Git submodule excluded from analysis

Has there been a change to the way git submodules are handled?
I have a gradle configuration set up to push coverages to sonarqube.
I see all results for my repo and the gitsubmodule in sonarqube 7.4, however in 7.7 (I have deployed to both multiple times today by only changing the url/login info) This whole git submodule tree is dropped for the analysis.
I see this with the gradle plugin version 2.7.1
If i remove the .gitmodule and directly add the source to my repository I see the entire scan.
I have concluded the issue must be between the .gitmodule and a change between 7.4 and 7.7.

How do I go about resolving this? I would essentially like to have the same files/modules getting scanned in SonarQube 7.7 as I did in 7.4

related thread:

I ended finding a tradeoff. Either you can have git blame for the repo or you can have SonarQube track the submodule. I felt that having the submodule reported was more important.

In the Git plugin settings in SonarQube you can change to this behavior.

But yes, having both blame and scanning for sub modules would be even better.

Hi,

Sorry for the late response. It looks like this thread fell through the cracks somehow. I’m guessing your issue has something to do with this feature, which landed in 7.7:

MMF-1491 - Provide file exclusions based on SCM ignore information

 
Ann

That looks like the offending feature. Is there a way to get both blame info and have it scan the submodule? Or is this functionality gone?

Hi,

From SONAR-11621:

A new property sonar.scm.exclusions.disabled will allow the user to turn this behavior off. The scanner is in charge to disable the scm exclusion filter when this property is set to true.

 
:slight_smile:
Ann

is this just a setting that is not available in the sonarqube UI?
The plugin’s configuration shows my only toggle for the Git Scm plugin to be sonar.scm.disabled

Hi,

Also from that ticket:

We decide to keep this property out of the UI to avoid confusion, but it should be added to the Analysis Parameters documentation.

 
:wink:
Ann

Hello, we are currently evaluating SonarQube Developer Edition and have a question about git submodules.

Currently we are only analysing our main project using sonar.scm.exclusions.disabled to track submodules and get blame information (props to this thread). This works, but limits the analysis to the branches and merge requests of the main project.

We would like to trigger analysis in the submodule projects as well. The only way to achieve that seems to be creating a SonarQube project for each submodule, but that would effectively double our LOC count.

Are there any other ways to facilitate git submodule workflow?

Hi @nemui,

Could you expand on this, please?

Are you saying you would like to have the submodules show up as submodules within the main project, but analyze them independently? If so, then sorry but it just doesn’t work that way. You’ll need to choose which is more important to you and either analyze them as part of the main project or not include them in the main project and analyze them only independently.

 
Ann

Hi @ganncamp,

Or even analyse submodules both within the main project and independently, so that people working on submodules can get feedback on their code without having to open a merge request in the main project.

I thought this might be the case. Thank you for your answer!