Hi everyone! I’m trying to exclude some files from my DotNet sonar scanner. Here’s the situation I’m in.
I have a mono repo that includes both DotNet files and JavaScript files. When I deploy them, they get merged into a single project.
The teams that work on DotNet and JavaScript are mostly separate, so I’d like each one to have its own SonarCloud project.
The solution appears to be to run the DotNet scanner and have it exclude the JavaScript files.
Unfortunately, when I run the DotNet sonar scanner, it picks up and scans JavaScript files, even though I’m trying to exclude them in every way I know about. Here’s what I’ve tried so far:
Passing the parameter /d:sonar.coverage.exclusions=WebSite/Scripts/**,WebSite/ScriptSource/** to dotnet-sonarscanner, even though the documentation on SonarScanner for .NET | SonarCloud Docs does not say that sonar.coverage.exclusions is a valid parameter
Configuring the Analysis Scope / Exclusions of the project on SonarCloud with exclusions for *.js and **/*.js
No matter what I seem to do, dotnet-sonarscanner still analyzes the .js files, which causes it to take tons of extra time and lots of unnecessary reports. If this was a small amount of time it wouldn’t be a big deal; but it quadruples the length of time my task takes to execute.
Does anyone have ideas for how to get dotnet-sonarscanner to not consider these files for analysis?
If you want to exclude Javascript files, you’ll want to make sure that you use sonar.exclusions rather than sonar.coverage.exclusions (the latter is only excluding files from code coverage calculations, not analysis).
You should be able to find it in the analysis scope documentation – where else would you expect to see it (not a trick question, just making sure I understand)
The place where I looked was SonarScanner for .NET | SonarCloud Docs - this page shows a list of tons of parameters so it looks complete, but it doesn’t list sonar.exclusions or sonar.coverage.exclusions. I only learned about sonar.coverage.exclusions by randomly googling around until someone mentioned it.
I think I see why I got confused, actually. At the bottom of the list of parameters, it says “optional - Specifies an additional SonarCloud analysis parameter” and there’s a link. I clicked that link and it sent me right back to where I was. If I had instead clicked the link in " For detailed information about all available parameters, see Analysis Parameters" that would have gotten me to the right place.
Thanks for pointing this out, there seems to be a bug, as the link is pointing to the Analysis parameters page but once published the link is not working. The dev team that works on the docs is looking into this.