VSTS sonar analysis step is not working as expected when include and exclude parameters are used


(Venkata Mudigonda) #1

I have upgraded the XML and JS sonar plugins to the latest but the issue is same. As the XML files are wrongly formatted intentionally, i have tried excluding from analysis by adding sonar switch “sonar.exclusions=**/DataAccess.Mock/MockInputFiles/*.xml” but with no luck. The build still fails at the same exact files. Also tried the pattern with exact path of the XML files directory but did not work. Any help here is highly appreciated

And we are also facing the similar issue when trying to include a specific folder for analysis. The patterns I have used is as below. In this case none of the files are considered for the analysis

sonar.inclusions=$(Build.SourcesDirectory)\FolderA\FolderB*
sonar.inclusions=/FolderA/FolderB//*
sonar.inclusions=FolderA/FolderB/**/*
sonar.inclusions=FolderA/FolderB/*

In the above example, I want to consider the files/subfolders of only FolderB but the patterns used above did not work

Sonarqube version: 7.3 Developer Edition
Sonar VSTS Plugin version:4


(G Ann Campbell) #2

Hi,

What scanner are you using? And is there anything relevant-seeming in your logs?

 
Ann


(Venkata Mudigonda) #3

Hi Ann,

Thanks for your message. We are using Sonarqube extension for VSTS

https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS

When using inclusion patterns, the console log displays all files but ignores all files as a part of exclusion pattern

For instance, the scan started on a folder structure with 502 files which is no way related to inclusion pattern but it ends up ignoring all files

Example line from console log

502 files ignored because of inclusion/exclusion patterns

Thanks,
Venkata


(G Ann Campbell) #4

Hi Venkata,

I asked about which scanner you’re using to understand whether you were explicitly specifying sonar.sources or whether that was read from your build system. If you’re using MSBuild, Maven, or Gradle it will be the latter.

If you are specifying sonar.sources then your first option is just to narrow it to FolderB. If for some reason that’s not practical, your next option is to take another look at your inclusions settings. The real question is whether analysis sees the path to FolderB as starting in FolderA. This is why I asked for anything relevant-seeming from your log; a snippet with a path might have revealed that. Nonetheless, I’d try prepending ‘FolderA’ with **/ as in

sonar.inclusions=**/FolderA/FolderB/**/*

 
HTH,
Ann


(Venkata Mudigonda) #5

Hi Ann,

We use MSBUILD/VSTS Task where the sonar.source directory will be determined by the build system

We are already using the same exact inclusion pattern that you have mentioned and we are also seeing in the log that the inclusion pattern is applied on the identified source folder. Unfortunately the inclusion pattern ignoring all the files. In the VSTS build console log here is what I see

LogLine-1:

------------------------------------------Scanning “ModuleName” [it seems like each csproj/vbproj is getting considered as an individual module]

LogLine-2:

Base dir: Displays the base directory

E:\Agents\a1\_work\41\s\FolderA\FolderB\”RootFolderForTheModule”

``

LogLine-3:``

``

Working dir: Displays the directory structure .\sonarqube\out.sonar

LogLine-4:

Displays all the files in the Base Directory(in this specific instance 16 files)

LogLine-5:

Index files

LogLine-6:

Included sources:**/FolderA/FolderB/**/*

``

LogLine-7:

0 files indexed

LogLine-8:

16 files ignored because of inclusion/exclusion patterns

LogLine-9:

Sensor SonarJavaXmlFileSensor [java]

LineLog-10:

Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms

Thanks,

Venkata


(G Ann Campbell) #6

Hi Venkata,

How do you specify your inclusion/exclusion? Via the UI? Command-line params? Something else? And is this the only pattern you apply or are there more?

 
Ann


(Venkata Mudigonda) #7

The VSTS/TFS task offers a text box where you can mention the command line parameters like sonar.inclusions/sonar.exclusions. We use the same for including any additional parameters to the scanner


(Julien Henry) #9

Hi,

I think currently exclusions/inclusions patterns are evaluated “per module” (= per MSBuild project).

If your solutions contains 2 projects:

  • ProjectA
  • ProjectB

Then your exclusions patterns should NOT be sonar.exclusions=ProjectA/src/*.xml but instead sonar.exclusions=src/*.xml


(Venkata Mudigonda) #10

Hi Julien,

The exclusion pattern that you have provided worked and excluded the intended set of XML files in one of the module. Along with these files it also excluded several other files in few other modules inspite of pattern mismatch. I have thoroughly checked the module content where the exclusions are unintentional but could not find any traces of such files

And regarding exclusion, I want to consider only those projects under specific location as they all logically belong to one single business application and want to see the results under a specific Sonar Project. In MODULE sense, i want to consider modules/MSBUILD projects of specific folder location. To elaborate, all projects/content under “FolderB” folder from the below structure are to be considered

[RootFolderForSolution]\FolderA\FolderB[ListOfProjects]

I tried the below patterns but with no luck

sonar.inclusions=$(Build.SourcesDirectory)\FolderA\FolderB*
sonar.inclusions= /FolderA/FolderB/ /*
sonar.inclusions=FolderA/FolderB/**/*
sonar.inclusions=FolderA/FolderB/*

Thanks,
Venkata


(Julien Henry) #11

sonar.inclusions and sonar.exclusions are not meant to include/exclude a module, but to specify the files that will be analyzed inside each modules.

You can exclude some MSBuild projects entirely by adding a property in the .csproj:
https://docs.sonarqube.org/display/SCAN/Excluding+Artifacts+from+the+Analysis