analysis log except where you’ve specified the property. Please try the changes I’ve just suggested and analyze again. Here is what I suggest:
You’ll notice I’ve removed several parameters. I suggest you get basic analysis working with your desired exclusion, and then you can add back in slowly.
As a side note, you really don’t want to set sonar.projectVersion to build number because that means a version event will be set on each and every analysis, exempting those analyses from housekeeping and potentially leading to database bloat.
As suggested by you I have just implemented the basic analysis with inclusion property and desired exclusion set via UI. Here are the logs: SonarLogs.txt (50.9 KB)
But still I can see, it is including the vendor directory.
Please help with your valuable inputs to this.