Surface code coverage metrics from SonarQube in failed Scorecard rules

CQL captures allow you to extract specific values from entity data when a rule fails, making it easier for engineers to understand what went wrong. A typical use of captures is to show key quality metrics, such as code coverage, or detailed data like vulnerabilities in Scorecard rule failure messages. This helps engineers quickly understand why a rule is failing for an entity.

Capturing code coverage from SonarQube

You can use captures to surface quality metrics such as code coverage from third-party integrations like SonarQube.

1. Decide what data to show in the failure message. In this example, we want to display the code coverage metric reported by SonarQube.

2. While configuring a Scorecard, add a rule using a CQL capture. Use a CQL expression to capture the code coverage metric and apply a threshold: captures("code-cov", sonarqube.metric("coverage")) > 50

3. Customize the rule’s Failure message field to include the captured value. This message will appear when the rule fails (i.e., when coverage is 50% or lower):

This entity's code coverage metric from Sonarqube is:
{{context.evaluation.captures.code-cov}}%

1. After evaluation, view the Scorecard details. Navigate to the entity that failed the rule. Expand the failure message to view the captured code coverage value.

E