Sonar.exclusions not excluding docker files

Must-share information:

• SonarQube Server Enterprise Edition v2025.4.2 and Visual studio IDE Version: 9.1.0.15828.
• I want to exclude all files in a folder.
• Setting sonar.exclusions to ArduinoJson/**/*.*

I am using a windows agent on DevOps to build my c++ project with the SonarQubePrepare@7 and extraProperties as below.

    extraProperties:  |
      sonar.cfamily.compile-commands=bw_output/compile_commands.json
      sonar.cfamily.vscoveragexml.reportsPath=$(Agent.TempDirectory)/TestResults/**/*.xml
      sonar.projectName=airfield - alcms - dungeon - $(Build.Repository.Name)
      sonar.exclusions=${{ parameters['SonarQubeExclusions'] }}${{ parameters['SonarQubeAdditionalExclusions'] }}
      sonar.verbose=true
      sonar.projectVersion=$(Build.SourceVersion)
      sonar.newCode.referenceBranch=main

When I build I get some warnings from files in the folder ArduinoJson and when looking in the Code tab in SonarQube server I can see it is analysing docker files in that folder. There are also c++ and header files in the folder that is not analysed. So the exclude is working for some files.
This is the output when analysing:

10:33:45.780 INFO  Load project repositories (done) | time=293ms
10:33:45.808 DEBUG Available languages:
10:33:45.809 DEBUG   * C => "c"
10:33:45.809 DEBUG   * C++ => "cpp"
10:33:45.810 DEBUG   * Objective-C => "objc"
10:33:45.810 DEBUG   * XML => "xml"
10:33:45.810 DEBUG   * JavaScript => "js"
10:33:45.810 DEBUG   * TypeScript => "ts"
10:33:45.810 DEBUG   * CSS => "css"
10:33:45.811 DEBUG   * Secrets => "secrets"
10:33:45.811 DEBUG   * Text => "text"
10:33:45.811 DEBUG   * Ansible => "ansible"
10:33:45.811 DEBUG   * Terraform => "terraform"
10:33:45.812 DEBUG   * CloudFormation => "cloudformation"
10:33:45.812 DEBUG   * Kubernetes => "kubernetes"
10:33:45.812 DEBUG   * Docker => "docker"
10:33:45.812 DEBUG   * AzureResourceManager => "azureresourcemanager"
10:33:45.812 DEBUG   * YAML => "yaml"
10:33:45.813 DEBUG   * JSON => "json"
10:33:45.816 INFO  Indexing files...
10:33:45.816 INFO  Project configuration:
10:33:45.817 INFO    Excluded sources: **/Version.h, **/resource.h, UnitTest/**/*.*, ArduinoJson/**/*.*
10:33:45.825 DEBUG '.azuredevops/pull_request_template/branches/main.md' indexed with no language
10:33:45.829 DEBUG '.gitignore' indexed with no language
10:33:45.829 DEBUG '.gitmodules' indexed with no language
10:33:45.830 DEBUG 'ArduinoJson/.devcontainer/clang13/Dockerfile' indexed with language 'docker'
10:33:45.830 DEBUG 'ArduinoJson/.devcontainer/clang14/Dockerfile' indexed with language 'docker'
10:33:45.830 DEBUG 'ArduinoJson/.devcontainer/clang15/Dockerfile' indexed with language 'docker'
10:33:45.831 DEBUG 'ArduinoJson/.devcontainer/clang16/Dockerfile' indexed with language 'docker'
10:33:45.831 DEBUG 'ArduinoJson/.devcontainer/clang17/Dockerfile' indexed with language 'docker'
10:33:45.831 DEBUG 'ArduinoJson/.devcontainer/gcc12/Dockerfile' indexed with language 'docker'
10:33:45.832 DEBUG 'ArduinoJson/extras/fuzzing/Makefile' indexed with no language
10:33:45.833 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/array16' indexed with no language
10:33:45.833 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/array32' indexed with no language
10:33:45.834 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/false' indexed with no language
10:33:45.836 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/fixarray' indexed with no language
10:33:45.836 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/fixint_negative' indexed with no language
10:33:45.840 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/fixint_positive' indexed with no language
10:33:45.841 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/fixmap' indexed with no language
10:33:45.899 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/fixstr' indexed with no language
10:33:45.901 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/float32' indexed with no language
10:33:45.903 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/float64' indexed with no language
10:33:45.904 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/int16' indexed with no language
10:33:45.904 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/int32' indexed with no language
10:33:45.905 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/int64' indexed with no language
10:33:45.905 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/int8' indexed with no language
10:33:45.906 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/map16' indexed with no language

Any suggestion why the docker files are analysed ?
Thanks

Hi,

The current version of SonarQube for Visual Studio (formerly SonarLint) is 9.7. Can you upgrade and see if this is still replicable?

 
Thx,
Ann

Hi @ganncamp

Thanks for the answer.
I have updated the Visual Studio extension to 9.7.0.16245 on my local machine but this did not change anything.
I would also find it very strange if this had any effect, since the analysis is running in DevOps and not on my local machine.

Any other suggestions ?

/Kennet

Hi,

Sorry, I read (skimmed) too quickly. Since you reported your SonarQube for Visual Studio version, I assumed you were in connected mode and not seeing the exclusions there.

Can you try setting sonar.lang.patterns.docker=foo?

 
Thx,
Ann

Hi @ganncamp

This looks like it removed the warning.
The log now look like this:

13:49:17.881 INFO    Excluded sources: **/Version.h, **/resource.h, UnitTest/**/*.*, ArduinoJson/**/*.*
13:49:17.890 DEBUG '.azuredevops/pull_request_template/branches/main.md' indexed with no language
13:49:17.895 DEBUG '.gitignore' indexed with no language
13:49:17.896 DEBUG '.gitmodules' indexed with no language
13:49:17.897 DEBUG 'ArduinoJson/.devcontainer/clang13/Dockerfile' indexed with no language
13:49:17.898 DEBUG 'ArduinoJson/.devcontainer/clang14/Dockerfile' indexed with no language
13:49:17.900 DEBUG 'ArduinoJson/.devcontainer/clang15/Dockerfile' indexed with no language
13:49:17.901 DEBUG 'ArduinoJson/.devcontainer/clang16/Dockerfile' indexed with no language
13:49:17.901 DEBUG 'ArduinoJson/.devcontainer/clang17/Dockerfile' indexed with no language
13:49:17.902 DEBUG 'ArduinoJson/.devcontainer/gcc12/Dockerfile' indexed with no language
13:49:17.903 DEBUG 'ArduinoJson/extras/fuzzing/Makefile' indexed with no language
13:49:17.919 DEBUG 'ArduinoJson/extras/fuzzing/msgpack_seed_corpus/array16' indexed with no language

I can see the log says “no language” for the Dockerfile now.
But if I understand Docker | SonarQube Server | Sonar Documentation correctly then this will mean that if I have a file called Dockerfile in another folder than ArduinoJson it will not be analysed now.
Is there not a way to exclude a folder from the docker analyses?

Hi,

Excellent point.

And yes, the Docker analysis should (IMO) be honoring normal exclusions. You’re not on the latest version, but I’m not seeing anything about this in either the docs for your version for for 2026.1. I’m going to flag this for the team.

 
Ann

Hello,

While I don’t deny that there is certainly a problem with the Docker files exclusion, certainly because by definition Docker files don’t have an extension, can you clarify why you want to exclude Docker files from the scope of the analysis?

Alex

Hi @Alexandre_Gigleux

I would like to exclude the docker files in the ArduinoJson folder because this is a third party GIT submodule we are using to build our application.
We do not have control over the files in that folder we are actually not even using the docker files but the ArduinoJson developers included the files in their repo.
Just like we exclude all other source files in the ArduinoJson folder, I just want to ignore everything in there.

/Kennet

Hi @Alexandre_Gigleux and @ganncamp

Is there a chance SonarQube will be changed so I can exclude folders hierarchy in the docker analysis ?

/Thanks

Hello @Kennet

Thanks for waiting.

Unfortunately the *.* pattern doesn’t exclude the Dockerfile files.
As a solution, you can add additional exclusion pattern to the sonar.exclusions property:

ArduinoJson/**/Dockerfile

Thanks,
Maksim Grebeniuk