# Quality gates

## Overview <a href="#overview" id="overview"></a>

Quality gates enforce a quality policy in your organization by answering one question: is my project ready for release?

To answer this question, you define a set of conditions against which projects are measured. For example:

* No new issues
* Code coverage on new code greater than 80%

See the **Defining quality gates** section below for more information on defining conditions.

Ideally, all projects will use the same quality gate, but that’s not always practical. For instance, you may find that:

* The technological implementation differs from one application to another (you might not require the same code coverage on new code for web applications as you would for Java applications).
* You want to ensure stronger requirements on some of your applications (internal frameworks for example).

For these reasons, you can define as many quality gates as you need. You can access the **Quality Gates** page from the top menu. From there, you can define and manage all of your quality gates.

## Quality gate permissions <a href="#quality-gate-permissions" id="quality-gate-permissions"></a>

By default, only users with the global **Administer quality gates** permission can edit quality gates. This is set at **Administration** > **Security** > **Global Permissions**.

SonarQube also allows users with the global **Administer quality gates** permission to give an expert or group of experts permission to manage a specific quality gate. These experts only have permission for that quality gate, *not all quality gates*. Grant permissions to specific quality gates on the Quality gate’s page (**Quality Gates** > <*Your quality Gate name*>) under the **Permissions** heading by selecting **Grant permissions to more users**.

## Defining quality gates <a href="#defining-quality-gates" id="defining-quality-gates"></a>

Each quality gate condition is a combination of:

* a measure.
* a comparison operator.
* an error value.

For instance, a condition might be

* measure: Blocker issue
* comparison operator: >
* error value: 0

Which can be stated as: No blocker issues.

## Use the best quality gate configuration <a href="#use-the-best-quality-gate-configuration" id="use-the-best-quality-gate-configuration"></a>

With a quality gate, you can compare ratings given to your code (reliability, security, security review, and maintainability) to the ratings set as thresholds in your quality gate conditions. This will determine whether your code passes the quality gate. Note that while test code quality impacts your quality gate, it’s only measured based on the maintainability and reliability metrics. Duplication and security issues are not measured on test code.

You should adjust your quality gates so that they provide clear feedback to developers looking at their project page.

Don’t forget that quality gate conditions must use differential values. For example, there’s no point in checking an absolute value such as: `Number of Lines of Code is greater than 1000`.

### Using Sonar way, the recommended quality gate <a href="#using-sonar-way-the-recommended-quality-gate" id="using-sonar-way-the-recommended-quality-gate"></a>

The *Sonar way* quality gate is Sonar’s recommended quality gate for your new code. It is provided by SonarSource, activated by default, and read-only.

This quality gate focuses on new code quality, rather than spending a lot of effort remediating old code.

**Conditions**

The Sonar way quality gate has four conditions:

* No new issues are introduced
* All new security hotspots are reviewed
* New code test coverage is greater than or equal to 80.0%
* Duplication in the new code is less than or equal to 3.0%

### Recommended quality gate conditions <a href="#recommended-quality-gate-conditions" id="recommended-quality-gate-conditions"></a>

We recommend configuring all your quality gates to meet the following conditions. A recommended quality gate ensures that:

* No new issues are introduced

OR

* Reliability Rating for new code is not worse than A
* Security Rating for new code is not worse than A
* Maintainability Rating for new code is not worse than A

In addition, they ensure that the following criteria are met:

* All new security hotspots are reviewed
* \[Configurable] New code has limited duplication
* \[Configurable] New code is properly covered by tests

For more information on these conditions see the [concepts](https://docs.sonarsource.com/sonarqube-server/10.3/user-guide/concepts "mention") and [metric-definitions](https://docs.sonarsource.com/sonarqube-server/10.3/user-guide/metric-definitions "mention") pages.

The duplication and coverage conditions are configurable to your specifications. The other conditions are locked and cannot be edited while maintaining a recommended configuration.

To further prevent the introduction of issues in your code, we recommend including the "No new issues are introduced" condition in your quality gate. To do this, click the **Review and optimize quality gate** button.

### Upgrading quality gates <a href="#upgrading-quality-gates" id="upgrading-quality-gates"></a>

You can upgrade your quality gate to meet the recommended conditions by clicking on **Review and Fix Quality Gate**. This will add any required conditions and leave your additional conditions unchanged.

## Quality gate status <a href="#quality-gate-status" id="quality-gate-status"></a>

The current status is displayed prominently at the top-left of your **Project** page:

![Passed quality gate](https://353248219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fl622HnhaCz6xSuy6XTfl%2Fuploads%2Fgit-blob-1e4ab4bde495d3253ffa01ef90a927dd5923e272%2F3e24b4c98bd8b6b3f4368b3adfec99f28a206887.png?alt=media)

Passed quality gate

## Getting notified when a quality gate fails <a href="#getting-notified-when-a-quality-gate-fails" id="getting-notified-when-a-quality-gate-fails"></a>

Thanks to the notification mechanism, users can be notified when there is a change in the quality gate status. To do so, subscribe to the **New quality gate status** notification either for all projects or a set of projects you’re interested in.

* To receive notifications on all projects, go to **My Accoun**t > **Notifications** > **Overall notifications** and select **Quality gate changes on all available projects**
* To receive notifications on a per-project basis, go to **My Accoun**t > **Notifications** > **Notifications per project**. From there, select **Add a project**, search for *Your project,* and select **Quality gate changes**.
  * Note that it is also possible to subscribe to manage your project notifications from the *Your Project* > **Project Information** > **Set notifications** menu.

{% hint style="info" %}
Note that notifications are sent only when the *Quality Gate status changes* from Passed to Failed, or from Failed to Passed.
{% endhint %}

## Security <a href="#security" id="security"></a>

Quality gates can be accessed by any user (even anonymous users). All users can view every aspect of a quality gate.

To make changes (create, edit, or delete) to quality gates and quality profiles, users must be granted the *Administer Quality Profiles and Gates* permission.

A project administrator can choose which quality gates their project is associated with. See [project-settings](https://docs.sonarsource.com/sonarqube-server/10.3/project-administration/project-settings "mention") for more details.