Skip to main content

Creating Exclusion Patterns for Scan Profiles

Code Insight provides the ability to create exclusion patterns for use in your scans and to add them to your scan profile in Create (or Edit) Scan Profile page. This section provides information about the syntax required when creating exclusion patters and examples of valid exclusion patterns.

Code Insight uses Apache Ant path-style syntax to exclude files during scanning. Patterns are paths that are relative to a base directory. Only files found in or below the base directory are considered for exclusion. For in-depth information about ant exclusion patterns, refer to Directory-based Tasks on the external Apache Ant Project website.

note

Exclusion patterns are not validated.

Using the Single Asterisk (*) and Question Mark (?)

Using a single asterisk (*) matches zero or more characters in a single file name or directory name. Using the question mark (?) matches one character.

If you create an exclusion pattern of *.xml, and add it to the list of Scan Exclusions, your scan will exclude files such as x.xml, FooBar.xml, and codeinsight.xml, but not codeinsight.jar because it does not end with .xml. In other words, codeinsight.jar will display in scan results (if it is in your codebase) because it does not match *.xml.

If you add the exclusion pattern aa/*, your scan will exclude files such as aa/x.xml or aa/bb but will include aa/bb/x.xml because it does not match aa/*. That is, the * can match only a single name—that of a directory (one directory deep) or a file— not both names, as in bb/x.xml, which includes a directory name (bb) and a file name (x.xml).

If you create an exclusion pattern of ?.codeinsight, your scan will exclude files such as x.codeinsight and A.codeinsight, but will include xx.codeinsight or aaa.codeinsight because neither has just one character before .codeinsight.

note

You can combine asterisks (*) and question marks (?) in your exclusion patterns.

Using Double Asterisks

Double asterisks (**) span multiple directory paths. If you create an exclusion pattern of **/codeinsight, the files in the aa/bb/cc/codeinsight directory structure will be excluded from the scan.

Example Exclusion Patterns

The following shows some example patterns used to exclude files from scans.

Example PatternDescription
**/SVN/*Excludes all the files in the SVN directories that are located anywhere in the directory tree (for example, SVN/Repository and apache/SVN/Entries ). However, org/apache/SVN/foo/bar/Entries will be included in the scan because the /foo/bar/Entries component is not matched by /\* , which represents only a single directory name (one directory deep) or a single file name.
**/ePortal-2.0/src/**Excludes all the files in the /ePortal\-2\.0/src/\*\* directory tree (for example, /ePortal\-2\.0/src/index\.html and /ePortal\-2\.0/src/test\.xml ). However, /ePortal\-2\.0/xyz\.java will be included in the scan because the /src component is missing.
**/imagesExcludes all files in images directories located anywhere in the directory tree. The exception to this pattern is \*\*/\.git . See Note About Excluding the .git Directory from Scans for more information.

Keep the following in mind as you specify exclusion patterns:

  • If a pattern ends with / or \, double asterisks (**) are appended. For example, codeinsight/data/ is interpreted as codeinsight/data/**.

  • Exclusion patterns are not validated by Code Insight. You must test your patterns externally.

Note About Excluding the .git Directory from Scans

Basically, the configuration file (config or gitconfig) contained in a .git directory for a Git repository is always scanned—and is the only file scanned—whether or not you exclude the .git directory from scans. The following explains this behavior:

  • If you add the .git directory to the Scan Exclusion list to prevent it from being scanned, the configuration file contained in the folder is still scanned because it is required by Automated Analysis to detect components in the Git repository.

  • If the .git directory is not included in the Scan Exclusion list (that is, you intend for the files in the .git directory to be scanned), the configuration file is scanned, but no other files in the directory are scanned. Scans ignore the remaining files in the directory because they contain data that is not required in the detection of components and evidence in the Git repository—data such as the repository’s commit history as well as its log information and metadata.