Looking to automate security scans in bitbucket pipeline to break build/merge if certain severity was found

  • ALM used : Bitbucket Cloud
  • CI system used (Bitbucket Cloud)
  • Languages of the repository (C#, Java)

Trying to automate our secure CI/CD process by integrating SonarCloud so on merge of PR, if a certain severity was found in the scan, the merge won’t happen and someone gets notified. Is this possible with SonarCloud and Birbucket Cloud integration? I am new using both so no idea



Yes it’s possible, but you will need to tweak your Quality Gate on SonarCloud side because the default one doesn’t take into account the severity of issues.
You can learn more about Quality Gates in the documentation.

You can also configure your Bitbucket pull requests so that it’s not possible to merge as long as the Quality Gate is not passed.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.