File exclusions

How to exclude files from analysis when using SonarQube for VS Code IDE.

All versions of SonarQube for IDE will fetch file exclusions from SonarQube (Server, Cloud) or SonarQube Community Build when you bind a project while running in connected mode. Locally defined file exclusions will be ignored when running in connected mode. For more information about how SonarQube for Visual Studio settings are handled by the server, look at the server documentation on setting your analysis scope:

File exclusions in the IDE

When running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, SonarQube for IDE will ignore local exclusions and fetch file exclusions from the SonarQube (Server, Cloud) server.

Defining file exclusions locally in SonarQube for VS Code is possible in versions 3.22 and newer.

Defining file exclusions

The sonarlint.analysisExcludesStandalone property is a simple way to locally exclude files from your analysis and can be used to configure wildcard patterns for files that only SonarQube for IDE will exclude. For example:

  • The glob pattern **/file[1-3].py

  • will exclude file1.py, file2.py and file3.py

Go to VS Code Manage > Settings > Workspace (or Code > Settings… > Settings [⌘,] in macOS) and search sonarlint.analysisExcludesStandalone to add your exclusion patterns.

Check that you have selected "Sonarlint: Analysis Excludes Standalone" in your Workspace settings.

A second exclusion method configures VS Code to exclude files from your workspace; however, this may have unintended consequences such as files disappearing from the VS Code Explorer view.

To use VS Code’s file exclusions, go to VS Code Manage > Settings > Workspace (or Code > Settings… > Settings [⌘,] in macOS), search Files: Exclude and select Add Pattern. The Workspace setting has information about how VS Code uses wildcard patterns to manage exclusions in the editor.

You can add exclusion patterns via the VS Code Workspace setting by searching for "Files: Exclude"

Note that when running in connected mode, only the file exclusions defined on the server are respected.

When running a local analysis for security hotspots, which requires using connected mode, it is possible to omit some files and folders from the project analysis. Because you are in Connected mode, a requirement to detect security hotspots in SonarQube for IDE, exclusions defined in VS Code will be ignored.

Check the documentation on Reporting security hotspots In the Whole Folder for those details.

Wildcard patterns

The recognized path-matching patterns are case-sensitive and defined using the following wildcards:

  • * Match zero or more characters (not including the directory delimiter, / ).

  • ** Match zero or more directory segments or files within the path.

  • ? Match a single character (not including the directory delimiter, / ).

Wildcard examples

  • The pattern **/*.css

    • matches anyDirectory/anyFile.css

    • doesn’t match org/sonar.api/MyBean.java

  • The pattern **/*Bean.java

    • matches org/sonar.api/MyBean.java

    • doesn’t match org/sonar.api/mybean.java or org/sonar/util/MyDTO.java

  • The pattern **/*Bean?.java

    • matches org/sonar/util/MyOtherBean1.java

    • doesn’t match org/sonar/util/MyOtherBean.java

  • The pattern org/sonar/*

    • matches org/sonar/MyClass.java

    • doesn’t match org/sonar/util/MyClassUtil.java

  • The pattern org/sonar/**/* is equivalent to org/sonar/** and

    • matches org/sonar/anyDirectory/anyFile

    • matches org/sonar/MyClass.java

    • doesn’t match org/radar/MyClass.java

The use of ? to match a single character is available in SonarQube for VS Code v4.0+.

PreviousDependency risksNextTroubleshooting

Last updated

Was this helpful?