sonar-dotnet NET-1809 Consider the configured file exclusions when doing the analysis

When file exclusions are configured we do analyze the files, generate the metrics, and later raise warnings since they are not part of the analysis context.

Source: https://community.sonarsource.com/t/improvement-dont-log-does-not-exist-in-the-analysis-context-warnings-for-excluded-files/73799

Nov 08 '22 11:11 costin-zaharia-sonarsource

Any progress here? We're still having Thousands of warnings just because we excluded a folder.

Feb 10 '23 12:02 devopsjam

Hi @devopsjam, we did not have yet any progress on this front.

Feb 10 '23 13:02 costin-zaharia-sonarsource

@costin-zaharia-sonarsource Isn't this done now?

Aug 15 '23 14:08 pavel-mikula-sonarsource

@pavel-mikula-sonarsource This is done only in the context of SonarLint. When using the scanner, it doesn't work yet since we don't have the project root path in the analyzer.

We should plan a sprint for this. Maybe 2024 Q1?

Aug 18 '23 08:08 costin-zaharia-sonarsource

Any updates?

Apr 27 '24 14:04 bdovaz

Hi @bdovaz, I have no news yet. Probably, it will not happen in Q2 this year.

Apr 29 '24 07:04 costin-zaharia-sonarsource

Hi @costin-zaharia-sonarsource do you have any update on this?

Sep 05 '24 02:09 CodersaurusRex

Hello, any progress on this? Or perhaps some workaround?

Oct 01 '24 11:10 skatanski

@costin-zaharia-sonarsource Do you have any update on this issue? It has been 2 years since it was raised - it feels like that would be enough time to plan to fix it.... Thanks

Oct 22 '24 12:10 tbutler-qontigo

This would be a great improvement, specially considering the warnings that appear from auto-generated files like RegexGenerator.g.cs and LoggerMessage.g.cs that we have little control of.

Jan 09 '25 12:01 rbgarcia

Grpc.Tools generate deliberately empty .cs files.

Those files produce warnings and excluding those files still produces warnings.

Very frustrating experience.

Jan 21 '25 11:01 jwfx

The generated files seems like an unrelated problem. Do you intentionally analyze generated files? As those, by default, would not be analyzed and therefore should not raise warnings.

Jan 21 '25 12:01 pavel-mikula-sonarsource

These files seem totally generic and are placed in the obj folder. Neither their filename or their content (which is empty) give any indication about them being generated, so I suspect sonar doesn't catch them.

E.g.: \obj\Debug\netstandard2.0\Protos\FileGrpc.cs

Jan 21 '25 12:01 jwfx

Should be trivial to exclude anything in the obj folder from ever being analyzed. I can't think of any reason to examine anything there - it is intermediate build output and as such should not be relevant to source code analysis IMO

Jan 21 '25 12:01 tbutler-qontigo

Should be trivial to exclude anything in the obj folder from ever being analyzed. I can't think of any reason to examine anything there - it is intermediate build output and as such should not be relevant to source code analysis IMO

It's relevant when analysis of generated files is turned on. Form Roslyn's (or analysis in general) point of view, the content of obj doesn't differ from any other directory.

To improve general generated-code detection based also on the obj/ directory (or wherever it was redirected in custom scenarios) is interesting idea. cc @denis-troller

Jan 21 '25 12:01 pavel-mikula-sonarsource

Should be trivial to exclude anything in the obj folder from ever being analyzed. I can't think of any reason to examine anything there - it is intermediate build output and as such should not be relevant to source code analysis IMO

Sure is and I got it working, but that brings us back to this issue about being spammed by warnings despite configured excludes.

Jan 21 '25 12:01 jwfx

Should be trivial to exclude anything in the obj folder from ever being analyzed. I can't think of any reason to examine anything there - it is intermediate build output and as such should not be relevant to source code analysis IMO

It's relevant when analysis of generated files is turned on. Form Roslyn's (or analysis in general) point of view, the content of obj doesn't differ from any other directory.

Ok so when analysis of generated files is turned off then you should be able to simply ignore the obj folder completely and that should satisfy most users right?
Unless you think that most people have analysis of generated code turned on?

thanks

Jan 21 '25 12:01 tbutler-qontigo

Should be trivial to exclude anything in the obj folder from ever being analyzed. I can't think of any reason to examine anything there - it is intermediate build output and as such should not be relevant to source code analysis IMO

Sure is and I got it working, but that brings us back to this issue about being spammed by warnings despite configured excludes.

I meant for Sonar to exclude this - I agree for users, it is not a good experience being spammed about useless files we don't care about which are not meant to be included anyway

Jan 21 '25 12:01 tbutler-qontigo

Moved to NET-1809

Jun 06 '25 07:06 pavel-mikula-sonarsource

@pavel-mikula-sonarsource tells me that I don't have access. Are tickets private in Jira?

Jun 06 '25 09:06 bdovaz

I'll reopen this one so you get an update here once it's done. We've generally left open mainly FPs and moved most of the tooling/improvement ones

Jun 06 '25 14:06 pavel-mikula-sonarsource

We have close to 10MB logs due to this warning. Would be nice to get rid of it.

Nov 11 '25 08:11 manuel-rw

This issue causes problems with multi language analysis of projects (C# and NodeJS) because it scans all the node_modules subfolders and in a sufficiently large project causes github actions to report a timeout.

It would be nice to have this issue resolved expecially since it's been reported 3 years ago now

Dec 11 '25 08:12 rubenmamo