How can I include /vendor directory into scan?

Username1 · November 16, 2021, 8:43am

SonarQube Developer Edition 9.1.0

How can I include /vendor directory into scan? It is excluded by default, but I want to cover all directories. In the UI I cannot leave the field sonar.php.exclusions empty. The /vendor folder contains mostly php, so trying this key. How to disable exclusions for all languages?

Colin · November 17, 2021, 8:51am

Hey there.

SonarQube is really not designed to analyze third-party code/libraries. Developers aren’t typically empowered to change this code, so the results just end up being noise. What is the motivation for scanning this code?

That being said, I agree it’s pretty wonky that you aren’t allowed to provide no value in the UI. Against our better judgement, you could add -Dsonar.php.exclusions= to your analysis command to set a null value, or just add a dummy value in the UI.

Topic		Replies	Views
Not able to scan my custom modules which are part of vendor folder IntelliJ Platform	1	10	February 12, 2025
How to include vendor as part of sonarqube analysis SonarQube Server / Community Build sonarqube , sonarqube-ide	1	452	February 23, 2023
Code not being analysed in the vendor folder on PHPStorm IntelliJ Platform php , intellij	4	2511	July 13, 2020
SonarCloud has stopped scanning vendor folder after April 30, 2021 SonarQube Cloud javascript , scanner , bitbucket	3	1035	June 22, 2021
Finding difficulties in excluding files and directories from sonar analysis SonarQube Server / Community Build scanner	2	509	November 25, 2023

How can I include /vendor directory into scan?

Related topics