File exclusions
All versions of SonarQube for IDE will fetch file exclusions from SonarQube (Server, Cloud) or SonarQube Community Build when you bind a project or update a binding while running in connected mode. Check the SonarQube Sever, SonarQube Cloud, and SonarQube Community Build documentation for information about defining your Analysis scope.
File exclusions in the IDE
When running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, SonarQube for IDE will ignore local exclusions and fetch file exclusions from the SonarQube (Server, Cloud) server.
Defining file exclusions locally in SonarQube for VS Code is possible in versions 3.22 and newer.
Defining file exclusions
The sonarlint.analysisExcludesStandalone property is a simple way to locally exclude files from your analysis and can be used to configure wildcard patterns for files that only SonarQube for IDE will exclude. For example:
- The glob pattern
**/file[1-3].py - will exclude
file1.py,file2.pyandfile3.py
Go to VS Code Manage > Settings > Workspace and search sonarlint.analysisExcludesStandalone to add your exclusion patterns.
A second exclusion method configures VS Code to exclude files from your workspace; however, this may have unintended consequences such as files disappearing from the VS Code Explorer view.
To use VS Code’s file exclusions, go to VS Code Manage > Settings > Workspace, search File: Exclude and select Add Pattern. The Workspace setting has information about how VS Code uses wildcard patterns to manage exclusions in the editor.
Wildcard patterns
The recognized path-matching patterns are case-sensitive and defined using the following wildcards:
*Match zero or more characters (not including the directory delimiter,/).**Match zero or more directory segments or files within the path.?Match a single character (not including the directory delimiter,/).
Wildcard examples
- The pattern
**/*.css- matches
anyDirectory/anyFile.css - doesn't match
org/sonar.api/MyBean.java
- matches
- The pattern
**/*Bean.java- matches
org/sonar.api/MyBean.java - doesn't match
org/sonar.api/mybean.javaororg/sonar/util/MyDTO.java
- matches
- The pattern
**/*Bean?.java- matches
org/sonar/util/MyOtherBean1.java - doesn't match
org/sonar/util/MyOtherBean.java
- matches
- The pattern
org/sonar/*- matches
org/sonar/MyClass.java - doesn't match
org/sonar/util/MyClassUtil.java
- matches
- The pattern
org/sonar/**/*is equivalent toorg/sonar/**and- matches
org/sonar/anyDirectory/anyFile - matches
org/sonar/MyClass.java - doesn't match
org/radar/MyClass.java
- matches
The use of ? to match a single character is available in SonarQube for VS Code v4.0+.
Note that when running a local analysis for Security hotspots, it is possible to omit some folders from the project analysis. Because the use of Connected mode is required to detect security hotspots in SonarQube for IDE, only the file exclusions defined on the server will be respected; exclusions defined in VS Code will be ignored.
Check the documentation on Reporting security hotspots In the Whole Folder for those details.
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
