Hey,
I’m new working with SonarQube and I’m trying to configure a quality gate.
I know there is already a default quality gate (Sonar-Way) but it might be to generic.
Can someone share his own configuration so I can be inspired ?
Thanks
Welcome 
What’s your Sonarqube version and edition (Community, Developer, Enterprise …) ?
Gilbert
the Community one
and what version ?
i’m using this image : 9.9.4-community
Sonarsource nowadays propagates an approach they call “Clean as you code” (CAYC).
The docs
have
With Clean as You Code, your focus is always on New code (code that has been added or changed according to your new code definition) and making sure the code you write today is clean and safe.
IMO this concept has a big flaw, what about greenfield projects starting from scratch !?
When only using “on new code” conditions, the initial analysis might have 1000 issues, but the quality gate will be green, because there’s no baseline.
This contradicts the DevSecops concept, security from the start (shift left).
So in your case, it depends if you want to analyze legacy projects or greeenfield projects.
For legacy projects you should use “on new code” conditions, whereas for new projects you should
use “on overall” conditions.
That’s my opinion, unfortunately i still have no answer to those questions