Assuming I configured my quality gates (based on SonarQube scanning) …
Would it be possible to add more criteria based on results from other tools (that scan our app during the CI)?
and if so - how to do it?
In other words - could I leverage Sonarqube’s quality gates mechanism to fail my CI pipeline on a broader criteria than Sonarqube itself?
Thank you
Hi,
it’s possible to import third party issues, see
https://docs.sonarqube.org/latest/analysis/external-issues/
Sonarqube also supports - with some limitations - a generic import format for raising
external issues in code, see
https://docs.sonarqube.org/latest/analysis/generic-issue/
Or write your own plugin, see Plugin basics | SonarQube Docs
You may also use community plugins - not supported by Sonarsource
i.e. check licenses
or check dependencies
(in an Enterprise environment one would use tools like Sonatype NexusIQ for that).
IMO it is not good to overload Sonarqube with third party plugins.
Gilbert