Exclude Third-Party Sources From Sonar
This tutorial shows two quick ways to exclude third-party sources from Sonar scanning in SonarQube.
Join the DZone community and get the full member experience.
Join For FreeProject Level Configuration
The easiest and cleanest way to make an exclusion of source files from Sonar scanning is from the sonar-project.properties file.
Example
sonar.exclusions=**/com/devdummy/thirdparty/**/*
Key
** - Any Folder
* - Any File
Sonar Level Configuration
You also can set up this exclusion from SonarQube.
Administration -> Analysis Scope -> Code Coverage
However this will impact through out the SonarQube scope affecting to all the projects configured.
Conclusion
- Setting up project-level configuration is always safe, as it impacts only the specified project.
- If you want to apply this to all projects, SonarQube configuration is the best option.
- This should be an administrator task; use with care, as this can be used to skip the scanner-able code purposely.
It is always arguable what code should be excluded, may it be third-party gendered code (such as web service stubs), referring or developing on top of legacy code, or even using third-party client code as the base. However, ideally, third-party stubs above mentioned should be generated separately in a place such as target folder and refered in the compile time for bundling.
Published at DZone with permission of Sameera Nelson. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments