SonarQube doesn't include findings for .* folder (folder start with .)

  • Currently, I use SonarQube v8.9.7 and SonarScanner v4.6.1.2450
  • I’m trying to include external findings that found in .* /* path (folder started with . ) for example .config/* and ./buddy/*
  • I’m including that findings using sonarscanner and push the findings to sonarQube dashboard. But, the findings with .* /* path pattern not shown in the sonarQube (other findings in other path is shown)
  • I have tried to use sonar.inclusions config but it doesn’t work
  • How can I solve this issue?

Hey there.

I just gave this a try without issue.

sonar-scanner -Dsonar.projectKey=testhidden -Dsonar.externalIssuesReportPaths=.hidden/test.json -X
11:45:07.097 INFO: Sensor Import external issues report
11:45:07.098 DEBUG: Importing issues from '.hidden/test.json'
11:45:07.125 INFO: Imported 2 issues in 1 file
11:45:07.125 INFO: Sensor Import external issues report (done) | time=28ms
tree -a            
├── .hidden
│   └── test.json
└── sources
    ├── A.js
    └── B.js

2 directories, 3 files

Are you doing something differently? What analysis command are you using?

Thanks for the answer. In my case, it is not import the file from .hidden folder, but the findings in imported file located in the .hidden folder, for example :

    "issues": [
            "engineId": "scan-engine",
            "ruleId": "rule-number-1",
            "primaryLocation": {
                "message": "Findings related to ...",
                "filePath": ".hidden/config.yml",
                "textRange": {
                    "startLine": "87",
                    "endLine": "87"
            "type": "VULNERABILITY",
            "severity": "CRITICAL"

the problem is, that findings is not shown in sonarqube dashboard.