Skip to content

Exclude Gradle samples from SCA analysis to avoid FPs#640

Merged
jonas-wielage-sonarsource merged 1 commit intomasterfrom
exclude-gradle-samples-from-sca
Apr 10, 2026
Merged

Exclude Gradle samples from SCA analysis to avoid FPs#640
jonas-wielage-sonarsource merged 1 commit intomasterfrom
exclude-gradle-samples-from-sca

Conversation

@leveretka
Copy link
Copy Markdown
Contributor

@leveretka leveretka commented Oct 2, 2025

No description provided.

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented Oct 2, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@Godin Godin self-assigned this Jan 7, 2026
@Godin Godin marked this pull request as draft January 7, 2026 09:32
@jonas-wielage-sonarsource jonas-wielage-sonarsource force-pushed the exclude-gradle-samples-from-sca branch from 9bbdaa2 to 415ebef Compare April 10, 2026 12:38
@jonas-wielage-sonarsource jonas-wielage-sonarsource marked this pull request as ready for review April 10, 2026 12:38
@jonas-wielage-sonarsource jonas-wielage-sonarsource enabled auto-merge (squash) April 10, 2026 12:39
@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented Apr 10, 2026
edited
Loading

Summary

This PR adds **/samples/** to SonarQube's Software Composition Analysis (SCA) exclusions in build.gradle.kts. This prevents the SCA scanner from analyzing Gradle sample/example code, which can generate false positives since samples are not part of the production codebase and often deliberately use simplified or outdated patterns for educational purposes.

What reviewers should know

Where to look: Single line change in build.gradle.kts (line 241) in the sonarqube configuration block, specifically the sonar.sca.exclusions property.

Context: The change aligns with the existing exclusion pattern for other non-production code (**/its/** for integration tests and **/kotlin-checks-test-sources/** for test sources). This is a common practice to focus SCA scanning on actual dependencies used in production.

What to verify: Confirm that **/samples/** correctly captures all sample/example directories in the Gradle project structure that should be excluded from SCA analysis.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented Apr 10, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@jonas-wielage-sonarsource jonas-wielage-sonarsource merged commit 16928c5 into master Apr 10, 2026
7 of 8 checks passed
@jonas-wielage-sonarsource jonas-wielage-sonarsource deleted the exclude-gradle-samples-from-sca branch April 10, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonas-wielage-sonarsource jonas-wielage-sonarsource jonas-wielage-sonarsource approved these changes

Assignees

@Godin Godin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leveretka @jonas-wielage-sonarsource @Godin