Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SONARJAVA-5417 Exclude test fixtures from SCA analysis #5062

Merged
merged 3 commits into from
Mar 28, 2025
Merged

SONARJAVA-5417 Exclude test fixtures from SCA analysis #5062

merged 3 commits into from
Mar 28, 2025

Conversation

tradiff
Copy link
Contributor

@tradiff tradiff commented Mar 20, 2025
edited
Loading

SONARJAVA-5417

Update the CI SCA configuration to exclude a few directories that appear to contain test fixtures. Since test fixtures are generally not relevant for SCA, this change should help remove false positives and improve scan performance.

If these exclusions don't quite match your needs, I'm happy to further adjust the PR. Alternatively, code owners can choose to close this PR and create your own PR. Ultimately, you have the final say on which files should be analyzed for SCA.

After this change, the following files will be analyzed by SCA:

check-list/maven-dependency-tree.txt
docs/java-custom-rules-example/maven-dependency-tree.txt
docs/java-custom-rules-example/pom.xml
docs/maven-dependency-tree.txt
docs/pom.xml
external-reports/maven-dependency-tree.txt
external-reports/pom.xml
its/autoscan/maven-dependency-tree.txt
its/autoscan/pom.xml
its/maven-dependency-tree.txt
its/plugin/maven-dependency-tree.txt
its/plugin/plugins/java-extension-plugin/maven-dependency-tree.txt
its/plugin/plugins/java-extension-plugin/pom.xml
its/plugin/plugins/maven-dependency-tree.txt
its/plugin/plugins/pom.xml
its/plugin/pom.xml
its/plugin/tests/maven-dependency-tree.txt
its/plugin/tests/pom.xml
its/pom.xml
its/ruling/maven-dependency-tree.txt
its/ruling/pom.xml
java-checks-aws/maven-dependency-tree.txt
java-checks-aws/pom.xml
java-checks-common/maven-dependency-tree.txt
java-checks-common/pom.xml
java-checks-test-sources/aws/maven-dependency-tree.txt
java-checks-test-sources/aws/pom.xml
java-checks-test-sources/default/maven-dependency-tree.txt
java-checks-test-sources/default/pom.xml
java-checks-test-sources/java-17/maven-dependency-tree.txt
java-checks-test-sources/java-17/pom.xml
java-checks-test-sources/maven-dependency-tree.txt
java-checks-test-sources/pom.xml
java-checks-test-sources/spring-3.2/maven-dependency-tree.txt
java-checks-test-sources/spring-3.2/pom.xml
java-checks-test-sources/test-classpath-reader/maven-dependency-tree.txt
java-checks-test-sources/test-classpath-reader/pom.xml
java-checks-testkit/maven-dependency-tree.txt
java-checks-testkit/pom.xml
java-checks/maven-dependency-tree.txt
java-checks/pom.xml
java-frontend/maven-dependency-tree.txt
java-frontend/pom.xml
java-jsp/maven-dependency-tree.txt
java-jsp/pom.xml
java-surefire/maven-dependency-tree.txt
java-surefire/pom.xml
java-symbolic-execution/java-symbolic-execution-checks-test-sources/maven-dependency-tree.txt
java-symbolic-execution/java-symbolic-execution-checks-test-sources/pom.xml
java-symbolic-execution/java-symbolic-execution-plugin/maven-dependency-tree.txt
java-symbolic-execution/java-symbolic-execution-plugin/pom.xml
java-symbolic-execution/maven-dependency-tree.txt
java-symbolic-execution/pom.xml
maven-dependency-tree.txt
pom.xml
sonar-java-plugin/maven-dependency-tree.txt
sonar-java-plugin/pom.xml

@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title Exclude test fixtures from SCA analysis SONARJAVA-5417 Exclude test fixtures from SCA analysis Mar 20, 2025
@tradiff tradiff marked this pull request as ready for review March 20, 2025 20:04
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@alban-auzeill alban-auzeill merged commit 903ff5f into master Mar 28, 2025
18 checks passed
@alban-auzeill alban-auzeill deleted the tc/sca-exclude-test-fixtures branch March 28, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alban-auzeill alban-auzeill alban-auzeill approved these changes

@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource Awaiting requested review from leonardo-pilastri-sonarsource

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tradiff @alban-auzeill @leonardo-pilastri-sonarsource