In my .Net code, I have several generated classes that I want to exclude from the SonarQube analysis that runs on every pull request. In order to figure out how the exclusion works, I've tried two approaches to exclude the analysis of a single file adres.cs.
Option A
I added a file sonar-project.properties in the root of the git repository, its contents is:
sonar.projectKey=MyProjectKey
sonar.projectName=MyProjectName
sonar.exclusions=**/adres.cs
The YAML snippet below shows how the SonarQube prepare step is being invoked (except that in this scenario, sonar.exclusions is commented out in the YAML file).
In the output of the build server I see the following interesting statements:
1 suggest that the configuration file was found, and 2 suggests that the file was processed. However, 3 suggests that file adres.cs is still being analyzed, which I have confirmed by looking in SonarQube where the file is still visible.
Option B
I modified my YAML build pipeline to include one an extra line that specifies which file to exclude, that is the last line of the snippet below:
task: SonarQubePrepare@6
inputs:
SonarQube: 'SonarQubeOnDocker'
projectKey: MyProjectKey
projectName: MyProjectName
extraProperties: |
sonar.host.url=myUrl
sonar.exclusions=**/adres.cs #Only used in Option B
sonar.verbose=true
These are the properties that I've specified, the rest use the default values, which according to the documenation means that: scannerMode: 'MSBuild'
After running the modified pipeline, the file no longer shows up in SonarQube. Also, the output on numerous places states Excluded sources: **/adres.cs
Any idea why the second approach works but not the first?
Update
I modified the YAML task definition to
task: SonarQubePrepare@6
inputs:
SonarQube: 'SonarQubeOnDocker'
projectKey: MyProjectKey
projectName: MyProjectName
configFile: 'sonar-project.properties'
extraProperties: |
sonar.host.url=myUrl
sonar.verbose=true
This still does not work.
Solution
Based on the comments from Kevin Lu, I updated to the YAML task definition to
task: SonarQubePrepare@6
inputs:
SonarQube: 'SonarQubeOnDocker'
projectKey: MyProjectKey
projectName: MyProjectName
scannerMode: 'CLI'
configFile: 'sonar-project.properties'
extraProperties: |
sonar.host.url=myUrl
sonar.verbose=true
The important piece here is the scannerMode property. When I set it to the non-default value of CLI, the configuration file is being used.
Refer to this ticket: Not able to exclude sonar-project.properties files from VSTS pipeline
sonar-project.properties file already in the source code is not compatible with the Scanner for MSBuild. The reason is that the scanner generates itself a file, with all sources reference, to be able to be analyzed by the underlying base scanner.
The cause of the issue could be that the sonar-project.properties is not compatible with MSBuild mode.
To use the sonar-project.properties in sonarqube task, you can change to use CLI mode.
In this case, you can define the sonar-project.properties file in configFile field.
Here is an example:
steps:
- task: SonarQubePrepare@6
displayName: 'Prepare analysis on SonarQube'
inputs:
SonarQube: xx
scannerMode: CLI
configMode: 'file'
configFile: 'sonar-project.properties'
extraProperties: |
xxxx
For more detailed info, you can refer to this doc: SonarQubePrepare@6 - Prepare Analysis Configuration v6 task
configFile: 'sonar-project.properties' # string. Optional. Use when scannerMode = CLI && configMode = file. Settings File. Default: sonar-project.properties.