Hi,
Can anyone help me in setting up the rejected code check-in if the sonarqube scanner code quality does’t meet the criteria.
Thanks!
Hi,
Can anyone help me in setting up the rejected code check-in if the sonarqube scanner code quality does’t meet the criteria.
Thanks!
Hi @Divin,
Can you give us a bit more details so we can help you?
For example, the version of SonarQube you have installed and the edition you run internally, the SCM you use in your toolchain (Azure DevOps, BitBucket Server, Gitlab, GitHub…)?
Do you use branches? and PR?
Branches and PR analysis are available starting in Developer Edition. You can then block merge based on the status of the PR.
Thanks,
Carine
Hello Carine,
Thanks for you quick response, Actually I’m using SonarQube Docker image(sonarqube:latest tag),
Tools: Azure DevOps with Azure repos. we are using Branch and PR. Need to configure the gated check-in for the same.
Thanks,
Divin
Hello,
Let me add up to what @Carine_Bayon told you: We don’t think that blocking a commit that does not meet quality standards is an excellent practice:
Our approach/recommendation is based on the typical modern development pattern which is is that developer commit on a (feature or hotfix) branch, not directly on the main branch. Even if the quality is not satisfactory, the code of the branch will anyway not affect the main branch. You will on the other hand be very strict to block the merge of a PR (a branch) into a main branch if the code of the PR/the branch does not meets quality expectations. Most ALM allow to enforce this policy (see How to block the merge of Pull Requests when SonarQube Quality Gate is failed, with GitHub for instance)
Let me know if that makes sense to you.
Olivier