File exclusions
All versions of SonarQube for IDE will fetch file exclusions from SonarQube (Server, Cloud) or SonarQube Community Build when you bind a project while running in connected mode. Locally defined file exclusions will be ignored when running in connected mode. Check the SonarQube Server, SonarQube Cloud, and SonarQube Community Build documentation for information about defining your Analysis scope.
File exclusions in the IDE
When running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, SonarQube for IDE will ignore local exclusions and fetch file exclusions from the SonarQube (Server, Cloud) server.
Defining file exclusions locally in SonarQube for VS Code is possible in versions 3.22 and newer.
Defining file exclusions
The sonarlint.analysisExcludesStandalone property is a simple way to locally exclude files from your analysis and can be used to configure wildcard patterns for files that only SonarQube for IDE will exclude. For example:
- The glob pattern
**/file[1-3].py - will exclude
file1.py,file2.pyandfile3.py
Go to VS Code Manage > Settings > Workspace (or Code > Settings... > Settings [⌘,] in macOS) and search sonarlint.analysisExcludesStandalone to add your exclusion patterns.
A second exclusion method configures VS Code to exclude files from your workspace; however, this may have unintended consequences such as files disappearing from the VS Code Explorer view.
To use VS Code’s file exclusions, go to VS Code Manage > Settings > Workspace (or Code > Settings... > Settings [⌘,] in macOS), search Files: Exclude and select Add Pattern. The Workspace setting has information about how VS Code uses wildcard patterns to manage exclusions in the editor.
Wildcard patterns
The recognized path-matching patterns are case-sensitive and defined using the following wildcards:
*Match zero or more characters (not including the directory delimiter,/).**Match zero or more directory segments or files within the path.?Match a single character (not including the directory delimiter,/).
Wildcard examples
- The pattern
**/*.css- matches
anyDirectory/anyFile.css - doesn't match
org/sonar.api/MyBean.java
- matches
- The pattern
**/*Bean.java- matches
org/sonar.api/MyBean.java - doesn't match
org/sonar.api/mybean.javaororg/sonar/util/MyDTO.java
- matches
- The pattern
**/*Bean?.java- matches
org/sonar/util/MyOtherBean1.java - doesn't match
org/sonar/util/MyOtherBean.java
- matches
- The pattern
org/sonar/*- matches
org/sonar/MyClass.java - doesn't match
org/sonar/util/MyClassUtil.java
- matches
- The pattern
org/sonar/**/*is equivalent toorg/sonar/**and- matches
org/sonar/anyDirectory/anyFile - matches
org/sonar/MyClass.java - doesn't match
org/radar/MyClass.java
- matches
The use of ? to match a single character is available in SonarQube for VS Code v4.0+.
Note that when running in connected mode, only the file exclusions defined on the server are respected.
When running a local analysis for Security hotspots, which requires using connected mode, it is possible to omit some files and folders from the project analysis. Because you are in Connected mode, a requirement to detect security hotspots in SonarQube for IDE, exclusions defined in VS Code will be ignored.
Check the documentation on Reporting security hotspots In the Whole Folder for those details.
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
