[RESOLVED] Exclude Third Party Sources from Sonar - DevDummy

Latest

Guildes | Concepts | Techniques

Friday, June 01, 2018

[RESOLVED] Exclude Third Party Sources from Sonar

Exclude Third Party Sources from Sonar




Project Level Configuration

The easiest and the cleanest way to make an exclusion of source files from Sonar scanning is from sonar-project.properties file.

Example

sonar.exclusions=**/com/devdummy/thirdparty/**/*

Key

** -  Any Folder
*   -  Any File

Sonar Level Configuration

You also can set up this exclusion from SonarQube,

Administration -> Analysis Scope -> Code Coverage


However this will impact through out the SonarQube scope affecting to all the projects configured.

Conclusion

  • Setting up project level configuration is always safe, as it impacts only to the specified project
  • However if you want to apply this over all projects, SonarQube configuration is the best option
  • This is should be an administrator task and use with care as this can be use to skip the scanner-able code purposely.
It is always arguable that what code should be excluded, may be its third party gendered code (such as web service stubs), referring or developing on top of legacy code or even using third party client code as the base.

However ideally third party stubs above mentioned should be generated separately in place such as target folder and refer in compile time for bundling.

...

No comments:

Post a Comment