Languages of the repository:
Maven project, mostly java, but also contains, css, JS, HTML and docker files.
1 - the quality gate pass on some branches and fail on others.
2 - the report on the branch seems to report only new vulnerabilities and not the overall vulnerabilities, despite the Quality gate configuration
On the projects, i have 4 different branches:
- main : the default branch
- from-main branch taken from the main branch with NO additional commit = exactly same as main
- develop branch taken from the main branch with few additional commits
- from-develop branch taken from the develop branch with NO additional commit = exactly same as develop
The quality gate pass on some branches but fail on some branches:
main QUALITY GATE STATUS: FAILED
from-main QUALITY GATE STATUS: PASSED
develop QUALITY GATE STATUS: FAILED
from-develop QUALITY GATE STATUS: FAILED
I am expecting the maven sonar scanner to report a “QUALITY GATE STATUS: FAILED” for all branches.
However, as you can see, the analyse pass on the branch from-main where i am expecting it to fail since it’s exactly the same as the main branch
Thank you for clarifying and your detailed response.
After reading in details Branch Analysis | SonarCloud Docs i have have a better understanding. And it does make sens now.
However, is it possible to force sonarcloud to consider the current branch analysed to be a long-lived branch by passing some parameter to the scanner ?
I know i could go to sonarcloud and changes the “Long-lived branches pattern” in the project.
But i m facing two issues with this approach:
1 - We have a lot of projects and unfortunately it looks like there is no way to change this value globally and each new project will need to be updated after being imported (permission that is not available in our setup for the person who imported the project)
2 - It enforce to have a naming convention for our branches, which we should have but we do not have at the moment unfortunately.
we are trying to set few branches (not all) as long-lived branches.
but because we don’t have clear naming convention in our branches it becomes hard to set them to long-lived branches. we have to go to each project individually and update the configuration:
Long-lived branches pattern: (branch|release)-.*
we could not find a way to set this configuration at a global level unfortunately.
Do you know if there is a way to change it in all our project in sonarcloud, instead having to change them 1 by 1 ?