Sonarcloud CircleCI build block

ashish2_sapra2 · January 27, 2022, 3:44pm

Hello,
We are using Sonarcloud and have the integration with Circle CI via its ORB and to perform the code scan as part of any Pull Request.

We want to have Quality gate setup in Sonarcloud to block a build if it has a Blocking or Critical vulnerability.

We created a PR against a repository which had such a code vulnerability and executed the build.
The PR shows as failed in Sonarcloud Quality gate results, however, the CircleCI build passed successfully.
We are using GitHub as source code repository and have it integrated with Sonarcloud, however, there was also no notification in the PR in GitHub for the Sonarcloud Quality gate failure.
Please assist on how we can address our requirement.

Colin · January 28, 2022, 8:35am

Hey there.

Is your project bound? This would allow for Pull Request Decoration and the ability to block the merge of your pull request until the Quality Gate is green.

To fail the build itself, you would need to add the sonar.qualitygate.wait=true analysis parameter.