Trying to automate our secure CI/CD process by integrating SonarCloud so on merge of PR, if a certain severity was found in the scan, the merge won’t happen and someone gets notified. Is this possible with SonarCloud and Birbucket Cloud integration? I am new using both so no idea
Yes it’s possible, but you will need to tweak your Quality Gate on SonarCloud side because the default one doesn’t take into account the severity of issues.
You can learn more about Quality Gates in the documentation.
You can also configure your Bitbucket pull requests so that it’s not possible to merge as long as the Quality Gate is not passed.