Exclude sonarqube from analysing vendor/ruby/* folder

Sonarqube : * Developer Edition* Version 8.2 (build 32929
Scanner version : 4.3 in docker.
Gitlab integration

Running source code analysis and I see sonarqube is trying to analyze the vendor/ruby/... folder that contains all the gems used in the project and its related stuff. We are using docker executor in gitlab. I have tried to add an exclusion entry /vendor/ruby/ruby/2.6.0/ in the sonar-project-properties. It does not help.
The path is like ./builds/project-group/project-name/vendor/ruby/ruby/2.6.0/gems/xxxxxxx
There is more than a thousand lines like that…
How can exclude it from analyzing ?

Hi,

I think you just need to tweak your exclusion pattern to something like: /vendor/ruby/ruby/2.6.0/**/*.*

 
HTH,
Ann

I tried that but no luck… I looked again at the warning messages.

WARN: File '/builds/xxxx/core-application/vendor/ruby/ruby/2.6.0/gems/activesupport-6.0.2.2/lib/active_support/core_ext/regexp.rb' is present in coverage report but cannot be found in filesystem
WARN: File '/builds/xxx/core-application/vendor/ruby/ruby/2.6.0/gems/haml-5.1.2/lib/haml/escapable.rb' is present in coverage report but cannot be found in filesystem
WARN: File '/builds/xxxx/core-application/vendor/ruby/ruby/2.6.0/gems/shoulda-matchers-4.3.0/lib/shoulda/matchers/active_record/define_enum_for_matcher.rb' is present in coverage report but cannot be found in filesystem
WARN: File '/builds/xxxx/core-application/vendor/ruby/ruby/2.6.0/gems/pry-0.13.1/lib/pry/config.rb' is present in coverage report but cannot be found in filesystem
WARN: File '/builds/xxxx/core-application/vendor/ruby/ruby/2.6.0/gems/activesupport-6.0.2.2/lib/active_support/file_update_checker.rb' is present in coverage report but cannot be found in filesystem

...present in coverage report but cannot be found in filesystem This message is kind of strange.
I believe it may be something else. The strange part is we are not even using ruby version 2.6.0. I am not sure where this is coming from!!!

Hi,

Are you sure? Do you see these files in SonarQube? I ask because of your warning messages. Specifically:

The coverage report you’re passing in to analysis cites these files, but according to these logs, analysis can’t find them.

 
Ann

I checked the sonarcube server. I do not see the files or directory vendor/... there under the “Project name” -> “Code”.

I have tried the the one you told me. /vendor/ruby/ruby/2.6.0/**/*.* It is set to sonar.coverage.exclusions. I even tried the ** prefix before the folder path… just to be sure.

I dont know where to look at now.

Hi,

Okay! So your exclusion is working! You’re done & you can ignore

since it’s to be expected.

 
Ann

Thanks for reporting this issue @Mason.Cubes, I think it would make sense to exclude vendor by default, so I created this ticket https://jira.sonarsource.com/browse/SONARSLANG-489

1 Like

Thank you both @ganncamp @saberduck for digging into the issue. I really appreciate your time.

I found some more details of the issue.

It was caused by one of the gitlab-ci jobs where Rspec is run with the following commands

    script:
      - gem install bundler  
      - bundle config set path 'vendory/ruby'
      - bundle install -j $(nproc)
      - bundle exec rails db:migrate:reset
      - bundle exec rpsec
    cache:
      key : $CI_JOB_NAME
      paths:
          - vendor/ruby
    artifacts:
      paths:
        - coverage/ 

The json coverage for some reason contains path to ‘vendor/ruby’ references.