I have upgraded the SonarQube to 9.2 and found one issue that after scanning the existing branch (develop) it is falling for a quality check which is expected. But, if I create a new branch from develop then it is getting passed.
So wanted to know how to enable sonar scan for new code on feature branches as well.
Welcome to the community!
Is the Quality Gate condition one on new code? Is it possible you haven’t made any changes to the new branch & thus not added any new code to it yet? Without new code, it’s impossible to fail the Quality Gate.
Yes, there is the change in the new branch and it is passing even though there are some security issues.
If I add new code in the feature branch, with some vulnerabilities and scan with sonarqube then, it marks quality gate with error but, status is marked as passed
If I merge that code to say develop branch then, the status is marked as passed.
It should mark status to fail for the feature branch as it has some issues.
How about a screenshot of the Quality Gate you’re using?
Here are two screenshots.
Quality gate setting - I am using the default setting for all projects
Quality gate scan for feature branch - it contains changes after this branch creation from develop branch.
Thanks for the screenshots; they tell the tale.
Your Quality Gate consists only of conditions on New Code. Your 2 vulnerabilities are in Overall code. While anything that shows up in New Code will also show up in Overall code, it seems that these 2 vulnerabilities are not in New Code and that’s why your Quality Gate is passing.
Does that make sense?
It is completely correct for the branch for which I send you the screenshots.
To show you some examples, I have created a new branch from existing and showed you the issue in the overall code.
But if I create a new branch and add some code that has some code issues then the same 2 vulnerabilities will be shown in New Code only and I want Quality Gate check status failed for such issues in New Code.
Are the two new issues in your example Code Smells? Because your Quality Gate includes a condition on the Maintainability Rating on New Code, but that won’t necessarily exclude new Code Smell issues. You may be interested in the docs on Metric Definitions.
I am able to achieve this by setting “Reference Branch” under “Project Settings” of a project.
I want to apply this setting at the global level but, as per the document we don’t have a “Reference Branch” option at the global level.
So my question is, is there any way we can apply the same setting for all the projects in the sonar. As it is not possible to apply to each project as I have more than 100+ projects.
If it is not possible to apply the setting at the global level in the current version, can you add this feature in future versions?
You might try the Web API to automate this. However, I need to ask: what is the setting for the
develop branch? Whether manually or via automation, once you set the project-level value to reference
develop, you’ll also need to update the
develop branch in each project to fix its setting.
Thanks Ann for the web API option.
I got the change to look into the web API and I tried to set the reference branch to develop for one of the project but, I am getting 401 unauthorized error on the post request (screenshot below). I have given all correct values with credentials with basic authentication. I also have Administrator privileges on the server as well.
I can fetch details using the GET method but for POST.
Please let me know how to resolve this and make it work with the POST method?
Also, provide me the steps to create a Token that I can use for these API calls instead of my login credentials.