Managing Quality Gates by Type and Severity without Code Smell

  • which versions are you using
    SonarQube 8.9

  • what are you trying to achieve
    Our company has source code quality policy which is Severity of Blocker, Critical, Major must be zero in type Bug and Vulnerability. And there is no policy about Code Smell type.
    As I know about SonarQube CE/DE 8.9, there is no way to satisfied for the policy.

  • what have you tried so far to achieve this
    I wrote GitLab CI/CD pipeline to analysis source code by Sonar Scanner with sonar.qualitygate.wait=true option.
    However, as below reason which is not meet the company policy, always return failed result.

Anybody help me?

Hi @KiYiul,

You can use the Reliability Rating and Security Rating Quality Gate criteria to achieve this. For your particular case, you would set two Quality Gate criteria (for either new code or overall code, depending on how you’re managing your Clean as you Code settings):

  • Reliability Rating is worse than B
  • Security Rating is worse than B

I hope this helps; let me know if you have any problems implementing this.



1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.