...

Once code is merged and a Sonar job is run, the results of the scan should be checked to ensure that proper line coverage has been met and there are no major vulnerabilities detected. If there is a lack of coverage or vulnerabilities reported, they should be addressed, preferably immediately, though a bug could be entered to prioritize and track this required work.

Refer to to the POMBA Build Process section for more details.

Build Jobs

Verify Jobs

The verify jobs are engaged when code is submitted to the repository in order to confirm builds wouldn't break due to the inclusion of the change.

...