SonarQube is an Open Source tool for continuous inspection of code quality. SonarQube has a collection of rules to analyze your source code at compile time to identify potential vulnerabilities, bugs, anti-patterns, refactoring and poor coding practices.
In my earlier article, I mentioned about integrating SonarQube with your TFS CI/CD build and rejecting code check ins when Quality Gates are not met –
One of the questions I received in an online forum was around Quality Gates and how to set it up. In this article, I will provide more insights about Quality Gates – what it is, the benefits of having it in place and how you can set it up while configuring SonarQube In your application.
What is a Quality Gate?
Quality Gates are the best way to ensure that standards are met and regulated across all the projects in your organization.Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating/ Unit Test Pass Rate and more.
To pass the Quality Gates, the project should pass through each of the thresholds set.
When SonarQube runs it will identify if the code meets all the quality thresholds you have set – else it will fail the Quality Gate and will not allow you to check in code to source control. This is a very powerful feature since it enforces code quality in your projects and automates the process.
How to setup your Quality Gates?
By default, a quality gate called as ‘SonarQube way’ is activated and applied to all your projects. You can also create new Quality Gates for your projects and define customized thresholds.
In a practical world, different projects will have different criteria’s – so you might want to create separate Quality Gates for your individual projects and verify the conditions.
Based on your projects, you can set up the metrics in your Quality Gate to explicitely throw a Warning or Error when the code crosses a threshold.
If you have any questions about setting up SonarQube in your applications, please let me know by adding a comment below. I would be happy to help and share my experience.
I am appending to this article to respond back to the comments on this blog.
If the Quality Gate fails while running the SonarQube stage in your CI/CD Pipeline, you can navigate to the SonarQube UI and see the exact cause of the Quality Gate failure. Please see below the screenshot from one of the failed Quality Gate instances on one of my application —