Abubakar
(Mohammed Abubakar)
August 6, 2020, 1:59pm
1
SonarQube Version: Community Edition Version 7.8
what are you trying to achieve: We have a huge code and some existing bugs and vulnerabilities in the code and we are ignoring the existing issues
With the new code, we want quality gate to fail only if there are blocker or critical bugs.
Basically we are trying to ignore bugs with Severity info, minor and major.
what have you tried so far to achieve this: I have created the quality gate and integrated with the Jenkins Pipeline
ganncamp
(G Ann Campbell)
August 6, 2020, 3:01pm
2
Hi,
SonarQube 7.8 is past EOL and is no longer supported. You should upgrade at your earliest convenience:
7.8 → 7.9.4 → 8.4.1 (this last step is optional)
Regarding your Quality Gate, you can absolutely configure it based on issue severity, although I would suggest you focus on New Blocker and Critical issues.
Ann
Abubakar
(Mohammed Abubakar)
August 6, 2020, 8:56pm
3
Hi Ann,
Thanks for your quick response, we are planning to upgrade the SonarQube soon
Is there any document which I can refer for configuring quality gate based on issue severity, or at least can you run me through the steps.
Regards,
Mohammed
ganncamp
(G Ann Campbell)
August 7, 2020, 2:08pm
4
Hi Mohammed,
The UI should be pretty self-explanatory. Feel free to start new threads with any specific questions you have about it.
HTH,
Ann
coldari
(cold)
December 2, 2020, 7:47pm
5
Hi,
UI does not allow such detailed configuration of a quality Gate.
For example, with 8.5 you can create a new condition for Vulnerability above 0. But those vulnerabilities can be Minor, Major or Critical.
Is there any way to be more specific about the gates?
Regards
ganncamp
(G Ann Campbell)
December 3, 2020, 7:16pm
6
Hi @coldari ,
Welcome to the community!
Sorry, we don’t define and collect metrics at that granularity.
Ann