Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SONARJAVA-5417 Exclude test fixtures from SCA analysis #5062

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

SONARJAVA-5417 Exclude test fixtures from SCA analysis #5062

wants to merge 3 commits into from
+1 −1

Conversation

tradiff
Copy link

@tradiff tradiff commented Mar 20, 2025
edited
Loading

SONARJAVA-5417

Update the CI SCA configuration to exclude a few directories that appear to contain test fixtures. Since test fixtures are generally not relevant for SCA, this change should help remove false positives and improve scan performance.

If these exclusions don't quite match your needs, I'm happy to further adjust the PR. Alternatively, code owners can choose to close this PR and create your own PR. Ultimately, you have the final say on which files should be analyzed for SCA.

After this change, the following files will be analyzed by SCA:

check-list/maven-dependency-tree.txt
docs/java-custom-rules-example/maven-dependency-tree.txt
docs/java-custom-rules-example/pom.xml
docs/maven-dependency-tree.txt
docs/pom.xml
external-reports/maven-dependency-tree.txt
external-reports/pom.xml
its/autoscan/maven-dependency-tree.txt
its/autoscan/pom.xml
its/maven-dependency-tree.txt
its/plugin/maven-dependency-tree.txt
its/plugin/plugins/java-extension-plugin/maven-dependency-tree.txt
its/plugin/plugins/java-extension-plugin/pom.xml
its/plugin/plugins/maven-dependency-tree.txt
its/plugin/plugins/pom.xml
its/plugin/pom.xml
its/plugin/tests/maven-dependency-tree.txt
its/plugin/tests/pom.xml
its/pom.xml
its/ruling/maven-dependency-tree.txt
its/ruling/pom.xml
java-checks-aws/maven-dependency-tree.txt
java-checks-aws/pom.xml
java-checks-common/maven-dependency-tree.txt
java-checks-common/pom.xml
java-checks-test-sources/aws/maven-dependency-tree.txt
java-checks-test-sources/aws/pom.xml
java-checks-test-sources/default/maven-dependency-tree.txt
java-checks-test-sources/default/pom.xml
java-checks-test-sources/java-17/maven-dependency-tree.txt
java-checks-test-sources/java-17/pom.xml
java-checks-test-sources/maven-dependency-tree.txt
java-checks-test-sources/pom.xml
java-checks-test-sources/spring-3.2/maven-dependency-tree.txt
java-checks-test-sources/spring-3.2/pom.xml
java-checks-test-sources/test-classpath-reader/maven-dependency-tree.txt
java-checks-test-sources/test-classpath-reader/pom.xml
java-checks-testkit/maven-dependency-tree.txt
java-checks-testkit/pom.xml
java-checks/maven-dependency-tree.txt
java-checks/pom.xml
java-frontend/maven-dependency-tree.txt
java-frontend/pom.xml
java-jsp/maven-dependency-tree.txt
java-jsp/pom.xml
java-surefire/maven-dependency-tree.txt
java-surefire/pom.xml
java-symbolic-execution/java-symbolic-execution-checks-test-sources/maven-dependency-tree.txt
java-symbolic-execution/java-symbolic-execution-checks-test-sources/pom.xml
java-symbolic-execution/java-symbolic-execution-plugin/maven-dependency-tree.txt
java-symbolic-execution/java-symbolic-execution-plugin/pom.xml
java-symbolic-execution/maven-dependency-tree.txt
java-symbolic-execution/pom.xml
maven-dependency-tree.txt
pom.xml
sonar-java-plugin/maven-dependency-tree.txt
sonar-java-plugin/pom.xml

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Exclude test fixtures from SCA analysis SONARJAVA-5417 Exclude test fixtures from SCA analysis Mar 20, 2025
@tradiff tradiff marked this pull request as ready for review March 20, 2025 20:04
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource

@alban-auzeill alban-auzeill

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tradiff @leonardo-pilastri-sonarsource