Why can't we add conditions to Quality Gates!?

Hello,

We are using SonarQube 9.9 LTS Enterprise.

Why can we not add conditions to our Quality Gate? The ‘Add Condition’ button does not appear any more, even when creating a new Quality Gate.

We have 2 Gates - one for new projects and one for legacy projects. New projects have conditions on New Code and Overall Code in one Gate and legacy projects have conditions only around New Code in their Gate. However we now want to add conditions on overall code for Security Hotspots and Vulnerabilities for legacy projects on their gate but cannot. Why was this removed?

If this is a restriction because of the ‘Clean As You Code’ (sigh) paradigm then it also needs more thought. Incremental increases in Overall Code errors will occur due to the tolerances around your conditions so we always need conditions on Overall Code for things we want.

And we also MUST be able to target certain things in the code base such as Vulnerabilities and Security Hotspots.

The ‘Clean As you Code’ changes continue to be a highly annoying imposition that is continuously frustrating through it’s restrictions and extremely annoying messages. How do we disable it??

Was any of this stuff sensibly reverted (or permitted to be disabled) in later versions??

Will

Hi Will,

You can always add conditions to a non-Built-In Quality Gate. Look for the “Unlock editing” button. (Note that you won’t see it if you don’t have permissions to edit.)

Yes, it has moderated a bit in recent versions.

 
HTH,
Ann

Hi Ann,

Thank-you very much for your response.

I’m not seeing that button in 9.9 LTS. I’m assuming it appeared in one of the 10.x?

Upgrading to a earlyish next major (non LTS) version we will have to weigh carefully.

Pleased it has been moderated. It would be sensible to allow the ability to enable / disable the “Clean as you Code” material entirely.

Perhaps instead of a single mantra/methodology you could provide guidance / solutions for other things we care about with different codebases. Importantly, because we also use the SonarQube platform to help us…

“Clean your Legacy Code”
“Target your Vulnerabilities”
“Refactor to Perfection”
“Secure your Code, Secure your Future”
“Performance is Key, Optimise Wisely”
“Focus on Material Problems, not just Style”
“Commit to Quality, Not Just Code”
“Eradicate Technical Debt before it Accumulates”
“Keep it Modular”
“Sustainability through Scalability”

:wink:

Thanks again,

Will

Hi Will,

I spun up 9.9 before I answered, so I’m pretty confident that if you have permissions the button shows up.

Regarding mantras, I’ll pass it on. :smile:

 
Ann

Hello Will,

Thank you very much for your feedback.

We understand that there is a need to address newly detected vulnerabilities and bugs in the overall code. Currently, you can use conditions on the overall code to cover this need. We will continue to monitor this need.