SonarQube – Setting up Quality Gates in your application


SonarQube is an Open Source tool for continuous inspection of code quality. SonarQube has a collection of rules to analyze your source code at compile time to identify potential vulnerabilities, bugs, anti-patterns, refactoring and poor coding practices.

In my earlier article, I mentioned about integrating SonarQube with your TFS CI/CD build and rejecting code check ins when Quality Gates are not met – 

SonarQube – Rejecting Code Check-in when Quality Gates are not met

One of the questions I received in an online forum was around Quality Gates and how to set it up. In this article, I will provide more insights about Quality Gates – what it is, the benefits of having it in place and how you can set it up while configuring SonarQube In your application.

What is a Quality Gate?

Quality Gates are the best way to ensure that standards are met and regulated across all the projects in your organization.Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating/ Unit Test Pass Rate and more.

To pass the Quality Gates, the project should pass through each of the thresholds set.

When SonarQube runs it will identify if the code meets all the quality thresholds you have set – else it will fail the Quality Gate and will not allow you to check in code to source control. This is a very powerful feature since it enforces code quality in your projects and automates the process.

How to setup your Quality Gates?

By default, a quality gate called as ‘SonarQube way’ is activated and applied to all your projects. You can also create new Quality Gates for your projects and define customized thresholds. 

Default Quality Gate

In a practical world, different projects will have different criteria’s – so you might want to create separate Quality Gates for your individual projects and verify the conditions.

Based on your projects, you can set up the metrics in your Quality Gate to explicitely throw a Warning or Error when the code crosses a threshold.

Quality Gate SonarQube

If you have any questions about setting up SonarQube in your applications, please let me know by adding a comment below. I would be happy to help and share my experience.


 

I am appending to this article to respond back to the comments on this blog.

If the Quality Gate fails while running the SonarQube stage in your CI/CD Pipeline, you can navigate to the SonarQube UI and see the exact cause of the Quality Gate failure. Please see below the screenshot from one of the failed Quality Gate instances on one of my application —

Failed Quality Gate



Categories: C#, SonarQube

7 replies

  1. For every project, I have two options in quality gate option
    1. Default
    2.sonar way

    What is the difference between two?
    I have no custom quality gates

    Liked by 1 person

    • Sonarway is the one provided by Sonar as standard one.
      You can make Sonarway as Default or you ca create your own gate and make as a default.

      Whicheves gate is marked as default will be assigned automatically to a project for which no quality gate is assigned manually.

      Liked by 1 person

    • Jyotsna – You can create new Quality Gates for your projects and define customized thresholds which you want for your application.

      Like

  2. I have same issue 😦

    Liked by 1 person

  3. I have two Quality Gates, whenever I run the analysis on a project and there is a failure on a Quality gate, it shows Failed but it does not give show me, or give me any options to see, the cause of the errors

    Liked by 1 person

    • Thor — I have added a screenshot to my blog showing a Failed Quality Gate instance from one of my applications. Clicking on any of the failed section, should show you the exact error details. Please check and let me know if you have any further questions.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: