From a86892909be555781fcb6cfa7f30f750a7ae5ad8 Mon Sep 17 00:00:00 2001
From: Theauditor <228822721+TheAuditorTool@users.noreply.github.com>
Date: Mon, 13 Apr 2026 15:32:18 +0700
Subject: [PATCH] fix(scripts): exclude JS from SonarQube scan

The SonarQube scanner's JavaScript/TypeScript sensor activates on
vendored JS files in src/main/webapp/js/ (jQuery, js.cookie,
testsuiteutils) and attempts to start a Node.js bridge server, which
times out in the scanner Docker container -- killing the entire scan.

Add **/*.js to sonar.exclusions so the JS sensor never activates.
This project benchmarks Java SAST tools only; SonarReport.java already
filters to java:* rules, so JS findings were never collected.

Closes #235
---
 scripts/runSonarQube.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/runSonarQube.sh b/scripts/runSonarQube.sh
index 761294d373..a2972589ea 100755
--- a/scripts/runSonarQube.sh
+++ b/scripts/runSonarQube.sh
@@ -75,7 +75,7 @@ docker run --env SONAR_SCANNER_OPTS=-Xmx4g --rm -v ~/.m2:/root/.m2 -v "$(pwd)":"
   -Dsonar.host.url="$sonar_docker_host" \
   -Dsonar.login="$sonar_token" \
   -Dsonar.sources="src" \
-  -Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**"
+  -Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**,**/*.js"
 
 echo "Waiting for SonarQube CE to finish task..."