Sonar package exclusion does not work

tool:SonarQube Scanner 3.2

Wish to exclude some packages from sonar code Coverage where sonar is part of build pipeline of jenkins

Ways tried (for now added all files under the package mentioned just to check if it really excludes all java file !)
pom.xml
A:
<sonar.coverage.exclusions>com/**/</sonar.coverage.exclusions>
B:<sonar.exclusions>{project.basedir}/src/main/java/com/ept/scheduleinterface/dto/**/*, {project/basedir}/src/main/java/com/test/aa//model/
</sonar.exclusions>

jenkinsfile
1:
sonar: [projectKey: PROJECT_NAME, ‘java.libraries’:
‘/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘sonar.coverage.exclusions’: 'src/main/java/com//’**],
2:
’-Dsonar.coverage.exclusions’: 'src/main/java/com//
’]**
3:
’-Dsonar.coverage.exclusions’: 'com//*’]**,

in my project structure there is a jenkinsfile and pom.xml file along with dockerfile

But it looks is sonar is not obeying the configuration at all.
Also I can see in jenkins console logs the changes I did in e.g. jenkins file are considered
Running shell script
‘-Dsonar.java.libraries=/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’ ‘-Dsonar.sonar.coverage.exclusions=src/main/java/com/**/*’ -Dsonar.sources=src -Dsonar.java.binaries=target/classes -Dsonar.jacoco.reportPaths=target/jacoco.exec -

Hi,

Correctly configuring exclusions on the analysis side can be quite tricky. I’d recommend you do this in the UI instead. When you do, take a look at the path-to-file shown in the SonarQube UI (the blue scribble part of your screenshot) and replicate that in your exclusion.

 
HTH,
Ann

Thanks Ann,
But doing this through UI I do not see any provision!
You want me specify below on UI.
src/main/java/com/avaya/ept/healthcare/staffinterface/controller/SpecialtyRestController.java
Could you please share or point me to any similar UI option here as it looks I need to have the permission to add those package exclusions ?

On one of the stackoverflow portal I could see following but can not see such provision (https://stackoverflow.com/questions/8848585/excluding-java-files-in-sonar-report-through-jenkins)

  1. Go to sonar section of your jenkins job.
  2. Click on advanced.
  3. In Additional properties put or add:
    -Dsonar.exclusions=com/company/packageA/generated/**/*.java,com/company/packageB/generated/**/*.java
  4. Save changes.

Hi,

You’ll need to have admin rights on your project. Once you do, you’ll see a project-level Administration menu item. Choose Administration > General Settings > Analysis Scope.

 
Ann

Hi Ann,

But ideally following in pom.xml should work right ? Why sonar is disobeying the below configuration ?

<sonar.jacoco.reportPath>${project.basedir}/target/jacoco.exec</sonar.jacoco.reportPath>
<sonar.coverage.exclusions>com/**/*</sonar.coverage.exclusions>
0.8.3

As per my knowledge the preference to consider configuration is as below in Highest to lowest

1: pass as arguments e.g. -D’sonar.coverage.exclusions’: ‘**/*.java’ (Overridden by any config . Highest priority)
2: in POM.xml
3: in UI of SonarQube

Hi,

What does the path show in the SonarQube interface start with? “com”? or “src”?

 
Ann

it shows as below
[src/test/java/com/ept/controller/Controller.java]

Hi

That would be why an exclusion pattern that starts with “com” doesn’t work. SonarQube doesn’t recognize any paths starting with “com”. Make sense?

 
Ann

Actually I have tried various options as mentioned in my original post also tried below but no change in coverage.
<sonar.coverage.exclusions>src/main/java/com/**/*.java</sonar.coverage.exclusions>

Idea here is to exclude all java classes comes under below folder (recurrent) path
src/main/java/com

Also tried
<sonar.coverage.exclusions>/src/main/java/com//*.java</sonar.coverage.exclusions>
but looks sonarQube is not obeying the configuration of pom.xml and jenkingfile as well. Have to wait till I get Administrative permission. But this should not be the only place . As exclusion should be overridden by pom.xml or some other method as well like arguments!

Issue resolved !

in Jenkins file instead of
sonar: [projectKey: ‘****’, ‘java.libraries’: '/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘sonar.coverage.exclusions’: 'src/main/java/com/**/.java’]

Use
sonar: [projectKey: ‘****’, ‘java.libraries’: '/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘coverage.exclusions’: 'src/main/java/com/**/.java’]

Here in Jenkins logs sonar as getting appendend hence it was becoming sonar.sonar.coverage.exclusions and it was being ignored by SonarQube . Quite Strange ! Everywhere it was asked to use key as ‘sonar.coverage.exclusions:{package pattern}’