Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Exclude Third-Party Sources From Sonar

DZone's Guide to

Exclude Third-Party Sources From Sonar

This tutorial shows two quick ways to exclude third-party sources from Sonar scanning in SonarQube.

· Performance Zone ·
Free Resource

Sensu is an open source monitoring event pipeline. Try it today.

Project Level Configuration

The easiest and cleanest way to make an exclusion of source files from Sonar scanning is from the sonar-project.properties file.

Example

sonar.exclusions=**/com/devdummy/thirdparty/**/*

Key

** -  Any Folder

*   -  Any File

Sonar Level Configuration

You also can set up this exclusion from SonarQube.

Administration -> Analysis Scope -> Code Coverage

However this will impact through out the SonarQube scope affecting to all the projects configured.

Conclusion

  • Setting up project-level configuration is always safe, as it impacts only the specified project.
  • If you want to apply this to all projects, SonarQube configuration is the best option.
  • This should be an administrator task; use with care, as this can be used to skip the scanner-able code purposely.

It is always arguable what code should be excluded, may it be third-party gendered code (such as web service stubs), referring or developing on top of legacy code, or even using third-party client code as the base. However, ideally, third-party stubs above mentioned should be generated separately in a place such as target folder and refered in the compile time for bundling.

Sensu: workflow automation for monitoring. Learn more—download the whitepaper.

Topics:
sonarqube ,code smell ,code quality ,performance ,tutorial

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}