How to ensure overall code has no issues?

Using Sonarqube 10.3

I will try to describe what we want to achieve and why currently this seems to be impossible with the latest releases of sonarqube. before PR analysis got broken by optimizing it.

Goal1: No PR is allowed to introduce NEW issues to the master
Goal2: A release from master is not allowed to have any issues in overall code.

Having the new quality gates in theory it makes perfectly sense to only look for issues on new code, BUT Sonarqube does not catch everything here because of limited PR analysis. So even if NewCode is clean we introduce several times a month new overall issues to master.
Having overall code issues = 0 is also bad, because every activation of new rules otherwise blocks all PRs by possibly introducing new issues on master.

Having not the option to define different quality gates for long living branches I have no chance to fail the release deploy when there are overall sonar issues.

Kind regards,
Michael

Hello Michael,

Thank you for the feedback. It is true that the PR scan will not detect all issues and the branch (main in your case) is essential to keep your new code clean.

To keep the overall code clean, you will need two things from my perspective:

  1. A Clean as You Code ready quality gate with a new code definition that is suitable for the team’s context. This will allow the team to make sure that there is no new issue on your main branch in the new code period.

  2. You will still need a solution to address newly detected (due to analyzer improvements/enabling of new rules) issues on the main branch. You will need to set up conditions on the overall code to cover this case.

Will you help me understand your situation better:
What is your New Code Definition (NCD) for your long living branches?
When a new rule is enabled in the quality profile, do you want those issues to be fixed only in the new code?

Hi,

this means you recommend to use a combination of conditions on new code and on overall code ?

Gilbert

1 Like

Hi Vivek,

what you recommend is true but not doable with sonarqube currently. And thats my point.Mixing conditions on new code and overall code is bad for pull request workflow, but I’m not able to define different quality gates for long living branches

Kind regards,
Michael