...
Create a new tool with Tool Type: Salesforce Code Analyzer.
Navigate to the Validation Rules tab to add a new scan rule.
Click + New SFDX Scan Rule and complete the form:
Name - Provide a unique name for the Scan Rule
Category - Select a Category. Choose from the following: Security, Best Practices, Performances, Code Style, Design, Documentation, Error Prone, ECMAScript6, Possible Errors, Variables, or Stylistic Issues.
Threshold - Provide a number for threshold to be used against the Category selected. During the scan, if the number of vulnerabilities is higher than the threshold, the pipeline step will fail.
Quality Gates - Select a Rule and Threshold/Count. If there are more vulnerabilities than the Threshold in the particular Rule, the Quality Gate will fail.Click Create to save the form.
...
Create a new pipeline step and select Tool Type: Salesforce Code Analyzer. Save the step and then click the gear icon to configure it.
In Step Configuration, make the following selections to configure the step:
Step Tool - Select the configured Jenkins tool containing the Salesforce Code Analyzer job.
Job - Select the Salesforce Code Analyzer job.
Build/Package Step - Choose the pipeline step you wish to scan.
Select Salesforce Scan Tool - Select the configured Salesforce Code Analyzer job.
Quality Gates -Once the pipeline is configured properly, it can be triggered.
...
To view the results from the scan, view the Pipeline Activity Logs.
Locate the column containing the Sfdx Code Scan Report and click it.
View Summary and Execution details to analyze Quality Gates.
...