Hello and thanks for the great project.
I was a bit surprised to find out that untracked file was uploaded to public internet. This time there was no harm done, but it might have been a file with passwords or other sensitive information related to the project.
Also I was a bit surprised to see that submodules of project don’t get analyzed, while this is desired behavior I’d thought that they’d go through the same process as untracked files.
- ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
- CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
- Scanner command used when applicable (private details masked)
- Languages of the repository
- Only if the SonarCloud project is public, the URL
- Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
- A file not tracked in project gets analyzed and uploaded
- Steps to reproduce
- Setup a repo, analyze it, watch untracked file appear in results
- Potential workaround
- Don’t keep untracked files in repo.