Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Exclude Third-Party Sources From Sonar

DZone's Guide to

Exclude Third-Party Sources From Sonar

This tutorial shows two quick ways to exclude third-party sources from Sonar scanning in SonarQube.

· Performance Zone ·
Free Resource

Container Monitoring and Management eBook: Read about the new realities of containerization.

Project Level Configuration

The easiest and cleanest way to make an exclusion of source files from Sonar scanning is from the sonar-project.properties file.

Example

sonar.exclusions=**/com/devdummy/thirdparty/**/*

Key

** -  Any Folder

*   -  Any File

Sonar Level Configuration

You also can set up this exclusion from SonarQube.

Administration -> Analysis Scope -> Code Coverage

However this will impact through out the SonarQube scope affecting to all the projects configured.

Conclusion

  • Setting up project-level configuration is always safe, as it impacts only the specified project.
  • If you want to apply this to all projects, SonarQube configuration is the best option.
  • This should be an administrator task; use with care, as this can be used to skip the scanner-able code purposely.

It is always arguable what code should be excluded, may it be third-party gendered code (such as web service stubs), referring or developing on top of legacy code, or even using third-party client code as the base. However, ideally, third-party stubs above mentioned should be generated separately in a place such as target folder and refered in the compile time for bundling.

Take the Chaos Out of Container Monitoring. View the webcast on-demand!

Topics:
sonarqube ,code smell ,code quality ,performance ,tutorial

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}