SonarQube 9.9 Enterprise Edition deployed on an Azure VM.
Our Quality Gate does not allow any critical or blocker severity issues on new code but a Pull Request containing a Critical Severity issue was declared as passed. Why was this allowed through?
As the highlighted history above shows, this issue was created on branch feature/VPP-4049-1 copied into PR 4048, which was declared passed as follows…
Our Reference Branch for all feature branches is the Develop branch, under GitFlow.
Can you share how your Quality Gate is configured? A screenshot is fine.
Thanks for looking at this.
And these are on Overall code? Or on New Code?
Apologies, I cut off the screenshot by mistake. I have updated it now.
These are conditions on New Code, which is why we are confused that the PR analysis would not fail based on this issue. There have been no changes to Quality Gates nor Profiles.
The commit the change was in was included in the PR, as evidenced by the record highlighted above.
Since it has been less than 30 days, I’m hoping that PR still exists on your SonarQube instance. Was that issue raised there?
Yes, this issue was reported in the PR, but the PR was declared as Passed. See below.
A passing Quality Gate certainly wouldn’t be expected for 0 Critical Issues if that issue was raised in the PR (I was rather expecting it wouldn’t have been).
Are you sure the expected Quality Gate is being applied? You should see this under Project Information – it could be that the project is using another Quality Gate without this condition (like the default Sonar Way).
Thanks for the reply. Yes the Gates are properly applied and cannot be adjusted by users.
All the obvious configurations and settings have been verified. However there have not been any further reports of this.