Define Quality Gate using the new Severities

Hi,

we recently migrated from SonarQube 9.9 to 10.4 (both on-Premise) and would like to adjust our Quality Gate to the new Severities.

Currently our Quality Gate for New Code says:

  • Blocker Issue > 0
  • Critical Issues > 0
  • Major Issues > 0

Fixing issues with Severity <= Minor is optional for us, as we are working on legacy code (in parts >20 years old) and want to concentrate on the more important issues.

Now these severities are deprecated and there are the new severities High, Medium and Low. Currently out old Quality Gate definition still works, but we would like to switch to the new severities.

My first thought was, to define something like “High Issues > 0”, assuming we treat all three Software Qualities the same way. It would as well be fine to have something like this:

  • High Security Issue > 0
  • High Maintainability Issues > 0
  • High Reliability Issues > 0

The only way to achieve something similar seems to be using the Rating, like “Security Rating worse than A”. But the documentation for these Ratings still uses the deprecated severities: metric definition

Is the documentation just outdated or are these Ratings as well deprecated? What would the recommended way be to handle our use case?

Thanks!

Regards,
Carsten

1 Like

Hi,
this question is still relevant to us, but the fact that nobody has answered so far, raises some questions for me.

  • Is our quality gate and the approach behind unusual or discouraged?
  • Is there nobody else having this question?
  • Is there a non-deprecated equivalent for our quality gate at all?

I would be grateful for any advise on this.

Thanks!

Regards,
Carsten

2 Likes

Hello Carsten,

Sorry for the late response.

I will recommend you to set up a Clean as You Code compliant quality gate. It will be a good idea to fix all issues in the new code as this prevents accumulation of new technical debt (even in a legacy project). However, if you still do not want to fix some low-severity issues, you can accept those issues.

Hi,

IMO to fix only issues in new code is the obvious way to go for legacy projects.
But what about new projects starting from scratch ?

This questions are still not answered

Gilbert

1 Like