Quality Gate metrics needed on Bugs and Vulnerabilities, but ignoring Code Smells

Sorry if this has been posted before, I’m new here and could not find a similar topic.

We started using SonarQube Enterprise Edition 9.7.1 in our company recently.
Our codebase (modular, fortunately) contains hundreds of thousands of lines of C code, written by 50+ developers over many years. As you can imagine, there are a lot of changes that need to be done to fix all Bugs, Vulnerabilities and Code Smells in the existing code.
So we want to focus first on Major and Critical Bugs and Vulnerabilities and put a Quality Gate on these. Unfortunately the Quality Gate of SonarQube only has the concept of Issues (= Bugs & Vulnerabilities & Code Smells) and it does not seem possible to ignore Code Smells from the Quality Gate, without also ignoring Bugs and Vulnerabilities.
Any plans to make this possible, or is it already available somehow in one way or another ?

Hey there.

You would probably benefit from looking at the documentation for Security Rating and Reliability Rating

And, we really don’t think that developers should focus on cleaning up existing code, rather than focusing on the new code. Read more in the documentation on Clean as You Code and this blog post: Clean as You Code: How to win at Code Quality without even trying | Sonar

Thank you for your answer Colin, I will have a closer look at the documentation page you forwarded !