Problem with sonar.exclusions

In the root folder, I have a solution file (.sln). Sub-folders are individual projects with a project file, e.g. .csproj. I want to exclude all files in a folder called “Scripts” inside only one of the sub-folders. Adding the path to the analysis scope settings on the web site (e.g. Scripts/**/*) makes Scripts directories in other projects get excluded as well undesirably. Note that I’m not excluding the entire project, but a folder in the project. Any solution for this?


Since you haven’t yet been successful in setting your exclusion, then you’ll be able to look at this directory in SonarQube and see the path as SonarQube understands it. Once you have it, you can feed that path into your exclusion and it should work for you.

Note that while it is possible to set exclusions analysis-side, doing so can be tricky and painful. I recommend using the UI for this instead.


Thanks for the quick response. There seems to be misunderstanding of my original question. To clarify:

  • the exclusion setting works, but it has a side effect of excluding unintended directories from other projects
  • the exclusion is set from the “UI” if you meant the SonarCloud web site by “UI”

Are you configuring the exclusion at global level ? (in the SonarQube Admin settings) Be aware that exclusions can be configured per-project, by going in the administration space of that specific project.

1 Like

No, it’s per-project exclusion setting. By “projects”, I meant Visual Studio projects that belong to the same Visual Studio solution.


Then you should look into what I described.

If it’s excluding unintended directories, then it’s not really working and needs to be rewritten to be narrower.


Yeah, I guess it depends on how you see it. More concrete example might help here. Here’s my project directory structure.


I want to include everything under ProjectA and ProjectB/src, but not ProjectB/Scripts/*. So, my exclusion setting is Scripts/**/*. Note that it’s not ProjectB/Scripts/**/*. I don’t know why, but sonar msbuild scanner calculates the path based on each project directory (ProjectA and ProjectB).

If I set it to ProjectB/Scripts/**/*, the computed path looks like MyApplication/ProjectA/ProjectB/Scripts/... while scanning ProjectA and MyApplication/ProjectB/ProjectB/Scripts/... while scanning ProjectB. These path don’t exist, so nothing gets excluded.

On the other hand, if I set it to Scripts/**/*, the path becomes MyApplication/ProjectA/Scripts/... while scanning ProjectA, and MyApplication/ProjectB/Scripts/... while scanning ProjectB. I didn’t want it to exclude ProjectA/Scripts.

This happens in a single run of sonar scanner.

Any thoughts on the above please?

Hi @Haejoong_Lee, what versions of SonarC# and Scanner for MSBuild are you using?

Hi-- I think the version of Scanner for MSBuild is 4.3.1. I’m using it via VSTS extension. Here’s the log showing the version.

2018-09-17T19:39:02.6720086Z SonarScanner for MSBuild 4.3.1

I’m not too sure about SonarC# version.

@Haejoong_Lee set system.debug to true when you queue a new manual build and then into the Prepare analysis on xxx logs you should find lines like this:

2018-09-18T13:33:32.5441422Z 13:33:32.543  Installing required Roslyn analyzers...
2018-09-18T13:33:32.5449989Z 13:33:32.544  Processing plugin: csharp version

Here is a screenshot from our VSTS build:


This StackOverflow question looks very similar to yours, but unfortunately it doesn’t look like there’s an easy answer for file exclusions.


@Val I got the version number.

2018-09-18T16:07:53.6173060Z 16:07:53.615 Installing required Roslyn analyzers…
2018-09-18T16:07:53.6193750Z 16:07:53.615 Processing plugin: csharp version

@Colin_SonarSource Yes, it’s the same issue. I also see that there is a 4 month old github issue by the same person.

Hi @Haejoong_Lee, I managed to make it work. You need to specify module-based exclusions, such as this:


You just need to replace the GUID prefix above with the value of the element in the project you want to exclude (ProjectB in your example).

Alternative way to find the project GUID is to open .sonarqube\out\ in your solution root after a successful analysis and look for lines like the following (the GUID prefix is the GUID you need):


Thanks @janos for the help!


Thank you, @Val. I’ll give it a try and let you know.

It worked. I don’t think it can be set from the sonarqube/sonarcloud web site. In vsts, you can set it in the “Additional Properties” config.

Is there still no way to set this in the UI? It currently does not seem possible to write a pattern to target a specific folder in a specific component.

I can see that you can provide coverage and duplication exclusions at the “component” level settings. Why is it not possible to specify file exclusions here? It seems this would solve the issue.