Sonar.exclusion

SonarQube version - * Community Edition Version 7.9.3 (build 33349)
Java 8
Using Gradle sonar Plugin
classpath “org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.5”
Gradle version - 2.6 or 2.1 both tried
I am trying to analyze my multi-module project with gradle sonarQube task where I am using jaCoCo plugin for code Coverage
jacoco {
toolVersion = “0.8.2”
}
But analysis report is including test files in the report.
Same thing I tried with sonarScanner but it don’t include test added\updated\deleted code.
Gradle properties -
ext.analysisExclusionClasses = [’/firstorderevent/’,
/dto/’,
/test/
]

sonarqube {
properties {
property “sonar.projectKey”, “xxx”
property “sonar.projectName”, appName
property “sonar.host.url”, “http://localhost:9000
property “sonar.dynamicAnalysis”, “reuseReports”
property “sonar.java.coveragePlugin”, “jacoco”
property “sonar.exclusions”, analysisExclusionClasses
property “sonar.sourceEncoding”, “UTF-8”
property “sonar.verbose”, “true”
property “sonar.coverage.jacoco.xmlReportPaths”, “${rootDir}/build/reports/jacoco/jacoco.xml”
property “sonar.issue.ignore.multicriteria”, “e1”
property “sonar.issue.ignore.multicriteria.e1.resourceKey”, “src/test/java/**/"
property “sonar.issue.ignore.multicriteria.e1.ruleKey”, "

}
}

I tried adding sonar.source to /src/main/java
Excluding test folder through sonar.exclusions and through test.exclusions
All the possible suggestions given in another tried I tried.


Here one can see it is saying 16 lines modified and in the measures tab give definition for that lines but in the other hand with sonar.properties file it is just counting the source file. Screen shot for the same.

sonar.projectKey=xxx
sonar.projectName=appName
sonar.host.url=http://localhost:9000
sonar.dynamicAnalysis=reuseReports
sonar.exclusions=/dto/,/firstorderevent/,/test/
sonar.sourceEncoding=UTF-8
sonar.verbose=true
sonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/jacoco.xml
sonar.java.binaries=/classes/main
sonar.java.test.binaries=
/classes/test

Anything I am missing or doing wrong.?
Any suggestion or path forward will be very helpful.
Thanks in Advance.

Hello @AJain ,

Your SonarQube version is too old for us to analyze your problem. You should upgrade to a supported version, either 8.9.3 LTS or 9.2 Latest. See Download | SonarQube
Note: This will require you to upgrade to Java 11 for the SonarQube server, and it is also strongly recommended to upgrade to Java 11 for the Scanner (Gradle execution).

Once this upgrade is done, we’ll dive deeper in your problem.

Olivier

Hi @OlivierK,
I can upgrade the version locally, but we were having this version in the whole organisation.
So, for the version upgrade request approval, it’s a long procedure.
That’s the reason, I am trying on the same version locally.
If possible can I get something around this version.?

The core problem here is that you apparently try to analyze your Maven (or Gradle) java project with the sonar-scanner CLI. This is wrong and (very) error prone. You should use the scanner for Maven or scanner for Gradle (depending on your project build tool).

Have you simply tried to analyze with the right scanner? See:
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/
Hint: mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install org.jacoco:jacoco-maven-plugin:report sonar:sonar
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/
There’s a minimal config in the build.gradlefile and then: gradle sonarqube

Please upgrade your SonarQube (or install a separate instance for tests), we won’t be able to help you further on version 7.9.3.

Thanks @OlivierK
Just one more doubt why we should not use sonar-scanner CLI for maven and gradle?
As this can be used as a common command to analyze these projects.
Any specific reasons.?

Because by using the scanner for Maven/Gradle, the scanner will retrieve automatically from the Maven/Gradle environment a ton of informations that you would have to configure manually otherwise and that makes the analysis of complex Maven/Gradle projects with the Scanner CLI very error prone.
Among the settings that you have to configure with scanner CLI and not with the Scanner for Maven/Gradle:

  • sonar.projectKey
  • sonar.projectName
  • sonar.sources
  • sonar.tests
  • sonar.projectVersion
  • sonar.java.binaries
  • sonar.junit.reportPaths
  • sonar.jacoco.reportPaths
  • sonar.java.source
  • sonar.java.target
  • … and more

I think that’s a long enough list to justify using the proper scanner

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.