Default "Sonar Way" quality gate passes after rerun

  • Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): 7.7
  • What are you trying to achieve: I want New code quality check to fail even after rerun.
  • What have you tried so far to achieve this:

Dear all,

I am using default quality gate “Sonar way” for my project analysis. When new code push on git and build triggers, after analysis “sonar way” quality gate fails, which is perfect. But when I rerun the analysis and there is no code change, it passes the quality gate.

So I want to achieve that the analysis should run on the new code only(Which I assume that the metrics set for default sonar way quality gate are analyzing only the new code , not the whole project), but when I rerun the analysis should again fails (Which currently it passes as there is no new code).

How can I achieve that on rerun also, sonarqube quality gate should fails if there is no new code too and anaylisis should be done only for new code not on whole project?

Leak Period:- previous_version
Language:- C#
Quality gate Metrics:-


Activity tab Screenshot:-
image

Hi,

Welcome to the community!

First, SonarQube 7.7 is past EOL. You should upgrade at your earliest convenience. Your upgrade path is:

7.7 → 7.9.6 → 8.8 (last step optional)

Regarding your question, how is your New Code Period defined? Is it previous_version? Because by passing in your build number (2021.03.12.55, 2021.03.12.56, …) as your sonar.projectVersion (I can tell this from your screenshot), you’re updating the version with each analysis and thus resetting the New Code Period.

 
Ann

@ganncamp Thanks for the Response!

Yes, I have upgraded the sonarqube version now with 8.8, but still facing same issue.

Yes ,leak period = previous_version

Yes, it two different version, as I am passing build number in the version.

Actually, my requirement is that since there is no code change then why after rerun its showing me success.

Please suggest here, what setting I need to change so that the next analysis always show me the failed quality gate status if there is no code change.

image

Hi,

You need to change one of those^ first two things. By passing in the build number as the version string, you’re resetting the New Code Period with every analysis so especially with no code changes, there are no new defects since the previous version.

 
Ann

Ok @ganncamp So, what leak period should I use then ?

As, I have to pass build number as its a part of CICD process.

Hi,

Why? What does doing so accomplish for you? And can it be handled equally well with the dedicated sonar.buildString parameter?

Generally, if you’re going to use previous_version for your New Code period, then you’re only going to change the sonar.projectVersion value with each deployment to production.

 
Ann

Hi @ganncamp ,

I tried with not replacing the version number, but still after rerun its passes.

image

Hi,

On your project homepage, at the top of the yellow column is a note about when your New Code period starts from. What does it say?

 
Ann