SonarQube Version: Developer Edition Version 220.127.116.11101 LTS
what are you trying to achieve: We have a huge code and some existing bugs in the code and we are ignoring the existing issues.
With the new code, we want quality gate to fail only if there are blocker, critical or major bugs but that not fail code smells. Basically we are trying to ignore bugs with Severity info and minor.
Welcome to the community!
What you’re after is the X Rating on New Code metrics, where X = Reliability or Security. As described in the docs, the ratings look at the severity of the worst issue:
A = 0 Bugs
B = at least 1 Minor Bug
C = at least 1 Major Bug
D = at least 1 Critical Bug
E = at least 1 Blocker Bug
It’s the same scale for Vulnerabilities/Security Rating. So if you add a Quality Gate condition on New Code for “Reliability Rating is worse than B”, you should get what you want. (And I would advise the same for the Security Rating.)
BTW, Maintainability ratings work differently, so if you do someday decide to start looking at them, you’ll want to check the docs for how they work first.
I am attempting something similar. I want to phase in analysis over a few milestones. First vulnerability, then security, bugs, smells, etc.
As soon as I have things configured, I am getting every analysis finding added to a PR in ADO.
I just want to stop the build / PR at this point, not receive 100s of warnings from SQ.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.