Looking to automate security scans in bitbucket pipeline to break build/merge if certain severity was found

maly_exiger · July 1, 2021, 6:30pm

ALM used : Bitbucket Cloud
CI system used (Bitbucket Cloud)
Languages of the repository (C#, Java)

Trying to automate our secure CI/CD process by integrating SonarCloud so on merge of PR, if a certain severity was found in the scan, the merge won’t happen and someone gets notified. Is this possible with SonarCloud and Birbucket Cloud integration? I am new using both so no idea

Thanks

Gregoire_Aubert · July 6, 2021, 7:59am

Hello,

Yes it’s possible, but you will need to tweak your Quality Gate on SonarCloud side because the default one doesn’t take into account the severity of issues.
You can learn more about Quality Gates in the documentation.

You can also configure your Bitbucket pull requests so that it’s not possible to merge as long as the Quality Gate is not passed.

Topic		Replies	Views
How to block your PR merge in SonarQube with BitBucket Cloud Guides	1	3972	November 18, 2022
How to block PR merge on Bitbucket Cloud only if quality gate fails and accept other job failure? SonarQube Server / Community Build sonarqube , bitbucketcloud	1	2400	November 21, 2022
How to use sonarcloud with bitbucket PRs, i.e. how to setup gates of any sort? SonarQube Cloud userfriendly-pl	2	35	March 10, 2025
Integrate BitBucket Cloud with SonarQube SonarQube Server / Community Build sonarqube , bitbucket , pull-request , sonarqube-cloud	1	895	August 7, 2019
Block github merge of pull requests when Sonacloud quality gate fails SonarQube Cloud	4	2311	March 16, 2023

Looking to automate security scans in bitbucket pipeline to break build/merge if certain severity was found

Related topics