How SonarQube will get to know vendor files/ third party libraries when it is scanning the source

how SonarQube come to know vendor files and libraries when it is scanning the coding. we just need clarification whether it will scan the vendor files or not if not how it will identifies.


Welcome to the community!

In fact, SonarQube can’t tell the difference between your files and your vendors’. You’ll need to exclude them explicitly.


1 Like

To add onto Ann’s answers, SonarQube also has some smart defaults for certain languages (such as that node_modules is probably only going to contain third-party Javascript libraries) and will exclude them by default. Check the Code tab of an analyzed project to be sure what’s being analyzed, and what isn’t.

1 Like