sonar-project.properties

# Customize sonar.sources, sonar.exclusions, sonar.coverage.exclusions, sonar.tests and sonar
# unit test coverage reports based on your solutions

# Refer to https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
# for details on sources and exclusions. Note also .gitignore
#
sonar.sources=source, deployment

# Focusing sonarqube analysis on non test code first and reducing noise from analysis of test code. Projects
# can customize the exclusions to include analyzing of test code if desired
sonar.exclusions= **/dist/**, \
  deployment/**

# Code coverage Specific Properties
sonar.coverage.exclusions= **/jest.config.js, \
  **/test/**, \
  **/test*, \
  source/demo-ui/**, \
  source/constructs/bin/constructs.ts

# Ignoring duplications
sonar.cpd.exclusions=source/image-handler/test/**/*.ts, \
  source/custom-resource/test/*.ts

# Ignoring following issues, false warnings
sonar.issue.ignore.multicriteria=e1, e2, e3, e4, e5, e6, e7, e8

# Enabling Cross-Origin Resource Sharing is security-sensitive.
sonar.issue.ignore.multicriteria.e1.ruleKey=typescript:S5122
sonar.issue.ignore.multicriteria.e1.resourceKey=source/image-handler/test/index.spec.ts

# Enabling Cross-Origin Resource Sharing is security-sensitive.
sonar.issue.ignore.multicriteria.e2.ruleKey=typescript:S5122
sonar.issue.ignore.multicriteria.e2.resourceKey=source/constructs/lib/serverless-image-stack.ts

# Enabling Cross-Origin Resource Sharing is security-sensitive.
sonar.issue.ignore.multicriteria.e3.ruleKey=typescript:S5122
sonar.issue.ignore.multicriteria.e3.resourceKey=source/image-handler/index.ts

# Using regular expressions is security-sensitive.
sonar.issue.ignore.multicriteria.e4.ruleKey=typescript:S4784
sonar.issue.ignore.multicriteria.e4.resourceKey=source/image-handler/thumbor-mapper.ts

# Hashing data is security-sensitive
sonar.issue.ignore.multicriteria.e5.ruleKey=typescript:S4790
sonar.issue.ignore.multicriteria.e5.resourceKey=source/custom-resource/index.ts

# Hashing data is security-sensitive
sonar.issue.ignore.multicriteria.e6.ruleKey=typescript:S4790
sonar.issue.ignore.multicriteria.e6.resourceKey=source/demo-ui/scripts.js

# Using regular expressions is security-sensitive.
sonar.issue.ignore.multicriteria.e7.ruleKey=typescript:S4784
sonar.issue.ignore.multicriteria.e7.resourceKey=source/image-handler/image-request.ts

# Using regular expressions is security-sensitive.
sonar.issue.ignore.multicriteria.e8.ruleKey=javascript:S4784
sonar.issue.ignore.multicriteria.e8.resourceKey=source/demo-ui/scripts.js

# Sensor SonarJS Coverage [javascript] was not allowing globbing
# for sonar.javascript.lcov.reportPaths such as this
#    source/test/coverage-reports/jest/*/lcov.info
# so we have to provide an explicit list of reportPaths
sonar.javascript.lcov.reportPaths= \
  source/test/coverage-reports/jest/constructs/lcov.info, \
  source/test/coverage-reports/jest/custom-resource/lcov.info, \
  source/test/coverage-reports/jest/image-handler/lcov.info

# Encoding of the source files
sonar.sourceEncoding=UTF-8