Help, please!!!
Somebody know standars or best practices to define Quality Gates?.. for example (the best % to define maximum and minimum in bugs, code smells, vulnerabililties).
Thank you!!!
Hi,
Welcome to the community!
We consider the build-in Sonar way Quality Gate a good minimum. It includes conditions on the Maintainability, Reliability, and Security ratings on New Code; we recommend you use the ratings rather than looking at counts of issues. For Security and Reliability the ratings correspond to the severity of the worst issues. For Maintainability the rating is about the ratio of the remediation effort to the overall size of the code base.
HTH,
Ann
1 Like
Hi Ann,
I have the same question for this case, how to define zero critical and high vulnerabilities by reading quality gate test result?
Thank you.