Quality Gates
Quality gates are sets of conditions that a project must meet to be considered "production ready." Bob the Fixer uses quality gates to determine if your code passes or fails quality checks.
Understanding Quality Gates
A quality gate evaluates your code against defined thresholds:
QUALITY GATE STATUS
Status: ❌ **FAILED**
CONDITIONS:
✗ **new_bugs**
- Comparator: LT (less than)
- Actual Value: 3
- Error Threshold: 1
- Status: ERROR
✓ **new_vulnerabilities**
- Comparator: LT
- Actual Value: 0
- Error Threshold: 1
- Status: OK
Built-in Templates
Bob the Fixer provides three quality gate templates:
Strict Template
Zero tolerance for quality issues. Best for production-ready code.
| Metric | Condition | Threshold |
|---|---|---|
| New Bugs | Less than | 1 |
| New Vulnerabilities | Less than | 1 |
| New Code Smells | Less than | 1 |
| New Coverage | Greater than | 80% |
| New Duplication | Less than | 3% |
Use when:
- Deploying to production
- Building security-critical applications
- Working on financial or healthcare software
Balanced Template (Default)
Reasonable thresholds for most projects.
| Metric | Condition | Threshold |
|---|---|---|
| New Bugs | Less than | 1 |
| New Vulnerabilities | Less than | 1 |
| New Blocker Issues | Less than | 1 |
| New Critical Issues | Less than | 1 |
| New Coverage | Greater than | 60% |
| New Duplication | Less than | 5% |
Use when:
- Standard development workflow
- Most enterprise applications
- Team projects with code review
Permissive Template
Relaxed rules for legacy or experimental code.
| Metric | Condition | Threshold |
|---|---|---|
| New Blocker Issues | Less than | 1 |
| New Critical Issues | Less than | 5 |
| New Duplication | Less than | 10% |
Use when:
- Working with legacy codebases
- Rapid prototyping
- Gradual quality improvement
Setting Quality Gates
During Auto-Setup
Set up this project with a strict quality gate
Uses sonar_auto_setup with template: "strict".
In Configuration
Add to your bobthefixer.env:
SONAR_QUALITY_GATE=strict
Via MCP Tool
{
"template": "strict",
"force": true
}
Checking Quality Gate Status
Via AI Assistant
Check if my project passes the quality gate
Uses sonar_get_quality_gate tool.
Response Format
QUALITY GATE STATUS
Status: ✅ **PASSED**
CONDITIONS:
✓ **new_bugs**
- Actual Value: 0
- Error Threshold: 1
- Status: OK
✓ **new_vulnerabilities**
- Actual Value: 0
- Error Threshold: 1
- Status: OK
✓ **new_coverage**
- Actual Value: 75.5
- Error Threshold: 60
- Status: OK
PERIOD:
- Mode: REFERENCE_BRANCH
- Date: 2024-01-15
Clean as You Code Status: COMPLIANT
Quality Metrics Explained
Bug Metrics
| Metric | Description |
|---|---|
bugs | Total bugs in all code |
new_bugs | Bugs in new/changed code only |
reliability_rating | A-E rating based on bugs |
Vulnerability Metrics
| Metric | Description |
|---|---|
vulnerabilities | Total security vulnerabilities |
new_vulnerabilities | Vulnerabilities in new code |
security_rating | A-E rating based on vulnerabilities |
Code Smell Metrics
| Metric | Description |
|---|---|
code_smells | Total maintainability issues |
new_code_smells | Code smells in new code |
sqale_rating | A-E maintainability rating |
Coverage Metrics
| Metric | Description |
|---|---|
coverage | Overall test coverage % |
new_coverage | Coverage of new code |
line_coverage | Lines covered by tests |
branch_coverage | Branches covered by tests |
Duplication Metrics
| Metric | Description |
|---|---|
duplicated_lines_density | % of duplicated code |
new_duplicated_lines_density | Duplication in new code |
duplicated_blocks | Number of duplicate blocks |
Clean as You Code
Bob the Fixer follows SonarQube's "Clean as You Code" methodology:
- Focus on new code - Don't get overwhelmed by existing issues
- Set clear standards - Define what "clean" means for your project
- Fail fast - Catch issues before they merge
Quality gates primarily evaluate new code to:
- Prevent new issues from entering the codebase
- Allow gradual cleanup of legacy code
- Keep the feedback loop tight
Customizing Quality Gates
In SonarQube UI
- Open http://localhost:9000
- Go to Quality Gates
- Create or copy an existing gate
- Add/modify conditions
- Set as default for your project
Condition Operators
| Operator | Meaning | Example |
|---|---|---|
LT | Less than | bugs LT 1 (must have 0 bugs) |
GT | Greater than | coverage GT 80 (must have >80%) |
EQ | Equals | Rarely used |
NE | Not equals | Rarely used |
Best Practices
Starting a New Project
- Use Strict template
- Configure CI to fail on quality gate failure
- Review and fix issues before merging
Improving Legacy Code
- Start with Permissive template
- Track metrics over time
- Gradually tighten thresholds
- Focus on new code first
Team Guidelines
| Practice | Recommendation |
|---|---|
| PR Checks | Block merge on quality gate failure |
| Coverage | Require tests for new code |
| Reviews | Use issue reports in code review |
| Monitoring | Track quality metrics in dashboards |
Troubleshooting
"Quality gate not found"
Ensure the project has been scanned at least once:
Scan this project with autoSetup: true
"No data for quality gate"
Quality gates need analysis data. Run a scan first:
Scan this project and then check the quality gate
Gate always failing
Check which conditions are failing:
Which quality gate conditions are failing?
Then address the specific metrics:
- Coverage: Add more tests
- Bugs: Fix detected issues
- Duplication: Refactor duplicate code
Next Steps
- SonarQube Integration - Full metrics reference
- Technical Debt - Understanding debt estimates
- Configuration - Customize quality settings