mulesoft-catalyst / mule-sonarqube-plugin

The Mule SonarQube Plugin provides the capability to do code inspecting and taking project metrics from a mule project using SonarQube.
The Unlicense
48 stars 69 forks source link

Quality gate does not fail in Pull Request #33

Open timothyconnolly5 opened 3 years ago

timothyconnolly5 commented 3 years ago

Using:

We are attempting to test a quality gate failure to prevent pull request completion and merge, however our quality gate never seems to fail.

Rule we are attempting to violate:

image

Code added which should trigger vulnerability:

image

and you can see the validation result as false for the specific file in Azure DevOps logs (starting line 3162)

image

Quality gate shows 0 new vulnerabilities, meaning the gate responds passed:

image

Therefore the quality gate is shown as passed in Azure DevOps (we have ALM integration set up). However, due to adding code which should trigger the rule, we would expect the quality gate to fail with 1 new vulnerability.

when doing overall code analysis on develop/master branches, the quality gate does successfully fail.

image

https://community.sonarsource.com/t/quality-gate-not-failing-in-pull-request/48754