Exclude files and folder from code analysis does not work

SonarQube Cloud
,
1

Hello,

I would like to exclude files from the static code analysis. I thought I had got it right with the configuration, but unfortunately I haven’t. (question)

Project files

  • Spring Boot Project
    • <ProjectDir>/src/main (Project files)
    • <ProjectDir>/src/main/resources (not exists)
    • <ProjectDir>/src/test (Test files)
    • <ProjectDir>/src/test/resources (XLIFF-Files for Testing)
  • SonarCloud Config
    • <ProjectDir>/sonar-project.properties
sonar.sources=src
sonar.tests=src/test
sonar.exclusions=src/test
sonar.coverage.exclusions=**/*.xliff,**/*.xlf
# Code coverage
sonar.java.binaries=target/classes

Process:

  • New private repository created on GitHub.
  • Branch from public repository pushed into private repository
  • New project created in SonarCloud (is paid plan)
  • SonarCloud and repository connected
  • SonarKey saved by GitHub
  • Analysis started with GitHubAction CI

Unfortunately, the Test files (Java) are still analysed (Code Smells) and the XLIFF files are considered out as part of the analysis.

Screenshot 2023-06-23 at 16.24.36
Screenshot 2023-06-23 at 16.24.362126×204 2.84 KB

Project structure

Screenshot 2023-06-23 at 15.44.11
Screenshot 2023-06-23 at 15.44.11541×1321 65 KB

I had tried a few more things and at the moment I don’t know what else I could do.

Update:

After my question, I tried several more times.

I extended the mvn command with -X in the GitHubAction and could see that all properties from the sonar-project.properties were not in the log. Then I transferred the properties to pom.xml.

<properties>
    <sonar.organization>alaugks</sonar.organization>
    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
    <sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
    <!-- from sonar-project.properties -->
    <sonar.sources>src/main</sonar.sources>
    <sonar.tests>src/test</sonar.tests>
    <sonar.exclusions>src/test</sonar.exclusions>
    <sonar.java.binaries>target/classes</sonar.java.binaries>
    <sonar.coverage.exclusions>src/test</sonar.coverage.exclusions>
</properties>
  • The XML (Xliff files) are now no longer processed in the analysis.
  • The test files are still analysed.

Question:

  • Why the sonar-project.properties are not respected?
  • Why are the test files still being analysed?

Thanks for the support

2

Hey there.

A sonar-project.properties file is not considered in the context of scanning a Maven project (using the SonarScanner for Maven.

While you can try to trigger a scan using the SonarScanner CLI, we don’t recommend it.

And, it shouldn’t be necessary to set any of these parameters when using the SonarScanner for Maven.

Can you step back a bit and discuss why you want to exclude Test files? Is it because you’re worried that the Test files are contributing to your Lines of Code? If indexed correctly, they shouldn’t be (you can check if the Lines of Code in your Code tab is blank for these files)

3

Hi,

ok, dann habe ich “Other CI-based analysis: sonar-project.properties” falsch verstanden.

In the test files, some things were noted that I did not think were relevant to fix in a test. Tests are important and I am in favour of high coverage. The more tests the better. But tests can be written a bit dirty if it helps.

It’s not about the lines of code. I am working on a package for Spring/Spring Boot. I have two repositories: public and private (playground, development, deploy tests to analyse tools etc).

The developer plan has 100K lines of code (private repos). When I get there, I have a completely different challenge than lines of code. I have now at ~950 lines of code.

However, I must also say that the advice of the code analysis of the test was also helpful. I have also changed them.

However, I would still be interested to know why the tests are scanned even though I exclude them. I tried it with a new repository and project in SonarCloud, so no old scans.

4

Thanks :slight_smile:

Fair question - and actually it’s very simple (I missed it the first time). While sonar.sources and sonar.tests accept directories, sonar.exclusions requires a glob pattern (src/test/**/*)