Quality gate pass on some branches by fail on others

• ALM used: Gitlab
• CI system used: Gitlab
• Scanner command used:

mvn verify sonar:sonar 
      -Dsonar.projectName=${CI_PROJECT_PATH} 
      -Dsonar.sources=.
      -Dsonar.exclusions=src/test/**/* 
      -Dsonar.organization=${SONAR_ORGANIZATION} 
      -Dsonar.projectKey=betworks_${CI_PROJECT_NAME}
      -Dsonar.test.exclusions=src/test/**/*
      -Dsonar.qualitygate.wait=true

• Languages of the repository:
  Maven project, mostly java, but also contains, css, JS, HTML and docker files.

• Error observed:

1 - the quality gate pass on some branches and fail on others.
2 - the report on the branch seems to report only new vulnerabilities and not the overall vulnerabilities, despite the Quality gate configuration

Details:

On the projects, i have 4 different branches:
- main : the default branch
- from-main branch taken from the main branch with NO additional commit = exactly same as main
- develop branch taken from the main branch with few additional commits
- from-develop branch taken from the develop branch with NO additional commit = exactly same as develop

The quality gate pass on some branches but fail on some branches:

• main QUALITY GATE STATUS: FAILED
• from-main QUALITY GATE STATUS: PASSED
• develop QUALITY GATE STATUS: FAILED
• from-develop QUALITY GATE STATUS: FAILED

I am expecting the maven sonar scanner to report a “QUALITY GATE STATUS: FAILED” for all branches.
However, as you can see, the analyse pass on the branch from-main where i am expecting it to fail since it’s exactly the same as the main branch

1918×421 15.2 KB

And the report for this branch seems to be empty:

reports1556×903 158 KB

My default quality gate is defined with Conditions on New Code and Conditions on Overall Code

new_code1008×1077 72.3 KB

The analysis of short-lived branches looks at the difference between two branches and only evaluates the quality conditions on New Code.

Not quite – the Quality Gate is “not computed” because you need to configure the New Code Period.

Here there is no new code to be evaluated, so it passes.

Here, there is new code to be evaluated as compared to main, so Quality Gate conditions are ran.

It looks like everything is working as expected.

Hi Colin,

Thank you for clarifying and your detailed response.
After reading in details Branch Analysis | SonarCloud Docs i have have a better understanding. And it does make sens now.

However, is it possible to force sonarcloud to consider the current branch analysed to be a long-lived branch by passing some parameter to the scanner ?
I know i could go to sonarcloud and changes the “Long-lived branches pattern” in the project.
But i m facing two issues with this approach:

1 - We have a lot of projects and unfortunately it looks like there is no way to change this value globally and each new project will need to be updated after being imported (permission that is not available in our setup for the person who imported the project)

2 - It enforce to have a naming convention for our branches, which we should have but we do not have at the moment unfortunately.

Thank you,
Sebastien

Hey there.

There’s no scanner parameter you can pass to set a long-lived branch.

Are you trying to set all branches in your projects to be long-lived, or just some?

Hi Colin, sorry for the delayed response.

we are trying to set few branches (not all) as long-lived branches.
but because we don’t have clear naming convention in our branches it becomes hard to set them to long-lived branches. we have to go to each project individually and update the configuration:

Long-lived branches pattern: (branch|release)-.*

we could not find a way to set this configuration at a global level unfortunately.

Do you know if there is a way to change it in all our project in sonarcloud, instead having to change them 1 by 1 ?

Thank you

It’s not possible to set this at an org-level today. You can voice your support here!