SonarQube 质量门怪癖
[英]SonarQube Quality Gate Quirk
问题描述
When a QualityGate is defined in SonarQube, it's usually set with Absolute Values.
在 SonarQube 中定义 QualityGate 时,通常使用绝对值进行设置。 EG: Fail if the number of bugs is greater than 10. EG:如果错误数量大于 10,则失败。
So, as long as there are less than 10 bugs, it will pass.因此,只要少于 10 个错误,它就会通过。
What then happens in this scenario?那么在这种情况下会发生什么?
Scan No1 has 3 bugs: QualityGate PASSES Scan No1 有 3 个错误: QualityGate PASSES
Scan No2 has 3 bugs: QualityGate PASSES Scan No2 有 3 个错误: QualityGate PASSES
Scan No3 has 9 bugs: QualityGate PASSES Scan No3 有 9 个错误: QualityGate PASSES
Technically, Scan No3, has introduced 6 additional bugs but still passes because the threshold for failing the Quality Gate is an absolute value of 10 bugs, which potentially means that new vulnerabilities can be added as long as it doesn't breach the predetermined threshold.从技术上讲,Scan No3 引入了 6 个额外的错误,但仍然通过,因为质量门失败的阈值是 10 个错误的绝对值,这可能意味着只要不违反预定阈值,就可以添加新漏洞。
Is there a way to fail the Quality Gate based on metrics extracted from a previous analysis?有没有办法根据从以前的分析中提取的指标使质量门失败?
So...所以...
Scan No1 has 3 bugs: QualityGate PASSES Scan No1 有 3 个错误: QualityGate PASSES
Scan No2 has 3 bugs: QualityGate PASSES Scan No2 有 3 个错误: QualityGate PASSES
Scan No3 has 9 bugs: QualityGate FAILS Scan No3 有 9 个错误: QualityGate FAILS
Scan No4 has 2 bugs: QualityGate PASSES Scan No4 有 2 个错误: QualityGate PASSES
This way, code progressively becomes cleaner.这样,代码逐渐变得更干净。
1 个解决方案
解决方案1
0 2022-05-20 12:02:06
您可以在“新代码”而不是“在所有代码”上添加指标检查
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.