We recently encountered a strange situation, where Quality Gate would pass on feature or PR branch, but fail on the main branch.
So, for example, on PR-1 branch, Quality Gate passed with no issues. When PR was merged and a build was triggered on main branch, Quality Gate failed on “New Code”
Hi Colin, may I ask what the rationale behind this design decision is? If whatever file level issue causes my QG to fail on the main branch, I would prefer that the same condition is applied to the PR. Otherwise it is too easy to merge a “defective” state. Is there a workaround? A vulnerability failing the gate on main is still recognized/reported in the PR. Is there maybe a way to use that info to induce a failure somehow?
There are a few reasons – mostly to do with analyzing pull requests where the target branch hasn’t been analyzed (and therefore the only way to know what issues are new or not is to consider issues raised on changed lines of changed files). Previous attempts resulted in a lot of false positives being raised on pull requests (issues related to unchanged code).