Sonar package exclusion does not work

ganesh · July 13, 2019, 9:55am

tool:SonarQube Scanner 3.2

Wish to exclude some packages from sonar code Coverage where sonar is part of build pipeline of jenkins

Ways tried (for now added all files under the package mentioned just to check if it really excludes all java file !)
pom.xml
A:
<sonar.coverage.exclusions>com/**/</sonar.coverage.exclusions>
B:<sonar.exclusions>{project.basedir}/src/main/java/com/ept/scheduleinterface/dto/**/*, {project/basedir}/src/main/java/com/test/aa//model/</sonar.exclusions>

jenkinsfile
1:
sonar: [projectKey: PROJECT_NAME, ‘java.libraries’:
‘/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘sonar.coverage.exclusions’: 'src/main/java/com//’**],
2:
’-Dsonar.coverage.exclusions’: 'src/main/java/com//’]**
3:
’-Dsonar.coverage.exclusions’: 'com//*’]**,

in my project structure there is a jenkinsfile and pom.xml file along with dockerfile

But it looks is sonar is not obeying the configuration at all.
Also I can see in jenkins console logs the changes I did in e.g. jenkins file are considered
Running shell script
‘-Dsonar.java.libraries=/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’ ‘-Dsonar.sonar.coverage.exclusions=src/main/java/com/**/*’ -Dsonar.sources=src -Dsonar.java.binaries=target/classes -Dsonar.jacoco.reportPaths=target/jacoco.exec -

ganncamp · July 15, 2019, 11:56am

Hi,

Correctly configuring exclusions on the analysis side can be quite tricky. I’d recommend you do this in the UI instead. When you do, take a look at the path-to-file shown in the SonarQube UI (the blue scribble part of your screenshot) and replicate that in your exclusion.

HTH,
Ann

ganesh · July 15, 2019, 12:17pm

Thanks Ann,
But doing this through UI I do not see any provision!
You want me specify below on UI.
src/main/java/com/avaya/ept/healthcare/staffinterface/controller/SpecialtyRestController.java
Could you please share or point me to any similar UI option here as it looks I need to have the permission to add those package exclusions ?

On one of the stackoverflow portal I could see following but can not see such provision (https://stackoverflow.com/questions/8848585/excluding-java-files-in-sonar-report-through-jenkins)

Go to sonar section of your jenkins job.
Click on advanced.
In Additional properties put or add:
-Dsonar.exclusions=com/company/packageA/generated/**/*.java,com/company/packageB/generated/**/*.java
Save changes.

ganncamp · July 15, 2019, 12:39pm

Hi,

You’ll need to have admin rights on your project. Once you do, you’ll see a project-level Administration menu item. Choose Administration > General Settings > Analysis Scope.

Ann

ganesh · July 15, 2019, 1:22pm

Hi Ann,

But ideally following in pom.xml should work right ? Why sonar is disobeying the below configuration ?

<sonar.jacoco.reportPath>${project.basedir}/target/jacoco.exec</sonar.jacoco.reportPath>
<sonar.coverage.exclusions>com/**/*</sonar.coverage.exclusions>
0.8.3

As per my knowledge the preference to consider configuration is as below in Highest to lowest

1: pass as arguments e.g. -D’sonar.coverage.exclusions’: ‘**/*.java’ (Overridden by any config . Highest priority)
2: in POM.xml
3: in UI of SonarQube

ganncamp · July 15, 2019, 1:24pm

Hi,

What does the path show in the SonarQube interface start with? “com”? or “src”?

Ann

ganesh · July 15, 2019, 1:26pm

it shows as below
[src/test/java/com/ept/controller/Controller.java]

ganncamp · July 15, 2019, 1:28pm

Hi

That would be why an exclusion pattern that starts with “com” doesn’t work. SonarQube doesn’t recognize any paths starting with “com”. Make sense?

Ann

ganesh · July 15, 2019, 1:53pm

Actually I have tried various options as mentioned in my original post also tried below but no change in coverage.
<sonar.coverage.exclusions>src/main/java/com/**/*.java</sonar.coverage.exclusions>

Idea here is to exclude all java classes comes under below folder (recurrent) path
src/main/java/com

Also tried
<sonar.coverage.exclusions>/src/main/java/com//*.java</sonar.coverage.exclusions>
but looks sonarQube is not obeying the configuration of pom.xml and jenkingfile as well. Have to wait till I get Administrative permission. But this should not be the only place . As exclusion should be overridden by pom.xml or some other method as well like arguments!

ganesh · July 15, 2019, 4:44pm

Issue resolved !

in Jenkins file instead of
sonar: [projectKey: ‘****’, ‘java.libraries’: '/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘sonar.coverage.exclusions’: 'src/main/java/com/**/.java’]

Use
sonar: [projectKey: ‘****’, ‘java.libraries’: '/root/.m2/repository/org/projectlombok/lombok//lombok-.jar’,‘coverage.exclusions’: 'src/main/java/com/**/.java’]

Here in Jenkins logs sonar as getting appendend hence it was becoming sonar.sonar.coverage.exclusions and it was being ignored by SonarQube . Quite Strange ! Everywhere it was asked to use key as ‘sonar.coverage.exclusions:{package pattern}’

Yamuna_Reddy · February 3, 2020, 5:54am

what is the pattern to exclude files in analysis scope?

ganncamp · February 3, 2020, 12:57pm

Hi,

You’ll find those documented in the interface.

Ann