SonarQube MSBuild Scanner doesn't exclude files from analysis

Question

We are currently using SonarQube Scanner for VSTS/TFS 4.1.1 (which is using SonarQube Scanner 4.1.1).

What we want to do:

For some projects (modules) in our solution we want to exclude files from the analysis and from the code coverage statistics. This should be done in a maintainable way by using file patterns and not modifying the TFS Build task.

Project structure:

    |- Source
      |- ProjectA
        |- Scripts (should be excluded)
        |- OwnCode
      |- ProjectB
        |- Views (only code coverage should be excluded)
        |- Presenters
        |- ...
      |- ProjectC
        |- Scripts (should be scanned)
        |- ...
      |- ...
      |- Solution.sln

What we tried:

Excluding in the TFS Build Task
- Absoulte path (with backslash or slash):sonar.exclusions="$(Build.SourcesDirectory)\Source\ProjectA\Scripts\**\*.js" (similar for the coverage)
- Relative path: **/ProjectsA/Scripts/**/*.js
Excluding in SonarQube front end
- Analysis exclusion: **/ProjectA/Scripts/**/*.js
- Coverage exclusion: **/ProjectB/Views/**/*.cs
Excluding with sonar-project.properties:
- Is not supported and results in the following error: sonar-project.properties files are not understood by the SonarScanner for MSBuild

What we see:

The logs of the Scanner Context in the SonarQube web interface are:

  Settings for module: Solution:Solution:6FA7B5C2-667D-4387-98B9-445617F2AC0B
  - sonar.coverage.exclusions=**/ProjectA/Views/**/*.cs
  - sonar.cs.analyzer.projectOutPath=D:\agent1\_work\5\.sonarqube\out\9
  - sonar.cs.analyzer.projectOutPaths="D:\agent1\_work\5\.sonarqube\out\9"
  - sonar.cs.roslyn.reportFilePath=D:\agent1\_work\5\s\Source\Solution\Source\ProjectA\bin\Release\ProjectA.dll.RoslynCA.json
  - sonar.cs.roslyn.reportFilePaths="D:\agent1\_work\5\s\Source\Solution\Source\ProjectA\bin\Release\ProjectA.dll.RoslynCA.json"
  - sonar.exclusions=**/ProjectA/Scripts/**/*.js
  - sonar.moduleKey=Solution:Solution:6FA7B5C2-667D-4387-98B9-445617F2AC0B
  - sonar.projectBaseDir=D:\agent1\_work\5\s\Source\Solution\Source\ProjectA
  - sonar.projectKey=Solution:Solution:6FA7B5C2-667D-4387-98B9-445617F2AC0B
  - sonar.projectName=ProjectA
  - sonar.sourceEncoding=utf-8
  - sonar.sources="D:\agent1\_work\5\s\Source\Solution\Source\ProjectA\Scripts\abc.js","..."

The logs of the MSBuild Scanner in the TFS build are:

Base dir: D:\agent1\_work\5\s\Source\Solution\Source\ProjectA
Working dir: D:\agent1\_work\5\.sonarqube\out\.sonar\Solution_Solution_6FA7B5C2-667D-4387-98B9-445617F2AC0B
Source paths: Scripts/abc.cs, ...
Source encoding: UTF-8, default locale: en_US
Index files
Excluded sources: 
  **/ProjectA/Scripts/**/*.js
172 files indexed
0 files ignored because of inclusion/exclusion patterns
Quality profile for cs: Sonar way
Quality profile for js: Sonar way
Excluded sources for coverage: 
  **/ProjectB/Views/**/*.cs
Sensor C# Properties [csharp]
Sensor C# Properties [csharp] (done) | time=15ms
Sensor SonarJavaXmlFileSensor [java]
Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
Sensor SonarJS [javascript]

What we didn't try:

Excluding single files by changing the project files

We don't want to do this cause it's not maintainable.

Excluding the whole project

We only want to exclude some folders/patterns from single projects in the solution.

The main problem with this scanner is in a base path. As you can see in here: Base dir: D:\agent1\_work\5\s\Source\Solution\Source\ProjectA it contains ProjectA, so your filter **/ProjectA/Scripts/**/*.js won't work. It should be something like **/Scripts/**/*.js. But then, this filter will remove all Scripts from all project, and this is not what you want. Ants wildcards also doesn't accept .. so you cannot move up directory. I have a similar problem, and I end up deleting files I didn't want in analysis. I'll give you my upvote, since I'm interested in an answer as well. — Peska
That would not work for CS files, cause the build would break. I wonder why there is no easy solution. Some people solve that issue by creating hackish solutions like: stackoverflow.com/a/48705850/2560519 — Marcell Spies
I won't break a build, if you run it like this: 1. SonarQube.Scanner.MSBuild.exe begin 2. MSBuild.exe 3. Delete files 4. SonarQube.Scanner.MSBuild.exe end. It will give you warnings about missing files in SonarQube, but apart from that, everything will be fine. But like I said, this is a weird workaround. I'm interested in permanent solution as well. — Peska

duncanp duncanp · Accepted Answer · 2018-04-18T16:35:48

Partial answer: code coverage exclusions can be configured per "component" (i.e. per MSBuild project) in the SonarQube UI, so you should be able to exclude ProjectB\Views from coverage but not analysis.

Navigate to the component page, then select Administration, General Settings. The Coverage Exclusions property in the Analysis Scope tab sets the exclusions just for this component.

Finding the component page isn't obvious: click on the Code tab for the SonarQube project. That will show a list of the components. Click the left-most icon on the screen next to the component you are interested in:

The component page looks the same as the overall project page, but the path at the top of the page will show both the project and component name (underlined in red on the image below):