Industry standards for Quality Gates?

Hello Ann,

Is there any industry standards to be maintained as such for setting the custom Quality gates with respect to the overall code in SonarQube?

Best Regards,

Hi Chetan,

Welcome to the community!

I’ve moved your question to a new topic since it seems tangential to me when compared with the original question where you posted.

Aaand… I’m not entirely sure what you’re asking.

At the risk of being obnoxious, since this kind of Quality Gate was really our idea (AFAIK) I guess that our recommendations would be the de facto standard, and you’ll find them in the built-in Quality Gate. If you’d like to see what we apply internally - we do go a little further than the built-in QG - you’re welcome to have a look at our internal instance.


Hi Ann,


Hi @ganncamp and @chettyjak ,

Thank you for sharing.
I’m looking for this information as well.
What i want to know if there is a standard guide to define quality gates for example based on OWASP.
I’m sething coverage to less than 80% for example based on default sonar way quality gates.
I want to propose new quality gates for my organization, but i need a standard to guide me.

Thanks in advance.


I’m unaware of OWASP recommendations related to things like coverage, duplications, and in fact anything unrelated to issues. So it would be a question of making sure the relevant rules are enabled in your Quality Profile(s) and making sure your new code is clean.


Thank you @ganncamp !!