SonarQube is not honouring coverage exclusions

Deepak_Daniel · June 19, 2023, 12:54pm

Hello!

My team has a hosted SonarQube server (Enterprise Edition) where we push PR analysis. The analysis is done using the Maven plugin by running the command mvn sonar:sonar. For this command, we also provide the path of the Jacoco aggregate report XML path to get coverage data. (The base branch has regular branch analysis, where we push the coverage data.)

In the SonarQube UI’s project settings, we add exclusions under analysis scope for some classes that we do not wish to track coverage for. This is usually done by means of patterns.

One of the patterns is **/src/main/java/**/*DAO.* but we notice that files under this pattern still are being tracked for coverage. For example, ABCModule/src/main/java/com/example/persistence/EntityDAO.java, which had new code added, was shown in ‘lines to cover’ in the new code section.

Note: We only add exclusions in the UI. There are no other properties specified during the analysis.

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) – SonarQube 9.1, Maven Scanner Plugin (not declared in POM but run with mvn sonar:sonar)
how is SonarQube deployed: – on cloud compute machine
what are you trying to achieve: – PR analysis where files matching pattern are excluded from coverage
what have you tried so far to achieve this – this used to be a working setup. Unsure of what changed.

Colin · June 20, 2023, 1:13pm

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

9.1 → 9.9 → 10.0 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.

Deepak_Daniel · June 21, 2023, 7:08am

Thanks, Colin. I will work with my org on the same. However, this will not be a quick task and we have PRs that cannot be analysed properly due to this issue. Furthermore, this used to work properly and I cannot fathom what could have changed to cause this issue to crop up all of a sudden. Is this a known issue with the current version? Will upgrade fix the issue?

Colin · June 21, 2023, 7:53am

I would suggest checking the analysis logs to understand what analysis parameters are being taken into consideration.

[**INFO**] Project configuration:
[**INFO**] Excluded sources for coverage: **/*.java

You mentioned that the **/src/main/java/**/*DAO.* is set in the UI… if a developer, for example, added sonar.coverage.exclusions somewhere else (in the pom.xml, as an analysis parameter to mvn sonar:sonar), this would be overridden by the hierarchy of settings.

Deepak_Daniel · June 21, 2023, 1:34pm

Thank you! It turned out someone did unwittingly commit this configuration in the POM file.

system · June 28, 2023, 1:34pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.