We have codebases maintained by two teams. The team we work with needs a method to isolate violation in its own packages and classes. We can restrict the number of bugs or serious security hotspots.
What is the right way to do this ? Ideally we would like to do this when the PR is submitted but that is not an option now.
Welcome to the community!
Off-hand the easiest way to do two separate analyses of the code base. Each analysis will cover/include only the code maintained by that team. Then everything in each team’s analysis is for that team.
We were thinking of using patterns to cover only code owned by one team. So we can flag security hotspots only for that code. But we also want to put a gate on that threshold and block the pipeline. If a piece of code based on that pattern has a hotspot or critical bug it shouldn’t build. Can we setup such custom rules ?
That’s why I suggested you do an analysis for each team and only include in the analysis the code owned by that team.
I guess you mean you want to block both teams when one of them is failing the Quality Gate? That’s a bit harder. You can monitor both teams at once by re-aggregating each teams’ code in an Application. You won’t be able to block one team based on the other’s performance, but you can use the Application to have one place to monitor both teams at once.