Configure Sonar to exclude files from Maven pom.xml

Question

I have a project configured in maven and the code analysis is done by SonarQube.

I am trying to configure SonarQube in the pom.xml file to exclude a few files from the code analysis. Those files can be identified by their class names, they contain the underscore character before the extension (they are metamodel classes). Below I give the part of the pom.xml file where I try to exclude them:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>2.2</version>
    <configuration>
        <sonar.sources>src/main/java</sonar.sources>
        <sonar.exclusions>file:**/src/main/java/**/*_.*</sonar.exclusions>
    </configuration>
</plugin>

However, the above code does not work. Is there a way to configure SonarQube from my pom.xml file to ignore those files when analysing the source code?

Thank you in advance.

SonarQube config parameters are treated as "System properties" if I remember correctly. Have you tried setting them as global in the pom.xml? — Peter Svensson, Jan 29 '14 at 08:28

score 93 · Accepted Answer · edited Oct 24 '16 at 07:42

93

Sonar exclusions (like other sonar properties) have to be added to the <properties> section of the POM file. Like so (example from excluding jOOQ autogenerated code from current project):

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <sonar.host.url>http://www.example.com/</sonar.host.url>
    <sonar.jdbc.url>jdbc:postgresql://www.example.com/sonar</sonar.jdbc.url>
    <sonar.jdbc.driver>org.postgresql.Driver</sonar.jdbc.driver>
    <sonar.jdbc.username>sonar</sonar.jdbc.username>
    <sonar.jdbc.password>sonar</sonar.jdbc.password>
    <sonar.exclusions>org/binarytherapy/generated/**/*, **/GuiceBindComposer.java</sonar.exclusions>
    <sonar.dynamic>reuseReports</sonar.dynamic>
</properties>

edited Oct 24 '16 at 07:42

Benny Bottema

11,111
10
71
96

answered Jan 29 '14 at 09:39

Mikkel Løkke

3,710
23
37

3

what is the best option to specify many exclusions as the string is getting pretty long very quickly? – d3day Jan 21 '16 at 13:45
7

You can put it on multiple lines; just have a linebreak after each comma. – Tyrel Feb 28 '16 at 04:53
1

com/vedant/pt/request/*.java I added this into pom properties and its not excluding classes under this package. Any help will be appreciated – VedantK Sep 12 '16 at 09:01
1

If you want to exclude all classes under the package you should probably do ```/**/*``` like in my example. You can read more about Ant style path matching here: https://ant.apache.org/manual/dirtasks.html – Mikkel Løkke Sep 13 '16 at 07:54
1

@MikkelLøkke - Is there any way we can disable perticular rule in `pom.xml` file ? I cant go & disable in sonar as its used at org level. – Jeff Cook Sep 04 '19 at 13:59
seems jacoco exclusion isn't enough for sonar report coverage exclusion. – Smart Coder Jun 26 '20 at 19:39

Amit Kaneria · Answer 2 · 2017-05-03T18:06:47.367

39

classes/packages mentioned in <sonar.exclusions> excludes the given classes from all static analysis by Sonar, however <sonar.coverage.exclusions> excludes given classes/packages only from coverage, and still be analyzed for other parameters.

<properties>
    <sonar.coverage.exclusions>
        **/domain/**/*,
        **/pojos/*
    </sonar.coverage.exclusions>
</properties>

Reference:

https://docs.sonarqube.org/display/SONAR/Analysis+Parameters#AnalysisParameters-Exclusions/Inclusions

Source:

edited May 03 '17 at 18:06

answered May 03 '17 at 15:25

Amit Kaneria

5,466
2
35
38

1

Within version 6.5 there is a bug if your add a new line between each entry. Please see https://jira.sonarsource.com/browse/SONAR-9666 – Christian Aug 23 '17 at 07:32
1

Just noting that will exclude matched files from all static analysis and code coverage. Also, the commas are required between multiple matchers. – Tim Schimandle Sep 01 '20 at 17:54
just to confirm that this works with JaCoCo version 0.8.6 and SonarQube version 9.0.1 – Juliyanage Silva Aug 17 '21 at 14:53
`` was confusing, spent hours trying to figure out what exactly it was doing. Its behavior was inconsistent too in my experimentation. `` is what I was looking after, thanks! – Aspiring Dev Jun 15 '23 at 21:27

score 13 · Answer 3 · edited Oct 26 '22 at 06:55

When doing your Sonar exclusions as shown in the accepted answer, make sure you follow this pattern approach from the SonarQube documentation:

Relative paths are based on the fully qualified name of the component (like the one displayed below):

src/main/java/org/sonar/batch/phases/AbstractPhaseEvent.java

Examples:

# Exclude all classes ending with "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, etc.
**/*Bean.java

# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
src/main/java/org/sonar/*

# Exclude all files in the "bank" directory and its sub-directories
# Matches bank/ZTR00021.cbl, bank/data/CBR00354.cbl, bank/data/REM012345.cob
bank/**/*

# Exclude all COBOL programs in the "bank" directory and its sub-directories whose extension is .cbl
# Matches bank/ZTR00021.cbl, bank/data/CBR00354.cbl
bank/**/*.cbl

So if you want to exclude all classes ending with "Bean" and all classes in the "src/main/java/org/sonar" directory (but not in its sub-directories) add the following sonar.exclusions property to the pom's properties:

<properties>
  ...
  <sonar.exclusions>**/*Bean.java,src/main/java/org/sonar/*</sonar.exclusions>
</properties>

score 4 · Answer 4 · edited Dec 20 '21 at 17:16

There are three ways to do.

You can add these files to the properties in your pom.xml:
This one is to exclude from code duplication:

<properties>
    <sonar.cpd.exclusions>
        **/dto/**/*,
        **/entity/**/*
    </sonar.cpd.exclusions>
</properties>

Using pom.xml
We can also define exclusion rules in the pom.xml file using analysis properties.

<properties>
<sonar.issue.ignore.multicriteria>e1</sonar.issue.ignore.multicriteria>
    <sonar.issue.ignore.multicriteria.e1.ruleKey>
        java:S4784
    </sonar.issue.ignore.multicriteria.e1.ruleKey>
    <sonar.issue.ignore.multicriteria.e1.resourceKey>
        **/commons/**/*
    </sonar.issue.ignore.multicriteria.e1.resourceKey>
</properties>

Using sonar-project.properties
We can also define exclusion rules in the sonar-project.properties file using analysis properties.Let's define and add the sonar-project.properties file to our resource dir:

sonar.issue.ignore.multicriteria=e1
sonar.issue.ignore.multicriteria.e1.ruleKey=java:S106
sonar.issue.ignore.multicriteria.e1.resourceKey=**/SonarExclude.java

how we can see the rule Key from sonarqube

Dhammadip · Answer 5 · 2019-12-23T12:28:33.860

We have to add below code in maven settings.xml file

       <profile>
                <id>sonar</id>
                <activation>
                    <activeByDefault>true</activeByDefault>
                </activation>     
           <properties>
               <sonar.host.url>http://localhost:9000</sonar.host.url>

               <sonar.exclusions>
               # exclude more class under same package
                  src/main/java/co/domain/*,
                  src/main/java/co/util/JsonMapper.java

               # exclude individual class
                  src/main/java/co/util/ProviderCallBuilder.java
               </sonar.exclusions>
            </properties>
       </profile>

Hi Deep, welcome. Please consider adding more information. – Tiago Martins Peres Dec 23 '19 at 12:35 — Tiago Martins Peres, Dec 23 '19 at 12:35

score 0 · Answer 6 · answered Jan 24 '23 at 16:12

An addition to the answer of @Yatindra Soni (unfortunately I have not yet enough reputation to comment your answer):

If you want to exclude multiple sonar rules by pom.xml, you have to specify

<sonar.issue.ignore.multicriteria>e1,e2,e3</sonar.issue.ignore.multicriteria>

only once and comma separate the values

<properties>
    <sonar.issue.ignore.multicriteria>e1,e2,e3</sonar.issue.ignore.multicriteria>
    
    <!-- rule e1 -->
    <sonar.issue.ignore.multicriteria.e1.ruleKey>
        java:S4784
    </sonar.issue.ignore.multicriteria.e1.ruleKey>
    <sonar.issue.ignore.multicriteria.e1.resourceKey>
        **/commons/**/*
    </sonar.issue.ignore.multicriteria.e1.resourceKey>
    
    <!-- rule e2 -->
    <sonar.issue.ignore.multicriteria.e1.ruleKey>
        java:S2899
    </sonar.issue.ignore.multicriteria.e1.ruleKey>
    <sonar.issue.ignore.multicriteria.e1.resourceKey>
        **/entity/**/*
    </sonar.issue.ignore.multicriteria.e1.resourceKey>
    
    <!-- rule e3 -->
    <sonar.issue.ignore.multicriteria.e1.ruleKey>
        java:S3358
    </sonar.issue.ignore.multicriteria.e1.ruleKey>
    <sonar.issue.ignore.multicriteria.e1.resourceKey>
        **/*.java
    </sonar.issue.ignore.multicriteria.e1.resourceKey>
</properties>

score -4 · Answer 7 · answered Oct 09 '18 at 06:08

I was using sonar to analyse PHP code base. Both <sonar.exclusions> and <sonar.coverage.exclusions> didn't do the trick. My solution is - Instead of specifying the exclusions, I ended up specifying the inclusion directories as below:

<properties>
  .........
  <sonar.exclusions>./app/models,./app/controllers</sonar.exclusions>
  .........
</properties>

Configure Sonar to exclude files from Maven pom.xml

7 Answers7

Linked