Exclude files from being scanned for a dotnet project

SonarQube Cloud
,
1

I am attempting to use sonar cloud for a .net framework project. I am getting an error on sonar cloud saying there are more line of code than my plan. I know the reason for this is because there are around 30 or so projects that include thousands of lines of generated code which I would like to exclude.

I’m using SonarScanner for .NET, in particular the .net 4.6 as the projects are all .net framework.

These project also contain non generated code that I would like to include, so just putting:

<SonarQubeExclude>true</SonarQubeExclude>

on the project wouldn’t work. I have also tried putting:

  <ItemGroup>
    <SonarQubeSetting Include="sonar.exclusions">
      <Value>**/Thrift/*</Value>
    </SonarQubeSetting>
  </ItemGroup>

To exclude the files in the thrift folder. I’ve also tried adding /d:sonar.exclusions=file:./src/web/Client to the params when calling.

I have the verbose flag on so I can see in the output:

 "<snip>\\Thrift\\Details.cs",\
 "<snip>\\web\\Client\\app\\fusioncharts\\fusioncharts.js",

That these files are being included.

What is the best way to go about excluding some files from being scanned and counted towards my plan in a .net project?

Github Action:

      - run: mkdir $GITHUB_WORKSPACE/Sonar
      - run: Invoke-WebRequest https://github.com/SonarSource/sonar-scanner-msbuild/releases/download/5.8.0.52797/sonar-scanner-msbuild-5.8.0.52797-net46.zip -OutFile $GITHUB_WORKSPACE/Sonar/sonar-scanner-msbuild-5.8.0.52797-net46.zip
      - run: Expand-Archive -Path $GITHUB_WORKSPACE/Sonar/sonar-scanner-msbuild-5.8.0.52797-net46.zip -DestinationPath $GITHUB_WORKSPACE/Sonar/Extracted
      - run: Add-Content $env:GITHUB_PATH "$GITHUB_WORKSPACE/Sonar/Extracted"
      - run: Set-Content -Path $GITHUB_WORKSPACE/Sonar/Extracted/SonarQube.Analysis.xml -Value '<?xml version="1.0" encoding="utf-8" ?><SonarQubeAnalysisProperties xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1"><Property Name="sonar.host.url">https://sonarcloud.io</Property><Property Name="sonar.login">${{ secrets.SONAR_TOKEN }}</Property></SonarQubeAnalysisProperties>'

      - run: SonarScanner.MSBuild.exe begin /k:"mykey" /o:"myorg" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.exclusions=file:./src/web/Client /d:sonar.verbose=true /d:sonar.dotnet.excludeTestProjects=true

      - name: 
        run: |
           msbuild $Env:GITHUB_WORKSPACE\build\msbuild.proj -target:DebugBuild -verbosity:quiet

      - run: SonarScanner.MSBuild.exe end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
2

Hi,

Welcome to the community!

Probably the missing piece here is making sure the exclusions are configured to match the paths SonarCloud sees during analysis. Yes, one would think that ** pretty much covered it, but… it’s worth double-checking via a peek in the UI.

Another thought that occurs to me is that sometimes there’s Java weirdness with \ vs / as the path delineator. So maybe also try **\\Thrift\\*?

And BTW you can check Administration → Background Tasks → [task row’s dot menu] → Show SonarScanner Context to see the parameters analysis actually ran with - just to make sure your exclusions weren’t overridden.

And after all that, if it’s still failing, can you provide your full analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann