New Security Hotspots failures ignored when reporting to Gerrit #140

felipecrs · 2023-04-05T18:53:23Z

Jenkins and plugins versions report

Latest everything :)

What Operating System are you using (both controller, and any agents involved in the problem)?

Docker

Reproduction steps

Run a pre-submit build with SonarQube configured in pull request mode (I'm using the community plugin) and Sonar Gerrit
In this pre-submit, introduce a Security Hotspot issue like: e.printStackTrace() in the code.

Expected Results

For Sonar Gerrit to report the failure just like code smells, for example. The quality gate in SonarQube itself is marked as failing because of this new security hotspot:

If waitForQualityGate is called in Jenkins, it also returns the failing status:

Actual Results

Sonar Gerrit ignores the security hotspot failure, votes back a +1 to the change request.

Ideally it should vote according to the quality gate result, and should also post comments for security hotspots.

Anything else?

No response

The text was updated successfully, but these errors were encountered:

felipecrs added the bug label Apr 5, 2023

felipecrs changed the title ~~New Security Hotspots not being taken into account when reporting to Gerrit~~ New Security Hotspots failures ignored when reporting to Gerrit Apr 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Security Hotspots failures ignored when reporting to Gerrit #140

New Security Hotspots failures ignored when reporting to Gerrit #140

felipecrs commented Apr 5, 2023

New Security Hotspots failures ignored when reporting to Gerrit #140

New Security Hotspots failures ignored when reporting to Gerrit #140

Comments

felipecrs commented Apr 5, 2023

Jenkins and plugins versions report

What Operating System are you using (both controller, and any agents involved in the problem)?

Reproduction steps

Expected Results

Actual Results

Anything else?