File is not located under the root directory and will not be analyzed

SonarScanner for MSBuild 4.9

Running a build with SonarScanner for MSBuild I’m getting a couple of hundred warnings similar to the following:

EXEC : warning : File ‘C:\Program Files (x86)\MyProduct\MyAssembly.dll’ is not located under the root directory ‘C:\Perforce\MyProduct\src’ and will not be analyzed.

The built assemblies go to a folder under Program Files, so there’s a warning for each dll, pdb, xml file etc. The analysis works fine otherwise.

On the analysis scope page of the project in SonarQube I’ve tried setting source file inclusions to C:\Perforce\MyProduct** and file exclusions to C:\Program Files (x86)\MyProduct** without success. And played around with these settings.

What’s the best method for removing these warnings?


Does anyone have any suggestions on how to remove these warnings? It’s the last item that’s preventing us rolling out SonarQube. We don’t want the warning count to include these.



If you run the scanner with debug logs enabled you should be able to see the file inclusions/exclusions being applied. There are several properties that can be passed to the scanner to control what files get included:
If you post the logs we can try to help see what’s wrong.

Hi @dmeneses

Thanks for the reply.

I set up a temporary SonarQube project and built one of our projects against it. It gives the following two warnings:

EXEC : warning : File ‘C:\Perforce\FCI\main\src\Common\CommonAssemblyInfo.cs’ is not located under the root directory ‘C:\Perforce\FCI\main\src\FID.Core’ and will not be analyzed.
EXEC : warning : File ‘C:\Perforce\FCI\main\src\Common\VersionNumber.cs’ is not located under the root directory ‘C:\Perforce\FCI\main\src\FID.Core’ and will not be analyzed.

I tried setting sonar.exclusions on the project settings page to exclude:


I also tried adding each file explicitly. Neither stopped the warnings.

The log file shows:

15:54:13.326 INFO: Excluded sources: C:\Perforce\FCI\main\src\Common\*

I’ve attached the log. The scanner reports a failure, I’m not sure why but I don’t think it’s relevant to this problem.

sonar.txt (412.4 KB)


hi @nblackburn

could you try and pass the root folder to the begin step, like

SonarScanner.MSBuild.exe begin /k:"projectKey" /d:sonar.verbose=true /d:sonar.projectBaseDir="C:\PATH\TO\COMMON\FOLDER"

Hi @Andrei_Epure

Thanks for the reply.

Apologies, I thought my temporary project would demonstrate the problem sufficiently but it doesn’t. Your suggestion of using projectBaseDir fixes the issue in my test project but I don’t think I can use it in the real project, as the source code folder and output folders are in completely different areas.

My source files are in C:\Perforce\FCI\main\src but SonarScanner is complaining about files under C:\Program Files (x86)\FID.New not being located under the root directory.

C:\Program Files (x86)\FID.New is where the built assemblies etc are copied to during the build.

I think we just want to ignore anything under C:\Program Files (x86)\FID.New but I haven’t managed to do that via exclusions.

I’ve attached the log.

Many thanks.

sonar2.txt (2.7 MB)

hi @nblackburn

So these binary files are references in

EXEC : warning : File ‘C:\Program Files (x86)\FID.New\x86\msvcp140_2.dll’ is not located under the root directory ‘C:\Perforce\FCI\main\src’ and will not be analyzed.
File was referenced by the following projects: ‘C:\Perforce\FCI\main\src\FID.Core.Native.Tests\FID.Core.Native.Tests.csproj’, ‘C:\Perforce\FCI\main\src\FID.Core.Tests\FID.Core.Tests.csproj’, ‘C:\Perforce\FCI\main\src\FID.Integration.Slave.Tests\FID.Integration.Slave.Tests.csproj’, ‘C:\Perforce\FCI\main\src\FID.Integration.Master.Tests\FID.Integration.Master.Tests.csproj’.

  • Could you please let me know how they are referenced in the CSPROJ? I mean what MSBuild schema element is used to reference them?
  • Also, what are the exclusion patterns you are using to exclude these files?

The Scanner for MSBuild looks at files referenced in the CSPROJ as sources or resources (e.g. html, javascript).

Hi @Andrei_Epure

I can see that all of the projects mentioned in “File was referenced by the following projects:” are our test projects, which SonarQube doesn’t analyse anyway. I’m not sure if this is significant. Most of the files are not explicitly referenced by those projects, for example, the file you picked out (msvcp140_2.dll) isn’t referenced by any project, our build just copies it to the output folder.

For the few that are referenced explicitly e.g. nunit, they are referenced as follows:

<Reference Include="nunit.framework, Version=, Culture=neutral, PublicKeyToken=96d09a1eb7f44a77, processorArchitecture=MSIL">

So as it seems to be the test projects causing a problem, I tried adding the following source exclusions without any success:


I also tried adding C:\Program Files (x86)\Fid.New\**\*.


Hi @nblackburn

I’ve tried to create a small reproducer for this problem without success and I think that there is something I’m missing.

This is what I did:

  • installed NUnit 2.6.3 (I’ve noticed that the same version is used in your project)
  • created two projects which target .Net Framework 4.7.2
  • set projects output folder to C:\Program Files\temp\ReproRootDir and C:\Program Files\temp\ReproRootDir.Lib
  • ReproRootDir is referencing ReproRootDir.Lib
  • I’ve referenced nunit.framework in both of them by using:
        <Reference Include="nunit.framework, Version=, Culture=neutral, PublicKeyToken=96d09a1eb7f44a77, processorArchitecture=MSIL">


        <Reference Include="nunit.framework, Version=, Culture=neutral, PublicKeyToken=96d09a1eb7f44a77">
          <HintPath>C:\Program Files (x86)\NUnit 2.6.3\bin\nunit.framework.dll</HintPath>

Then I’ve run the analysis:

dotnet sonarscanner begin /k:root-dir /d:sonar.verbose=true > 1.log
msbuild /t:rebuild > 2.log
dotnet sonarscanner end > 3.log

and I could not find any warnings related to not located under the root.... Do you think there might be something relevant which is done in your environment and it’s missing here? Are you able to reproduce this issue with a small project or solution?

Hi @costin.zaharia, @Andrei_Epure

I believe I’ve discovered what triggers the problem.

  1. Create a folder on your machine.

  2. Copy a couple of random files into it.

  3. Add the following to your csproj file:

         <Content Include="<path to your folder>\*.*">
  4. Replace “path to your folder” with the path to your local folder containing the random files.

  5. Build your project and SonarScanner should output a warning for each file in your folder.

We build each of our test projects to a folder separate from the released assemblies, so we have a copy task similar to the above to copy any config etc required by the tests.


1 Like

Hi @nblackburn,

thanks for pointing this out. The issue is now easily reproducible by including the snippet you mentioned in the csproj file. It seems that the SonarScanner for MSBuild is including the folder content to the files to analyze.

I will let my colleagues know about this and get back to you.

Hi @nblackburn

It seems that this behavior is by design and is currently needed to support analysis for files like XML, js, css,…

Can you use MsBuild copy task to replace Content Include as a work around for this issue?

I’m thinking at something similar with:

<Target Name="CopyFiles" AfterTargets="Build">
        <FilesToInclude Include="C:/Program Files (x86)/NUnit 2.6.3/bin/**/*.*" />

    <Copy SourceFiles="@(FilesToInclude)" DestinationFolder="$(OutDir)" />