Hi, we are using sonarqube community edition in our CI/CD which works fine but we would like to fail/stop our build process in case sonarqube finds high severity issues or more than 1 important bug.
For example, let’s say Sonarqube task in the build pipeline is 3rd step, then if Number of Hight severity > 1 or code smells > 5 then pipeline should stop and build fails, then send alert to developer.
I investigated and googled but was not able to find something that corresponds for what I am looking for.
The question is: Does Devloper or commercial edition provides a mechanism to get back those details inside the pipeline (in a build tool like Bamboo or Azure Devops server) for stopping/failing the build pipeline, Thanks
Hey there.
Even in Community Edition you can fail based on the Quality Gate status using sonar.qualitygate.wait or features specific to a CI/CD integration (Overview | SonarQube Docs)
Thanks Colin, So I should create a new quality gateway where I list elements that should fail the build, something like
My quality Gateway:
Code smells > 3 OR Severiy high > 1
Then fail pipeline
Am I correct?
By “For other CIs, you can use the sonar.qualitygate.wait=true analysis parameter in your configuration file…” is it project seetings or sonarqube server setting?
Thanks again
This is a setting passed to the scanner (sonar-scanner -Dsonar.qualitygate.wait=true). If you’re using a CI like Azure DevOps and the dedicated tasks, you can add such properties in the prepare step.
Great and thanks for the follow-up. Tell me please, I visited the pricing page for sonarqube, not sure I understand the pricing for the different editions, is it by user, by Server, by Site?
Lines of Code.
OK, got it and thanks. I have 20+ projects I see on each project on “overall Code” I see the number of lines of code. Is there a possibility somewhere in sonarQube interface to see the sum of all number of lines of projects to decide which way to go or an API that allows doing this? Or I should go manullay and add the number of lines of code by visiting each project and manually add them lest say in an excsl file?
You can also just head to your global Administration > System Info to understand the total LoC on your instance.