Narrowing Focus with Sonar Sources or Coverage Exclusions - Unity

robotJohn · March 22, 2022, 3:49pm

Hello hello,

TL;DR: I want only this folder (Scripts) to be scanned:

Now, I’m trying to narrow the focus of the scan as Unity creates a good amount of projects in the root folder (56). I was able to omit them with the SonarQubeExclude parameter, but Unity refreshes the .csproj files which removes my manual additions, so I won’t be able to go down that route. Although, it seems that .NET scanner does a fairly good job of omitting some of them, I still need a more narrow focus.

I am trying two alternatives without success:

sonar-sources:

I am reading from the documentation that sonar-sources should be the first step when narrowing the focus, but I’m also interpreting that is not the best approach for MSBuild as it does it automatically(?).

But let’s say, that it is okay in this case, I have not been able to find info on where to add these parameters. From reading around, the generic SonarScanner documentation says that I should "Create a configuration file in your project’s root directory called sonar-project.properties". Now, is this only for the generic SonarScanner? Is this the way to go for the .NET SonarScanner too? Should I not use sonar-sources with the .NET scanner?

I’m also inferring this from the note that appears on the “sonar-scaner-properties” in the conf folder of SonarScanner, as if I need to have a properties file should be somewhere else.

#No information about specific project should appear here

And, would this be the correct format of the paths?

sonar.sources=/Assets/Scripts 
sonar.tests=/Assets/UnitTestEditor

(you can see the folder hierarchy below)

Coverage Exclusions

I saw the second thing to try was Coverage Exclusions in the UI. But I’m having trouble understanding the format of the paths (and this is also true if I were to do the alternative above). My hierarchy goes like this, and I only want Scripts to be scanned:

ProjectFolder
→ Project.sln
→ Project.csproj
→ ManyOther.csproj
→ Assets
-----> Scripts
-----> Editor
-----> I2
…

Most examples I have seen with paths are lowercase, but I read it’s also case sensitive. If the one above is the pattern of my hierarchy and also taking the screenshot I shared above as the current situation, are these the right way of excluding them?:

Assets/Editor/**/*
Assets/I2/Localization/Scripts/**/*
Assets/Pathfinding/**/*
Assets/Plugins/**/*
Assets/Rewired/**/*

This is what I’m adding to the UI but, it has not worked, I’m still getting those files scanned.

This is the config I’m using to run Sonarqube:

Language: C#
Sonarqube: 8.9.7.52159
Scanner: MSBuild 5.5.3.43281
.NET Framework Invocation
Process: Manual

Thank you in advance!

Colin · March 22, 2022, 6:51pm

Hey there.

Using the Scanner for MSBuild, you won’t want to touch sonar.sources or sonar.tests at all. What you probably want to do is set sonar.inclusions=Scripts/**/* (glob patterns are used, as noted in the docs on Narrowing the Focus).

You can set this in the UI, or as a parameter to your scanning command.

SonarScanner.MSBuild.exe begin /k:"project-key" /d:sonar.login="<token>" /d:sonar.exclusions="Scripts/**/*"

The same is true for sonar.coverage.exclusion – and the pattern should be from the root folder (the first directory you’re in when you click the Code tab in SonarQube).

Note that Source File Exclusions and Coverage exclusions are different - you may already be setting coverage exclusions correctly, but all that does is prevent coverage from being calculated (they will still appear in the UI).

robotJohn · March 23, 2022, 4:38am

Ah, this is it! Thanks a lot Colin! I was adding the info to “coverage”, as I did not realized that it was ordered alphabetically instead of “importance”. I added the Scripts path to the inclusions as you suggested and it worked wonders! Thanks a lot

system · March 30, 2022, 4:39am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.