Scanner command used when applicable: sonarsource/sonar-scanner-cli:4.3 docker image
Languages of the repository: Java
We run checkstyle in our project and export the results to SonarCloud by setting sonar.java.checkstyle.reportPaths. It gets exported to SonarCloud just fine and is reported as Code Smells by the sonarcloud bot in PRs. But we noticed that even for checks in checkstyle for which we’ve set severity to “error” the quality gate doesn’t fail. Is additional configuration required to make that happen ?
When we import checkstyle issues we internally attribute them a type (code smell for most) and a severity. And we currently don’t provide a way to change those default values for external issues. So the fact that you set the severity as “error” in checkstyle won’t have any effect on what’s going on in SonarCloud.
The quality gate break based on how it’s setup, if you are using the default one then it’s setup to not fail easily on code smells. So unless your project is small it won’t fail for a few code smells. But you can definitely update it for you project to make it more strict, you can read our quality gate documentation page to learn more about it.
Thanks @Gregoire_Aubert, I was afraid that was the case. We did notice that for a high number of checkstyle issues the quality gate does fail.
Although, can this be taken up as an improvement to consider severity set in external reports? The ability to configure some checkstyle issues as more severe than others would really help.
You could tweak your quality gate to make it more sensitive to code smells, you won’t be able to say that you want it to break for a specific issue but you could add a condition that you don’t want any “blocker issues” in your new code for example.
It could be considered as an improvement if you suggest it in the new features section of the forum and it gains traction from the rest of the community too.