Can teams suppress mandatory rules during a PR build?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Community Edition Version 8.0
  • what are you trying to achieve
    Can teams suppress mandatory rules during a PR build? If so, can we get notified / have a report on this occurrence?
  • what have you tried so far to achieve this.
    Currently sonar is integrated with PR checks.But team cannot suppress the warnings

Hey there.

Pull Request Analysis is not supported on the Community Edition of SonarQube.

1 Like

@Colin_SonarSource Thank you so much for the response .If I am using developer edition .Kindly let me know if its possible to suppress mandatory rules during a PR build? If so, can we get notified / have a report on this occurrence? .

@Colin_SonarSource can you please help me to resolve this doubt as well .

@jithinbabu657 Do the users have access to manage quality profiles/rules?

https://docs.sonarqube.org/latest/instance-administration/security/

@StingyJack No users don’t have access to manage quality profiles / rules .

Then they cant bypass it.

The same goes for a CI/PR build. If access to those definitions is restricted and they cant change it then they cant bypass it.

If you are one of the unfortunate souls who have been tricked into using pipeline as code (usually a yaml file checked into the repo), then you are out of luck because they can do whatever they want - including removing or disabling unit testing, sonar checks, etc.

Security is a process not a product. There are ways to bypass most anything. You should be considering how to identify when someone willfully bypassed a protection and what should happen to them, and then making sure everyone understands the consequences.