Configure Sonar to exclude files from Maven pom.xml

I have a project configured in maven and the code analysis is done by SonarQube.

I am trying to configure SonarQube in the pom.xml file to exclude a few files from the code analysis. Those files can be identified by their class names, they contain the underscore character before the extension (they are metamodel classes). Below I give the part of the pom.xml file where I try to exclude them:

<plugin>
	<groupId>org.codehaus.mojo</groupId>
	<artifactId>sonar-maven-plugin</artifactId>
	<version>2.2</version>
	<configuration>
		<sonar.sources>src/main/java</sonar.sources>
		<sonar.exclusions>file:**/src/main/java/**/*_.*</sonar.exclusions>
	</configuration>
</plugin>

However, the above code does not work. Is there a way to configure SonarQube from my pom.xml file to ignore those files when analysing the source code?

Thank you in advance.

Sonar exclusions (like other sonar properties) have to be added to the <properties> section of the POM file. Like so (example from excluding jOOQ autogenerated code from current project):

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <sonar.host.url>http://www.example.com/</sonar.host.url>
    <sonar.jdbc.url>jdbc:postgresql://www.example.com/sonar</sonar.jdbc.url>
    <sonar.jdbc.driver>org.postgresql.Driver</sonar.jdbc.driver>
    <sonar.jdbc.username>sonar</sonar.jdbc.username>
    <sonar.jdbc.password>sonar</sonar.jdbc.password>
    <sonar.exclusions>org/binarytherapy/generated/**/*, **/GuiceBindComposer.java</sonar.exclusions>
    <sonar.dynamic>reuseReports</sonar.dynamic>
</properties>

classes/packages mentioned in <sonar.exclusions> excludes the given classes from all static analysis by Sonar, however <sonar.coverage.exclusions> excludes given classes/packages only from coverage, and still be analyzed for other parameters.

<properties>
    <sonar.coverage.exclusions>
        **/domain/**/*,
        **/pojos/*
    </sonar.coverage.exclusions>
</properties>

Reference:

• https://docs.sonarqube.org/display/SONAR/Analysis+Parameters#AnalysisParameters-Exclusions/Inclusions

Source:

• https://docs.sonarqube.org/display/SONAR/Narrowing+the+Focus#NarrowingtheFocus-IgnoreCodeCoverage
• https://docs.sonarqube.org/display/SONAR/Analysis+Parameters#AnalysisParameters-Exclusions/Inclusions
• https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Maven#AnalyzingwithSonarQubeScannerforMaven-ExcludingamodulefromSonarQubeanalysis

When doing your Sonar exclusions as shown in the accepted answer, make sure you follow this pattern approach from the SonarQube documentation:

> Relative paths are based on the fully qualified name of the component (like the one displayed below):

src/main/java/org/sonar/batch/phases/AbstractPhaseEvent.java

Examples:

# Exclude all classes ending with "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, etc.
**/*Bean.java

# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
src/main/java/org/sonar/*

# Exclude all files in the "bank" directory and its sub-directories
# Matches bank/ZTR00021.cbl, bank/data/CBR00354.cbl, bank/data/REM012345.cob
bank/**/*

# Exclude all COBOL programs in the "bank" directory and its sub-directories whose extension is .cbl
# Matches bank/ZTR00021.cbl, bank/data/CBR00354.cbl
bank/**/*.cbl

So if you want to exclude all classes ending with "Bean" and all classes in the "src/main/java/org/sonar" directory (but not in its sub-directories) add the following sonar.exclusions property to the pom's properties:

<properties>
  ...
  <sonar.exclusions>**/*Bean.java,src/main/java/org/sonar/*</sonar.exclusions>
</properties>

There are three ways to do.

1. You can add these files to the properties in your pom.xml:
   This one is to exclude from code duplication:

<properties>
    <sonar.cpd.exclusions>
        **/dto/**/*,
        **/entity/**/*
    </sonar.cpd.exclusions>
</properties>

2. Using pom.xml
   We can also define exclusion rules in the pom.xml file using analysis properties.

<properties>
<sonar.issue.ignore.multicriteria>e1</sonar.issue.ignore.multicriteria>
    <sonar.issue.ignore.multicriteria.e1.ruleKey>
        java:S4784
    </sonar.issue.ignore.multicriteria.e1.ruleKey>
    <sonar.issue.ignore.multicriteria.e1.resourceKey>
        **/commons/**/*
    </sonar.issue.ignore.multicriteria.e1.resourceKey>
</properties>

3. Using sonar-project.properties
   We can also define exclusion rules in the sonar-project.properties file using analysis properties.Let's define and add the sonar-project.properties file to our resource dir:

sonar.issue.ignore.multicriteria=e1
sonar.issue.ignore.multicriteria.e1.ruleKey=java:S106
sonar.issue.ignore.multicriteria.e1.resourceKey=**/SonarExclude.java

how we can see the rule Key from sonarqube

> We have to add below code in maven settings.xml file

       <profile>
                <id>sonar</id>
                <activation>
                    <activeByDefault>true</activeByDefault>
                </activation>     
           <properties>
               <sonar.host.url>http://localhost:9000</sonar.host.url>
             
               <sonar.exclusions>
               # exclude more class under same package
                  src/main/java/co/domain/*,
                  src/main/java/co/util/JsonMapper.java
            
               # exclude individual class
                  src/main/java/co/util/ProviderCallBuilder.java
               </sonar.exclusions>
            </properties>
       </profile>

I was using sonar to analyse PHP code base. Both <sonar.exclusions> and <sonar.coverage.exclusions> didn't do the trick. My solution is - Instead of specifying the exclusions, I ended up specifying the inclusion directories as below:

<properties>
  .........
  <sonar.exclusions>./app/models,./app/controllers</sonar.exclusions>
  .........
</properties>