We are using Sonarqube 9.9.1. Maintained by our SYSTEMS team. Does the ability to specify the quality gate at scan time via analysis parameters exist?
The thought process is to have two separate stages to scan against different quality gates. We would like one quality gate to be maintained by Security and another quality gate maintained by the Team. The current way is that we have to rely on Security’s SAST requirements to be in every quality gate. We would specify in the pipeline two separate stages of Sonarqube scans, each passing in a different quality gate to use.
I am assuming if this is available, it could cause issues with the metrics and/or the comment decoration.
Speaking as an experienced user, not a SonarSource person.
The quality gate is a property of the project, not of the scan. I’m not aware of any way to make the scan run with a different quality gate than is set in the project.
However, I suppose you could sort of hack this by simply using the SonarQube REST api to change the quality gate on the project just before you run each scan. Each time someone looks at the project, it will have the last set quality gate, but what you want is for the scan you’re about to run use the rules of the quality gate you want to use, which this would do.
If you don’t know about the WebAPI, you can see the link for the documentation at the bottom of most of the pages in the SonarQube gui. Look for the “/api/qualitygates” operations.