Friday, June 01, 2018

[RESOLVED] Exclude Third Party Sources from Sonar

Sameera Nelson June 01, 2018 Code Quality, Code Smells, SonarQube

Exclude Third Party Sources from Sonar

Project Level Configuration

The easiest and the cleanest way to make an exclusion of source files from Sonar scanning is from sonar-project.properties file.

Example

sonar.exclusions=**/com/devdummy/thirdparty/**/*

Key

** - Any Folder
* - Any File

Sonar Level Configuration

You also can set up this exclusion from SonarQube,

Administration -> Analysis Scope -> Code Coverage

However this will impact through out the SonarQube scope affecting to all the projects configured.

Conclusion

Setting up project level configuration is always safe, as it impacts only to the specified project
However if you want to apply this over all projects, SonarQube configuration is the best option
This is should be an administrator task and use with care as this can be use to skip the scanner-able code purposely.

It is always arguable that what code should be excluded, may be its third party gendered code (such as web service stubs), referring or developing on top of legacy code or even using third party client code as the base.

However ideally third party stubs above mentioned should be generated separately in place such as target folder and refer in compile time for bundling.

...