Hi, Could anyone please let me know the benefits of scanning root project files like .sh or Yaml files in the sonar.sources?
Hi @zorro,
In my opinion the benefit of scanning root project files is limited:
Usually the root contains configuration or build/deployment related files but no application code.
SonarQube does not have analyzers for .sh or .yml files, so they won’t be picked up by SonarQube even if you add them via sonar.sources.
Most value in our projects comes from scanning the pom.xml (Maven) which is also located in the root directory. But this is “just” a linter, checking the order of elements in the pom.xml.