We've had trouble setting up a custom SonarQube server. The global analysis works fine, but unit test files are being analyzed and they trigger issues on the report. For instance, we have hardcoded IP addresses in unit test files, and Sonar reports a security hotspot.
The arborescence is as follow:
component-a
module1/src/...
module1/tests/...
module2/src/...
module2/tests/...
component-b
src/...
tests/...
component-c
src/...
tests/...
I've tried the following parameters but it does not work, as test files are still being analyzed:
sonar.sources=.
sonar.sources.inclusions=component-a/**/src,component-b/src,component-c/src
sonar.sources.exclusions=component-a/**/tests,component-b/tests,component-c/tests
sonar.tests=.
sonar.test.inclusions=component-a/**/tests,component-b/tests,component-c/tests
Do you have any idea on how to make this configuration work? Thanks in advance
Try something like:
sonar.sources=.
sonar.tests=.
sonar.test.inclusions=**/tests/**/*
The test files should still be analyzed but only as test files (security hotspots should not be reported on them).