Visual Studio | Using SonarQube for IDE | File exclusions

File exclusions

All versions of SonarQube for IDE will fetch file exclusions from SonarQube (Server, Cloud) or SonarQube Community Build when you bind a project while running in connected mode. Locally defined file exclusions will be ignored when running in connected mode. Check the SonarQube Server, SonarQube Cloud, and SonarQube Community Build documentation for information about defining your Analysis scope.

File exclusions in the IDE

When running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, SonarQube for IDE will ignore local exclusions and fetch file exclusions from the SonarQube (Server, Cloud) server.

Defining file exclusions locally in SonarQube for Visual Studio is possible in versions 8.16 and newer.

Defining file exclusions

The sonarlint.analysisExcludesStandalone property is a simple way to locally exclude files from your analysis and can be used to configure wildcard exclusion patterns in SonarQube for Visual Studio. The local file exclusions and exclusion patterns defined in the setting.json file where you apply rule exclusions.

When analyzing C# and VB.NET files, exclusions will be applied on the next analysis run by the Roslyn analyzers.

Navigate to the SonarQube For Visual Studio > Options > General window and select Edit Settings to open your settings.json file.

settings.json file format and location

The settings.json file is stored in your user's roaming profile %APPDATA%\SonarLint for Visual Studio. It applies to all supported versions of Visual Studio. If the machine is domain-joined, then the settings file will be automatically copied to any other machine in the domain that the user logs on to.

See this example as a format sample of your settings.json file. It changes the parameters on a few rules, and at the end, excludes any files matching *Interface.cs plus everything in the org/sonar/* directory.

{
 "sonarlint.rules": {
   "c:S1135": {
     "level": "On"
   },
   "cpp:S1199": {
     "level": "Off"
   },
   "cpp:SingleGotoOrBreakPerIteration": {
     "level": "On",
     "parameters": {
       "maxNumberOfTerminationStatements": "1"
     }
   },
   "javascript:S1135": {
     "level": "Off"
   },
   "typescript:S1854": {
     "level": "On"
   }
 }
  "sonarlint.analysisExcludesStandalone": "**/*Interface.cs,org/sonar/*"
}

Wildcard patterns

The recognized path-matching patterns are case-sensitive and defined using the following wildcards:

* Match zero or more characters (not including the directory delimiter, / ).
** Match zero or more directory segments or files within the path.
? Match a single character (not including the directory delimiter, / ).

Wildcard examples

The pattern **/*.css
- matches anyDirectory/anyFile.css
- doesn't match org/sonar.api/MyBean.java
The pattern **/*Bean.java
- matches org/sonar.api/MyBean.java
- doesn't match org/sonar.api/mybean.java or org/sonar/util/MyDTO.java
The pattern **/*Bean?.java
- matches org/sonar/util/MyOtherBean1.java
- doesn't match org/sonar/util/MyOtherBean.java
The pattern org/sonar/*
- matches org/sonar/MyClass.java
- doesn't match org/sonar/util/MyClassUtil.java
The pattern org/sonar/**/* is equivalent to org/sonar/** and
- matches org/sonar/anyDirectory/anyFile
- matches org/sonar/MyClass.java
- doesn't match org/radar/MyClass.java

The use of ? to match a single character is available in SonarQube for Visual Studio.

Note that when running in connected mode, only the file exclusions defined on the server are respected.

When running a local analysis for Security hotspots, which requires using connected mode, it is possible to omit some folders from the project analysis. Because you are in Connected mode, a requirement to detect security hotspots in SonarQube for IDE, exclusions defined in Visual Studio will be ignored.

Check the documentation on Security hotspots for those details.

Retrieving exclusions from the server

File exclusions

When running in connected mode, SonarQube for Visual Studio will fetch file exclusions from SonarQube Server or SonarQube Cloud when you bind a project. These settings are saved to a file named sonar.settings.json.

Note that in SonarLint for Visual Studio 7.0, the settings file was moved outside of the solution directory; please check the Legacy Connected Mode article on the Previous versions page for information about the settings file in versions 6.16 and older.

For more information about how SonarQube for Visual Studio settings are handled by the server, see the SonarQube Server, SonarQube Cloud, or SonarQube Community Build documentation on setting your analysis scope.

File exclusions, if you have any, must be defined on the SonarQube Server or Cloud server.

Known limitations for file exclusions:

Supported Languages: C# & VB (.NET support in SonarLint v6.15+), C, C++, CSS, JavaScript, TypeScript, and Secrets.
Patterns should start with **/
Multicriteria and Test exclusions are not supported. SonarQube for Visual Studio only supports Global Source File Exclusions, Source File Exclusions, and Source File Inclusions when setting the analysis scope. For more information about file inclusion and exclusion, see the pages about file inclusion and exclusion in the SonarQube Server, SonarQube Cloud, or SonarQube Community Build documentation.

Was this page helpful?

File exclusions

On this page

.css-215hmj{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity, 1));}File exclusions in the IDE.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

Defining file exclusions

settings.json file format and location.css-p7dib0{width:1.75rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-p7dib0:hover{fill:#290042;}

Wildcard patterns

Wildcard examples

Retrieving exclusions from the server

File exclusions in the IDE

settings.json file format and location