SonarQube – Setting up Quality Gates in your application

SonarQube is an Open Source tool for continuous inspection of code quality. SonarQube has a collection of rules to analyze your source code at compile time to identify potential vulnerabilities, bugs, anti-patterns, refactoring and poor coding practices.

In my earlier article, I mentioned about integrating SonarQube with your TFS CI/CD build and rejecting code check ins when Quality Gates are not met – 

SonarQube – Rejecting Code Check-in when Quality Gates are not met

One of the questions I received in an online forum was around Quality Gates and how to set it up. In this article, I will provide more insights about Quality Gates – what it is, the benefits of having it in place and how you can set it up while configuring SonarQube In your application.

What is a Quality Gate?

Quality Gates are the best way to ensure that standards are met and regulated across all the projects in your organization.Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating/ Unit Test Pass Rate and more.

To pass the Quality Gates, the project should pass through each of the thresholds set.

When SonarQube runs it will identify if the code meets all the quality thresholds you have set – else it will fail the Quality Gate and will not allow you to check in code to source control. This is a very powerful feature since it enforces code quality in your projects and automates the process.

How to setup your Quality Gates?

By default, a quality gate called as ‘SonarQube way’ is activated and applied to all your projects. You can also create new Quality Gates for your projects and define customized thresholds. 

Default Quality Gate

In a practical world, different projects will have different criteria’s – so you might want to create separate Quality Gates for your individual projects and verify the conditions.

Based on your projects, you can set up the metrics in your Quality Gate to explicitely throw a Warning or Error when the code crosses a threshold.

Quality Gate SonarQube

If you have any questions about setting up SonarQube in your applications, please let me know by adding a comment below. I would be happy to help and share my experience.

Categories: C#, SonarQube

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: