Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
I am using Azure devOps pipelines. SonarQube options of
- Prepare Analysis Configuration
- Run Code Analysis
- Publish Quality Gate Result
What are you trying to achieve
Suppress warnings within the SQ scan
What have you tried so far to achieve this
For step one, we migrated our code to new Azure devOps Git Repo.
We then create pipelines into our SQ instance
We then can see the results and navigate to each one within SQ’s site.
We additionally added the plug-in for VS of SonarLint; this allows us to inline place supressions
We want to suppress certain flags that apply to the entire project, but not necessarily the entire SQ profile
Our Advanced setting for Prepare Analysis Configuration is as follows
# Additional properties that will be passed to the scanner, **
# Put one key=value per line, example:
# sonar.exclusions=/*.bin
sonar.lang.patterns.vb="*.bas"
sonar.issue.ignore.multicriteria=e1
sonar.issue.ignore.multicriteria.e1.ruleKey=vb:S3903
sonar.issue.ignore.multicriteria.e1.resourceKey=*.vb
What am I doing wrong? For this type of suppressing files, there seem to be a lot of threads suggesting to use the UI. We want to take some high level items that can generally be excluded from certain projects, and then add them to our teams knowledge-base so more people can pick up these projects, work through cleaning up these scans and allowing us to focus on our more critical issues.
In the future, we plan to go back and address these items by removing the suppressions, but for the moment we need to have a more templated path forward. I also plan to ultimately move our team away from Azure Pipelines visual UI, and begin using .yaml files. I need to understand how to suppress within these areas as opposed to our SQ admin settings