What is a Quality Gate
A quality gate is a set of conditions that indicates if theproject analyzed is "good enough for you or not" to be delivered to the next stage in your software life cycle. Those conditions are definedusing the metrics and KPI collected for each project.
It means, you can define the quality policy in your organization, required for each kind of project.
Quality Gates strategy
The first thought usually is: my organization has or will define a quality policy for ObjectScript language, so I will need only one quality gate to verify all my ObjectScript projects. In a small organization with a few projectsmaybe it could work, but usually it is not the best policy.
Probably you will have legacy projects with more than a decade of developers working on it, with legacy code inherited from older ObjectScript versions. And probably you will have many code from the years in which code guidelines where different or even didn't exist.On the other hand, you will start new projects, which means that you will be more strict on qulity policy.
After your first analysis of an existing project, you will get thousands of issues and probably a too big technical debt, so you will be scared about the product code and worried about how to get it solved as soon as possible. At this point, you should be quite as you cannot solve theproblem in a quick way and while probably it is currently on a production environment since years ago, just breath and let's think about. Now you have the picture of your situation and the best way to start is ensuring new code is well qualified, so you don't get a more degradated situation. At the same time, and after SonarQube is properly integrated in your development teams, you can start requesting for small improvements on each development cycle, so you will get a better code along time and avoiding to dedicate specific resources to solve the legacy problems.
SonarQube is provided with a "Sonar way" quality gate by default and read-only, so you cannot change its definition. This quality gate can be adjusted from release to release, accordingly to SonarQube's capabilities.
Since SonarQube 7.6, quality gate definitions has been simplified and the default "Sonar way" quality gate is focused on the quality in new code. It means you will hold your old code, but any change should left the situation not worst that it was.
Our recommendation is to create your own quality gates to adjust to what is important to you. And, at least, we recommend to create a quality gate for legacy projects and another one for new projects.
With this very basic approach you can, for example, ask for small improvements on legacy projects. So any developer involved in solving an issue or developing a new functionallity, will have to take care on makingsome improvement on his piece of code.
Along time, you will need to update your quality gates to have a better approach required for each situation. And probably you will finally have a quality gate for each legacy project and a quality gate for most of the new projects. It is important to do periodic reviews of your configuration to ensure the quality gate fits correctly for your needs on each project. We recommend you to review the quality gate after you close a major or minor release, while avoid it for build and revision releases.
Quality Gate status
At the top of each project page you can see if you project has passed or not the quality gate:
In case the quality gate validation fail, it will show the conditions of failure:
Security
Quality Gates can be accessed by any user (even anonymous users). All users can view every aspect of a quality gate.
To make changes (create, edit or delete) users must be granted theAdminister Quality Profiles and Gatespermission.
Aproject administratorcan choose which quality gates his/her project is associated with.
Define a Quality Gate (since SonarQube 7.6)
From the Quality Gate menu entry you will find a Create button. On click, you will be asked for the name you want to use.
A good start if it is your first quality gate is to go to "Sonar way" quality gate and click on Copy button.
Whatever the method you start, you will see the conditions applied for the quality gate.
You can add a new conditon from the Add Condition button. On the popup select the metric you want to test and then define the threshold for the given operator.
If you want to use a metric only over the new code, type "New Code" on the Metric dropdown and you will get all the new code metrics that you can use. The new code can be defined in different ways, but the most common is: code added from the previous version. We explain how to define it inbelow section.
Since SonarQube 7.6, operator is always defined by the system and there is no warning threshold.
After you define all your conditions, you can go down to Projects section in the same quality gate page definition and search for the projects in which you want to apply your new quality gate.
Configure default New Code period
To define the default leak period for any new project, go to Administration > Configuration > General settings, and select the General tab.
At this tab you will find the New Code section, where you cand define how is the new code period calculated:
Configure New Code period for aproject
From the project dashboard,go to Administration > General settings, and select the General tab.
At this tab you will find the New Code section, where you cand define how is the new code period calculated:
Define a Quality Gate (previous to SonarQube 7.6)
From the Quality Gate menu entry you will find a Create button. On click, you will be asked for the name you want to use.
A good start if it is your first quality gate is to go to "Sonar way" quality gate and click on Copy button.
Whatever the method you start, you will see the conditions applied for the quality gate.
You can add a new conditon from the Add Condition dropdown. After you select your metric, it will be added to the list and you can define the operator to use and the warning and error thresholds.
