How can I include /vendor directory into scan?

SonarQube Developer Edition 9.1.0

How can I include /vendor directory into scan? It is excluded by default, but I want to cover all directories. In the UI I cannot leave the field sonar.php.exclusions empty. The /vendor folder contains mostly php, so trying this key. How to disable exclusions for all languages?

Hey there.

SonarQube is really not designed to analyze third-party code/libraries. Developers aren’t typically empowered to change this code, so the results just end up being noise. What is the motivation for scanning this code?

That being said, I agree it’s pretty wonky that you aren’t allowed to provide no value in the UI. Against our better judgement, you could add -Dsonar.php.exclusions= to your analysis command to set a null value, or just add a dummy value in the UI.