Sonar scanner scans all files in the git blame ignoring what is configured via build wrapper

Hi,

We are using SonarQube version 7.9 and build wrapper for C/C++ version 6.3 on linux environment. We are using git as our SCM.

We have C/C++ project and we would just like to scan C/C++ files that the build wrapper detects. The build wrapper does analyse the files but at the end it seems like the scanner reanalyses all files from git blame. This is not accepted as we have unit tests and other files that we don’t want to scan.

Build wrapper correctly detects and analyses all ~800 files that we want to analyse but the git blame analysis then analyses >2000 files.

  1. Could you explain what is the difference between these two scans?
  2. Why is the scanner ignoring build wrapper files and scanning everything?

Thanks

Hi @Kamal_Chandra,

sonar-scanner imports all files in sonar.sources folder into SonarQube, if you want to limit the set of files see sonar.inclusions property in the documentation page Narrowing the focus .

The git scm plugin check scm information for all files imported into SonarQube.

The C/C++ analyzer analyze only the files which have been compiled during the build wrapper by build-wrapper.

Thanks Massimo for your reply.

What I want is to only import and analyse files that is configured by my build system which is detected by build wrapper. Yes at the moment I am setting sonar.sources to the root of my source directory so yes I understand that it will import all sources.

When you say" "sonar-scanner imports all files in sonar.sources", does that mean it will also analyse these files or just import it for indexing purpose and not apply any rules to it?

I expect the c/c++ analyzer to narrow the files that is analyzed as appose to me listing files/folders via sonar.inclusion. I don’t want to maintain a list as the build wrapper should be used to narrow the files imported and analyzed automatically.

All I want is the import and analyse only the files that are intercepted by the build wrapper. How do I achieve this??

Hi @Kamal_Chandra,

it will analyze them if they match any of the installed plugins.

No need to list them manually, if you read the Narrowing the focus page you can see that eventually if you want to restrict the inclusions to only C/C++ files you could set something like: sonar.inclusions=**/*.c,**/*.cpp,**/*.h.

Why does it bother you that SonarQube may analyze non C/C++ files? You may get valuable issues generated for non C/C++ files and you may actually enjoy that.