Sonarcloud does not scanning docker files

Hello Community,

After Sonarcloud and github integration, we saw that my projects were scanned successfully, but I noticed that my docker files in my project files were not scanned, I did not exclude them on purpose, how can I be sure that all my files are scanned.

Hey there.

How are your Dockerfiles named? Take a look at the docs here:

Missing Uniform Filename Convention:

Dockerfiles can have all kinds of names and do not need a file extension. For this reason, it is difficult for the scanner and the analyzer to recognize all Dockerfiles. By default, all files named Dockerfile, Dockerfile.*, or *.dockerfile are considered Dockerfiles. If other conventions apply, these can be specified via the scanner property sonar.lang.patterns.docker.

Hello Colin,

We are using default dockerfile names. We didn’t change the names. How can we solve this issues?

Thank you for your support.

Can you provide DEBUG analysis logs? This should help us see how files are indexed. You can provide -X as an argument to the sonar-scanner or Github action.

Hi, same situation. Dockerfiles are completely ignored by sonarcloud (Note: our files are called “Dockerfile”)
There were some security hotspots for them but at some point they disappeared.
I also tried to create a project containing only a Dockerfile and among the logs I found this: INFO: 1 file indexed
but there are no code files in the sonar dashboard

Hi @alecapalan,

Welcome to the community!

We’re aware of the problem with Dockerfiles and working on a fix.


1 Like