Re-scanning the baseline code on SonarQube after inclusion/exclusion

We are using sonarqube 7.9.1.27448 Developer Edition.
We are looking to see if there’s a way on SonarQube to re scan/reset the baseline code (master branch code) that was scanned first time when the whole project was scanned (Basically set a new baseline). We are trying to include the exclusion list which previously scanned by SQ that has bugs (not really bugs).
Thanks in advance!

Hi @neet.neet14, welcome to the SonarSource Community!

Have you considered simply deleting the project and starting over?

That’s a final option.
But wanted to explore more to see of there’s a way to do it without having to delete the whole project from SQ. :slight_smile:

Ok, let’s explore in more detail then.

Exactly which exclusion list are you trying to configure?

The exclusion list has some files from third party and other unwanted files and SQ shows bugs in them.

If you re-analyze the master branch with the new exclusions in effect, it should reduce the scope of code on that branch and the issues pertaining to the no-longer-included code should now be gone. Are you not seeing this? If so, how exactly are you setting the exclusions?

@Jeff_Zapotoczny : Thanks a lot for looking into this.
How do you suggestion I should re-analyze the master branch so that all the metrix will get reset?
Even after analyzing master branch with new exclusion list, it does not exclude the files. Or at least we are not able see that it been excluded. Because the SQ dashboard still shows the bugs from that excluded file on the left half section of the dashboard. Right section for new code says no bugs though.
We are setting the exclusions from build.yaml ( sonar.exclusions=/*.editorconfig,/.htm,**/.json,/*.sql,/.ico,**/.js,/*.aspx,/.cmd,**/.md,**/*.cs)

I think the forum markup syntax interfered a bit with the exact values you’re using for your exclusions. And yet I still think I see a few issues:

The ** pattern matches any directory. If you specify a pattern like **/.js this is only going to match a file literally called .js in any directory. It will not match any file with a .js extension. If that was your intention, the full pattern would need to be **/*.js – note the extra * before the file extension.

I think the exclusion would work fine for you if you cleaned up the patterns you’re trying to set.

A full log of your analysis would help troubleshoot how the exclusion patterns are seen by our scanner versus what files are found to be indexed for analysis.

that’s correct, forum markup messed up the exclusion list.

Is there a limit of characters/number of files that I can include in sonar.exclusion property from build.yml? Meaning can I include a huge list of files?
There’s a strange problem I am facing now. when I add an additional list of exclusions from build.yaml, I am getting “The main branch has no line of code” error and no analysis/metrix is shown on the dashboard. But when I remove these files from exclusion, analysis works fine on Main branch in SQ.

Does exclusion list works from both the places ? one from build.yaml and other from SQ UI?
I do see in the both in the scanner context after the analysis.

Project server settings:
sonar.exclusions="
AND
Project scanner properties:
sonar.exclusions=

Sorry for asking so many questions but I am just to understand how SQ works and making my way though it.

I am not aware of a limit, however as a word of caution I’d say the probability of a misconfiguration goes up the longer the overall property value gets.

Local configuration passed to the scanner will supersede (not add to) values from the UI.

In answer to both of your questions, I’d encourage you to validate your configuration by studying the output from the scanner. It will always tell you just before it embarks on analysis what the exclusion value about to be used is:

INFO: Project configuration:
INFO:   Excluded sources: **/*.vue

Additionally, if you activate DEBUG-level logging for the scanner (via the -X param) you’ll get logging of every source file indexed for analysis. Obviously whatever is indexed is a sign that it did not match any exclusion pattern and gives you a chance to study what’s wrong.