Azure DevOps Server Version 17.143.28621.4 (2019 on premise)
SonarScanner for Azure DevOps Version 4.21.0
Mule SonarQube Plugin v1.0.4
We are attempting to test a quality gate failure to prevent pull request completion and merge, however our quality gate never seems to fail.
Rule we are attempting to violate:
Code added which should trigger vulnerability:
and you can see the validation result as false for the specific file in Azure DevOps logs (starting line 3162)
Quality gate shows 0 new vulnerabilities, meaning the gate responds passed:
Therefore the quality gate is shown as passed in Azure DevOps (we have ALM integration set up).
However, due to adding code which should trigger the rule, we would expect the quality gate to fail with 1 new vulnerability.
when doing overall code analysis on develop/master branches, the quality gate does successfully fail.
Using:
We are attempting to test a quality gate failure to prevent pull request completion and merge, however our quality gate never seems to fail.
Rule we are attempting to violate:
Code added which should trigger vulnerability:
and you can see the validation result as false for the specific file in Azure DevOps logs (starting line 3162)
Quality gate shows 0 new vulnerabilities, meaning the gate responds passed:
Therefore the quality gate is shown as passed in Azure DevOps (we have ALM integration set up). However, due to adding code which should trigger the rule, we would expect the quality gate to fail with 1 new vulnerability.
when doing overall code analysis on develop/master branches, the quality gate does successfully fail.
https://community.sonarsource.com/t/quality-gate-not-failing-in-pull-request/48754