How to fail CI build if high priority security hotspots not reviewed in Sonarqube

As part of my use-case i want to fail my CI build step if high priority security hotspots are not reviewed. But it seems like we can not do this out of the box in Jenkins as part of SonarQube Scanner Plugin.

I guess it is a very valid use-case and there must be something around it.
There can be workarounds like getting the data as to how many security hotspots are on high priority and fail the CI based upon the output but i am more interested towards if this is achievable via SonarQube Scanner Plugin or any other plugin in Jenkins?

Hello @rishabhtayal72 and welcome to this community. :wave:

As far as I know, the SonarQube Scanner Plugin for Jenkins does not have a built-in feature to fail the CI build step based on the number of high-priority security hotspots detected by SonarQube.

However, there may be some workarounds you could use to achieve this functionality:

  1. Scripted Pipeline. I think one should stay away as much as possible from scripted pipelines, but they do exist. You could use a scripted Jenkins pipeline and leverage the SonarQube API to retrieve the number of high-priority security hotspots. Based on the count, you could then decide to fail the build step if the count is above a certain threshold.
  2. Custom Jenkins Plugin: If you have specific requirements or need more complex logic to determine when to fail the build based on SonarQube results, you could maybe develop a custom Jenkins plugin. :person_shrugging:
    This would give you full control over the build step and allow you to implement the desired behavior. :thinking:
  3. Propose this new feature (and its implementation) to the existing Sonar plugin.