You can also define if you want to do the comparison for the absolute metric measure, or if you want to compare only the measure difference over the leak period.The leak period can be defined in different ways, but the most common is: code added from the previous version. We explain how to define it inbelow section.
After you define all your conditions, you can go down to Projects section in the same quality gate page definition and search for the projects in which you want to apply your new quality gate.
Configure default Leak period
To define the default leak period for any new project, go to Administration > Configuration > General settings, and select the General tab.
At this tab you will find the Leak section, where you cand define how is the leak period calculated:
Configure Leak period for aproject
From the project dashboard,go to Administration > General settings, and select the General tab.
At this tab you will find the Leak section, where you cand define how is the leak period calculated:
FAQs
How do you set a quality gate? ›
Define a Quality Gate (since SonarQube 7.6)
A good start if it is your first quality gate is to go to "Sonar way" quality gate and click on Copy button. Whatever the method you start, you will see the conditions applied for the quality gate. You can add a new conditon from the Add Condition button.
Quality gates are a comparable form of the stage gate model and also other phase gate models. It is suggested to separate projects in terms of quality gates into the four different categories of planning, design, development and deployment.
How do you pass the quality gate in SonarQube? ›With each SonarQube release, we automatically adjust this default quality gate according to SonarQube's capabilities. With the quality gate, you can enforce ratings (reliability, security, security review, and maintainability) based on metrics for overall code and new code.
What are the quality gates in agile? ›In Agile terms, they are like checklists for confirming deliverables are meeting defined requirements throughout the development process. Usually, these documents are defined and managed by project leaders or technical leads. They can be executed as meetings or reviews involving participants.
What is a quality gate in healthcare? ›Quality Gate means a minimum threshold of performance on the Quality Composite that must be achieved by Provider to have the opportunity to earn any portion of the EPHC Essentials Performance Payment.
What are the different types of quality gates? ›- 1) Creating a Quality Strategy.
- 2) Concise User Stories and Acceptance.
- 3) Creating Test Scenarios.
- 4) Pair Testing with Developers.
- 5) Performing Manual Verification.
- 6) Automated Regression Test.
If the process – whether it's traditional Stage-Gate or Agile-Stage-Gate – is executed effectively, gate meetings serve as decision-making forums where projects meet with one of four potential fates: go, kill, hold, and recycle.
What are the four 4 main stages of project quality management? ›The four main stages of project quality management are quality planning, quality control, quality assurance, and quality improvement.
What are the 4 components of project quality standards? ›Quality Through the Project Lifecycle. The four main components of a quality management process are Quality Planning, Quality Assurance, Quality Control and Continuous Improvement.
How to configure Quality Gates in Jenkins Pipeline? ›- get Jenkins and SonarQube up and running.
- install the SonarQube Scanner Jenkins plugin and configure it to point to our SonarQube instance.
- configure SonarQube to call the Jenkins webhook when project analysis is finished.
- create two Jenkins pipelines. ...
- run the pipelines and see it all working.
How do I ensure code quality in SonarQube? ›
- Step 1: Download and Unzip SonarQube. Prerequisites: Java (Oracle JRE11 or OpenJDK 11 minimum) ...
- Step 2: Run the SonarQube local server. ...
- Step 3: Start a new SonarQube project. ...
- Step 4: Setup Project properties and SonarScanner. ...
- Step 5: View your analysis report on Sonar Dashboard.
A Quality Gate outputs a status (Pass, Warn, Fail).
What are the quality gates important metrics? ›With the quality gate, you can enforce ratings (reliability, security, security review, and maintainability) based on metrics for overall code and new code. These metrics are part of the default quality gate.
How do you ensure quality in Agile? ›Agile Quality Management. Quality is addressed reactively through product testing and fixing issues. In agile, quality is addressed both proactively and reactively. Proactively through encouraging face-to-face communication, establishing coding standards, and pair programming.
How do I set the quality gate for a project in Sonarcloud? ›My Account > Notifications > Notifications per project. From there, select Add a project, search for Your project, and select New Quality Gate status.
What is a quality gate in manufacturing process? ›A quality gate is a critical point or milestone in a project at which certain quality criteria are checked before the next project phase can start. If the quality criteria are not met at a quality gate, the next project phase cannot start.
What is recommended quality gate for most projects? ›Recommended quality gate
We recommend the built-in Sonar way quality gate for most projects. It focuses on keeping new code clean, rather than spending a lot of effort remediating old code. Out of the box, it's already set as the default profile.