SonarQube Quality Gates Results and Handling Missing Base Image Data in Docker Scout

6th chunk of `content/manuals/scout/policy/_index.md`

3023ba2ced79bb3bf7447395826008fa913ee80dade7bc8c00000001000004c0



Once you push an image and policy evaluation completes, the results from the
SonarQube quality gates display as a policy in the Docker Scout Dashboard, and
in the CLI.

> [!NOTE]
>
> Docker Scout can only access SonarQube analyses created after the integration
> is enabled. Docker Scout doesn't have access to historic evaluations. Trigger
> a SonarQube analysis and policy evaluation after enabling the integration to
> view the results in Docker Scout.

## No base image data

There are cases when it's not possible to determine information about the base
images used in your builds. In such cases, the **Up-to-Date Base Images** and
**Approved Base Images** policies get flagged as having **No data**.

This "no data" state occurs when:

- Docker Scout doesn't know what base image tag you used
- The base image version you used has multiple tags, but not all tags are out
  of date

To make sure that Docker Scout always knows about your base image, you can
attach [provenance attestations](/manuals/build/metadata/attestations/slsa-provenance.md)
at build-time. Docker Scout uses provenance attestations to find out the base
image version.

Title: SonarQube Quality Gates Results and Handling Missing Base Image Data in Docker Scout

Summary

The SonarQube Quality Gates results are displayed as a policy in the Docker Scout Dashboard and CLI after image push and policy evaluation. Docker Scout requires new SonarQube analyses after integration to display results, lacking access to historic evaluations. If base image data is missing, the 'Up-to-Date Base Images' and 'Approved Base Images' policies show 'No data'. Provenance attestations can be attached at build-time to ensure Docker Scout knows the base image version.