Exclude files in specific directories from scanning and getting report available on portal real-time

Exclude files in specific directories from scanning and getting analysis report available on sonar portal in real-time

Useful information:

• Using sonarqube:9.9.1-developer image version.
• SonarQube was deployed through kubeclt into AKS cluster.
  We are using Azure DevOps for our CICD of java application (Alert). Following is the SonarQubePrepare task in azure-pipelines.yaml file.

- task: SonarSource.sonarqube.15B84CA1-B62F-4A2A-A403-89B77A063157.SonarQubePrepare@5
displayName: "Prepare analysis on SonarQube"
inputs:
  SonarQube: sonarqube-new-instance
  scannerMode: Other
  extraProperties: |
	sonar.projectName=$(Build.Repository.Name)
	sonar.projectKey=$(Build.Repository.Name)
	sonar.projectVersion=$(Build.BuildId)
	sonar.coverage.jacoco.xmlReportPaths=$(System.DefaultWorkingDirectory)/target/site/jacoco-unit-and-it-merged-coverage-report/*.xml
	sonar.exclusions=src/main/java/com/ezcorp/mpos/**/dto/**/*
	sonar.exclusions=src/main/java/com/ezcorp/mpos/**/entity/*
	sonar.exclusions=src/main/java/com/ezcorp/mpos/**/exception/*

With the above code we are intending to exclude all the classes from analysis in dto, entity and exception directories of the source code.
So now when I run the build pipeline the SonarQubePrepare task ran successfully but didn’t provide any logs or other info as usual. Is there a way we can get some usual insights from the run?

Pipeline ran at Mar 1, 2024 at 12:07 PM GMT+5:30.

When looked into the SonarQube portal to view the results of the latest run, we found that the results available and displayed on the portal are of February 27, 2024 at 4:43 AM (Not sure which time zone is being considered by sonar. If it is displaying the time from SonarQube server we host, then it will be UTC).

The branch I was trying to run the analysis is MS-9042.

Question 1: Is it usual to get the analysis report late by several hours or days to be reflected in the sonar portal? If not what can we do to see the report ASAP?
Question 2: Is the way we are excluding the directories the wright way? If no, then what’s the appropriate one? If yes, then how do we ensure to make coverage as 100% for the mentioned directories (dto, entity and exception)?

Hey there.

Does your pipeline also have the SonarQubeAnalyze task? while SonarQubePrepare populates the necessary information for the analysis, the actual analysis occurs using the Run Code Analysis step.

You should have a single sonar.exclusions parameter, witch multiple values separated by commas.

We are running “SonarQubeAnalyze”(Run Code Analysis task) as part of Maven task shown below by setting sonarQubeRunAnalysis boolean to true.

• task: Maven@3
  displayName: “Maven build”
  timeoutInMinutes: 90
  inputs:
  mavenPomFile: “pom.xml”
  options: “–settings $(secureFilePath) --batch-mode -DpushChanges=false -DlocalCheckout=true”
  goals: " release:prepare release:perform"
  publishJUnitResults: true
  javaHomeOption: “JDKVersion”
  jdkVersionOption: “1.17”
  mavenVersionOption: “Default”
  mavenOptions: “-Xmx3072m $(MAVEN_OPTS)”
  mavenAuthenticateFeed: true
  effectivePomSkip: false
  sonarQubeRunAnalysis: true
  checkStyleRunAnalysis: false

Also now using single sonar.exclusions parameter, witch multiple values separated by commas as below.

sonar.exclusions=src/main/java/com/ezcorp/mpos//dto//, src/main/java/com/ezcorp/mpos/**/entity/, src/main/java/com/ezcorp/mpos/**/exception/*

Now I’m able to see the report on the portal as expected. Thanks for the quick support.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.