We have code in several small repos that are not analyzed by SonarQube, which we want to integrate into a single repo/project that is analyzed by SonarQube already.
The obvious problem we face is the possibility that the existing code could trip the quality gate of the existing repo/project when it’s committed, and then we have to mitigate that. This has happened to us a couple times previously on a much smaller scale, and we are looking to avoid it, while still getting that code under SonarQube analysis in the one project.
Ideally, we’d want this integrated code to start off much like a new project does on a base analysis. That is, it’s not considered “new code”. And as mentioned, ideally we want all the code to be in the same project since the code is being consolidated to simplify things.
How can we safely integrate existing code that is not currently analyzed by SonarQube, into a project that is analyzed by SonarQube without tripping the quality gate?
Is there a best practice or recommended approach for this?
We are using the following:
- SonarQube Enterprise 7.9.4 LTS
- SonarScanner CLI 188.8.131.520
The repos in question are all TypeScript/Angular projects.