Security vulnerabillities

We are using SonarQube for quality and security testing.
The scan is done during CI. I would like to fail build during CI in case there is a specific amount of blockers/critical vulnerabilities, but in the security gates I don’t see a way to distinguish between a quality blocker and a security (vulnerability) blocker. Can that be achieved?


Welcome to the community!

We don’t calculate metrics on issue severity per type.

If you really must do this, then your best bet is to make sure there are no non-security rules at the Blocker/Critical level in your Quality Profile.