Quality gate pass on some branches by fail on others

  • ALM used: Gitlab
  • CI system used: Gitlab
  • Scanner command used:
mvn verify sonar:sonar 
      -Dsonar.projectName=${CI_PROJECT_PATH} 
      -Dsonar.sources=.
      -Dsonar.exclusions=src/test/**/* 
      -Dsonar.organization=${SONAR_ORGANIZATION} 
      -Dsonar.projectKey=betworks_${CI_PROJECT_NAME}
      -Dsonar.test.exclusions=src/test/**/*
      -Dsonar.qualitygate.wait=true
  • Languages of the repository:
    Maven project, mostly java, but also contains, css, JS, HTML and docker files.

  • Error observed:

1 - the quality gate pass on some branches and fail on others.
2 - the report on the branch seems to report only new vulnerabilities and not the overall vulnerabilities, despite the Quality gate configuration

Details:

On the projects, i have 4 different branches:
- main : the default branch
- from-main branch taken from the main branch with NO additional commit = exactly same as main
- develop branch taken from the main branch with few additional commits
- from-develop branch taken from the develop branch with NO additional commit = exactly same as develop

The quality gate pass on some branches but fail on some branches:

  • main QUALITY GATE STATUS: FAILED
  • from-main QUALITY GATE STATUS: PASSED
  • develop QUALITY GATE STATUS: FAILED
  • from-develop QUALITY GATE STATUS: FAILED

I am expecting the maven sonar scanner to report a “QUALITY GATE STATUS: FAILED” for all branches.
However, as you can see, the analyse pass on the branch from-main where i am expecting it to fail since it’s exactly the same as the main branch

And the report for this branch seems to be empty:

My default quality gate is defined with Conditions on New Code and Conditions on Overall Code

The analysis of short-lived branches looks at the difference between two branches and only evaluates the quality conditions on New Code.

Not quite – the Quality Gate is “not computed” because you need to configure the New Code Period.

Here there is no new code to be evaluated, so it passes.

Here, there is new code to be evaluated as compared to main, so Quality Gate conditions are ran.

It looks like everything is working as expected.

Hi Colin,

Thank you for clarifying and your detailed response.
After reading in details Branch Analysis | SonarCloud Docs i have have a better understanding. And it does make sens now.

However, is it possible to force sonarcloud to consider the current branch analysed to be a long-lived branch by passing some parameter to the scanner ?
I know i could go to sonarcloud and changes the “Long-lived branches pattern” in the project.
But i m facing two issues with this approach:

1 - We have a lot of projects and unfortunately it looks like there is no way to change this value globally and each new project will need to be updated after being imported (permission that is not available in our setup for the person who imported the project)

2 - It enforce to have a naming convention for our branches, which we should have but we do not have at the moment unfortunately.

Thank you,
Sebastien

Hey there.

There’s no scanner parameter you can pass to set a long-lived branch.

Are you trying to set all branches in your projects to be long-lived, or just some?