We have a dotnet project in an Azure DevOps repository and an integration with SonarCloud.
A few weeks ago, we excluded a few files with sonar.test.exclusions and sonar.exclusions. These files have been excluded from the Sonar analysis (no smell code are detected). Here is our SonarCloud task in our yaml file:
Now, we would like to remove these exclusions, so we tried to remove the line in the yaml, but all the excluded files are still not analyzed by SonarCloud in the next CI run.
We also tried to add exclusion within the SonarCloud exclusion and to remove them and same issue :
At some point we duplicated our repository, removed the exclusion and all code were analyzed! Then we added the exclusion, and the concerned code has not been analyzed as expected.
Then, we removed the exclusions ans the concerned code is still not analyzed.
From our point of view, this is a bug.
Do you guys have the same issue ? Or do you have any solution for that?
I’m attempting to run an initial scan of my code (main branch).
The first analysis I missed a folder that should have been excluded and now every time I run I’m told I’m over my LOC limit.
Any changes I have make to exclude the problem folder don’t appear to take effect. I’ve tried removing all exclusions to scan the entire application and this doesn’t appear to change anything either.
My main concern is that the initial exclusions missed a folder of generated code which has pushed me over the LOC limit for my account so I’m unable to get any analysis done at present.
I can’t scan my main branch so don’t see anything under the Code tab
I have just signed up and I’m still on my 14 day trial and it’s a show stopper for me at the moment as i’m completely unable to use SonarCloud
Indeed we can see the code of the project under the Code tab. In the “Lines of code” column we have “-” for all “ignored” files (which should not be ignored).
We are still having the same issue.
I confirm you that once the code has been excluded from the sonarcloud analysis, it will never show back again in the sonarcloud interface. The folders and files are not displayed and will never be analyzed again.
Could you please try that out and confirm us this is a bug?
This is very annoying, we have to recreate the sonarcloud project everytime someone add a too large exclusion…
I’m not able to reproduce that behavior. When I exclude files… they are excluded. When I remove the exclusion, the files reappear.
Are you sure that when you’re analyzing your code after removing the exclusions, you’re actually analyzing the main branch of your project (and not, for example, just running a pull request analysis on the changes in the context of the branch where you adjusted your azure-pipelines.yml file?)
Hi @Colin ,
We found out the root cause. Our configuration was in a sonar-project.properties file through the azure devops extension.
We use the CLI scanner. It looks like this integration is bugged.
When we setup the exclusions directly in the ExtraProperties property of the azure devops extension, this works well.
We are surprised since according to your documentation, this should work : Analysis Parameters | SonarCloud Docs
Even tho we fixed our issue, could we have a clarification on this topic?
Can you give some more details to reproduce the issue using a sonar-project.properties file?
sonar.exclusions can be set in a sonar-project.properties file (which can be passed to the Azure DevOps Extension), but it’s not clear to me what specifically wasn’t working. Was the extension not taking new (updated) versions of the sonar-project.properties file with the exclusions removed?
Hi @Colin
Exactly, the extension (or sonarcloud, we dont really know) is not taking new (updated) versions of the sonar-project.properties file with the exclusions removed.
In other words: when we add exclusions in the sonar-project.properties file and then remove them, the excluded files will never be analyzed again by sonarcloud, through the sonarcloud azure devops extension.
However, we do not have this issue by setting these exclusion through azure devops extension paramater, without using the sonar-project.properties.
Please note that sonar-project.properties file is not supported if you are using Scanner for MSBuild (.NET) as we are generating a new one based on automatically calculated parameters (and also from what you provide as extra properties).
Make sure then if you use the “MSBuild” mode that you only provide sonar.exclusions on ExtraProperties field and not through any properties files.
If you use the ScannerCLI with the extension, make sure that both sonar-project.properties and any extraProperties are not overlapping each other.