Make azure devops fail with A+ rating when there are code smells

  • Version: Version 8.6 (build 39681)
  • Plugin version: SonarQubePublish@4

We are currently setting up SonarQube scans in our CI and we get back an A+ rating, which is nice.
However, upon inspecting the results I see we have 1 bug and 79 code smells.
I’d like my CI pipeline to fail if any code smells and at least if any bugs occur.
Is this a possibility?

I tried reading up in the documentation of the AzureDevops plugin (and all the other ones) and I don’t see an option on the plugin level.
Perhaps this is something we need to configure elsewhere?

Hi Marvin, welcome to the SonarSource Community!

What you’re looking for is generally accomplished via customization to your Quality Gate criteria (click in the Quality Gates top-level menu and configure the one used for your project).

However, before we dive into how to do that, I invite you to observe that code smells are already enforced via the Maintainability Rating which is enforced as part of the default “Sonar way” Quality Gate. Unlike bugs or vulnerabilities, where a single issue might cause the rating to fall below A and fail the Quality Gate, the Maintainability Rating is about code smell density. There need to be a strong enough density of code smell issues relative to the estimated effort to rewrite the affected code for the rating to fall. This reflects our general opinion that individual code smells don’t generally warrant failing a gate; what you’re after is generally minimizing your technical debt which you may do by voluntarily fixing reported code smells even though the gate didn’t fail, or taking the problem more seriously if enough smells have accumulated for the maintainability rating to finally fall. This approach will make the most sense if you have a well-configured New Code period since then the density of code smells relative to the new code is likely to be much higher and cause the rating to drop (and thus a gate failure).

Bottom line: failing a build over a single code smell is probably a very draconian measure. I’d like you to consider if it’s what you really want before I tell you how. :slight_smile:

Hi Jeff,

The problem is that we share the SonarQube criteria configuration.
However, upon further inspection, I realized that the issue isn’t in the failure condition but that SonarQube only fails on NEW issues.

I guess that is a smart thing to do. However, we only just managed to integrate SonarQube into our pipelines so we have a couple of code smells we’d like to remove ASAP.
We can probably make due by running the SonarQube plugin in visual studio. But I would’ve like to just fail on all code smells instead of new ones.