Hello community.
I need your help to understand the reason for the following:
My project is a dotnetcore one, which gets Blocker error from the Quality gate With the message: Use a key length of at least 2048 bits for RSA cipher algorithm.
dotnet sonar scanner runs with the following commands:
if [[ $STACK = dotnet* ]]; then
dotnet-sonarscanner begin /key:${SERVICE_NAME} /name:${SERVICE_NAME} /d:sonar.login=${SONARQUBE_TOKEN} /d:sonar.host.url=${SONARQUBE_HOST} /d:sonar.cs.opencover.reportsPaths="opencovercoverage.xml"
dotnet build
dotnet-sonarscanner end /d:sonar.login=${SONARQUBE_TOKEN}
and somehow continues like there is no issue at all. I have tested with my colleagues and for their projects same code works fine.
tl;dr quality gate fails with Blocker error, but dotnet-sonarscanner exits with 0 code.
Our Sonarcube is running as an individual function and not as a part of pipeline. What might solve the problem is if we can fail the job itself when the exit code is 1.
it’s still strange that this fails to work only for 1 project.
For other CIs, you can use the sonar.qualitygate.wait=true analysis parameter in your configuration file. Setting sonar.qualitygate.wait to true forces the analysis step to poll your SonarQube instance until the quality gate status is available. This increases the pipeline duration and causes the analysis step to fail any time the quality gate fails, even if the actual analysis is successful. You should only use this parameter if it’s necessary.