- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Version 7.9.1
Azure DevOps Services
- what are you trying to achieve
After working with SonarQube for years I recently took a job offer as DevOps Engineer and I am now trying to introduce the Sonar ecosystem into the software development process of my new company. I thought I had it all figured how to implement SonarQube into the branching and build process - but apparently not so much. I’m looking for advice on which type of branch (defined by Git flow) we should scan with SonarQube and which type we should protect with quality gates for pull requests. I’m having a small existential crisis and could use some input.
- what have you tried so far to achieve this
The current idea is:
- Build and scan feature branches
- create pull requests to develop, scan those pull requests, potentially use a branch policy with a quality gate
- build and scan develop
- create pull requests to master, scan those pull requests, potentially use a branch policy with a quality gate
- build and scan master
Writing it up like this makes it sound not really practicable for some reason, especially with release branches added to the mix. But wouldn’t a developer want to know about issues asap?
How did you implement Sonar into your software development process?
Cheers,
Robin
