Sonar.exclusions have the same properties as inclusions

  • ALM used - GitHub
  • CI system used - GitHub Action (SonarSource/sonarcloud-github-action@master)
  • Scanner command used when applicable (private details masked)
  • Languages of the repository - Swift

When I define rules in sonar.inclusions, it also gets added into sonar.exclusions.

In my

# project settings
# ...

I get this:

INFO: Indexing files...
INFO: Project configuration:
INFO:   Included sources: *.swift, **/*.swift, **/**/*.swift
INFO:   Excluded sources: **/build-wrapper-dump.json, **/*.xml, Pods/**/*, Reports/**/*, **/*.swift, **/**/*.swift, **/**/**/*.swift
INFO:   Included tests: **/*.swift, **/**/*.swift, **/**/**/*.swift
INFO: 657 files indexed
INFO: 2128 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for swift: Sonar way

Could you tell me how I can avoid having exclusions to have the same properties as inclusions?
I appreciate your help.


A closer look at what’s excluded in practice demonstrates that this is not a case of inclusions being added to your exclusions:

Specifically, **/build-wrapper-dump.json, among others, does not appear in the inclusions configuration you’ve shared. What this indicates is that you’re overriding those project settings, probably on the command line. The docs go into the settings hierarchy.

Tangentially, why are you setting both inclusions and exclusions? It’s pretty rare that both are needed in combination. In fact, in… 95% of cases neither is needed.


I am by far no SonarCloud expert, but I’d like to point out that my own open topic (linked) exhibits exactly the same behaviour of SonarCloud, with the value of sonar.test.inclusions being appended into sonar.exclusions right after **/build-wrapper-dump.json,[original contents of sonar.exclusions],..., and as far as we can detect - we are not overriding those settings anywhere. So it may be that the OP also doesn’t, and that SonarCloud’s own code is doing it for a reason we haven’t figured out yet - either as a feature we can’t find documentation for, or as a bug.

See text comparison screenshot in my own topic (in the original post).

I also find it interesting that the OP and we are using a different CI system (Azure DevOps) and a different scanner (Azure DevOps extension), which could likely mean that this behaviour originates from the core of SonarCloud, and could therefore potentially affect more users.