Quality Gate passed on PR branch but failed on main


We recently encountered a strange situation, where Quality Gate would pass on feature or PR branch, but fail on the main branch.

So, for example, on PR-1 branch, Quality Gate passed with no issues. When PR was merged and a build was triggered on main branch, Quality Gate failed on “New Code”

and the issue is related to a npm package

The settings on “New Code” are as follows

We use:

  • SonarQube Developer Edition
  • Bitbucket v7.17.4
  • Jenkins latest version

The question is, why Quality Gate did not fail during the development on feature branch (we are running analysis there as wel) or PR branch?

Thank you in advance,

Quality Gate conditions

Hey there.

This appears to be a file-level issue raised by the community-supported GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube.

File-level issues are not raised on pull requests, as SonarQube only reports issues on changed lines of changed files.