The Quality Profiles service is the heart of SonarQubeas central to SonarQube, since it is where you define your requirements on:
by defining sets of
Methods must not have a complexity greater
Ideally, all projects will be measured with the same profile for any given language, but that's not always practical. For instance, you may find that:
- Technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications).
- You want to ensure stronger requirements on some of your applications (internal frameworks for example).
Which is why you can define as many quality profiles as you want. Indeed, the requirements are usually not the same while developing an application from scratch or maintaining an application which is 10 years old, while developing a technical framework or a web application. Then you can associate several quality profiles (one per language) to each project.To wish. To manage quality profiles, go to Quality Profiles (top bar):
The Quality Profiles service can be accessed by any users (even anonymous users) but any changes (create, edit or delete) require to be logged in as a System administrator or a Quality Profile administrator (since version 3.6).
A project administrator can only change the quality profiles associated to its project(s). See Project Administration.
To create a quality profile, click on the Create button on the upper right and enter the name of the quality profile:
You can optionally provide some Checkstyle, PMD and Findbugs configuration files to fill the new quality profile with some existing rules configurations.
Go to the Coding rules tab. As there are numerous available coding rules, a search engine is available:
A coding rule can be activated or deactivated. Its severity and parameters can be modified:
Some bulk change actions are available to quickly activate or deactivate a set of rules:
No extra validation action is required to make changes to the quality profile.
Status of Rule
Since version 3.6, to help you choose which coding rules to activate, each rule has a status:
- Beta: The coding rule has been recently implemented and we haven't get enough feedback from users yet. So, it may log some false positives or generate some false negatives.
- Deprecated: The coding rule should no longer be used as a similar one, more powerful and accurate, exists.
- Ready: The rule is ready to be used in production.
Date of Creation of Rule
Since version 3.6, to help you spot the new coding rules, each rule has a creation date:
Multiple Activations of a Rule
Some coding rules can be activated multiple times in the same quality profile with different parameters values. XPath rule is one of this kind.
If a rule can be activated multiple times, a Copy button is available:
Clicking on the Copy rule link displays a form to define the new rule:
Once the new rule has been created, it can be managed as any other rules.
- the metric you are interested in
- whether the alert will be checked against the current value of the measure or the variation of this measure (available since version 3.4)
- an operator (is greater than, is less than, etc.)
- the value that will trigger a warning
- the value that will trigger an error
Any changes will apply during the next analysis.
Maintaining lots of quality profiles over time can be tedious. To ease this maintenance, quality profiles can be inherited. For each profile, you can decide whether it has a parent profile or not on the Profile Inheritance tab:
This means that the quality profile inherits from all the coding rules defined in the parent one. This is shown on the Coding rules tab by a small blue marker next to the coding rule:
A rule inherited from a parent cannot be deactivated. But it is possible to change its parameter(s) and/or its severity. As soon as one of these values is changed, a red marker replaces the blue marker:
Alerts are not inherited from parent profiles.
Extending Rule Description
- Extend the description of a rule to give more details, add an internal description, etc. This is going to be attached to the rule in every quality profile and will also be available when clicking on an issue:
- Add a comment, in the context of a specific quality profile, explaining the reasons of the activation of the rule, it severity, etc.
Associating Project to Quality Profile
To associate/dissociate projects to/from a quality profile, go to the Projects tab:
This backup/restore mechanism is useful for instance to promote a quality profile from a staging environment to a production one or to share quality profiles with subcontractors.
Click on the Backup button to export an XML file.
To restore a quality profile, click on the Restore profile link on the top right of the Quality profiles page, choose the XML file to restore and click on the Restore profile button: Image Removed
In order to copy an existing quality profile, click on the Copy button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.
Click on the Rename button. You are prompted to give the new name of the profile.
Click on the Delete button. You are prompted to confirm the deletion.
Deleting a quality profile will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done, the default profile is used to perform the next analysis on the (ex-)associated projects.
It is possible to compare 2 quality profiles to understand the differences between them:
The comparison service shows all differences (rules in one profile but not in the other, parameters differences, etc.):
Profile Change Log
Every time a change is made to a quality profile, it is going to appear in the change log:
Extending Coding Rules
Custom coding rules can be added. See Extending Coding Rules for detailed information and tutorials.
, where you'll find profiles grouped by language. Here's an overview of this page:
As you can see above, language plugins always come with a predefined built-in profile (usually called "Sonar way") so that you can get started very quickly with SonarQube analyses. This is why as soon as you install a new language plugin, at least one quality profile will be available for you.
Each language must have a default profile (marked with a green check). Projects that are not explicitly associated with a specific profile will be analyzed using the language's default profile.
The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means that anyone can see which rules are included in a profile, and which ones have been left out, see how a profile has changed over time, and compare the rules in any two profiles.
To make rule profile changes (create, edit or delete) users must be granted the Administer Quality Profiles and Gates permission.
A project administrator can choose which profiles his project is associated with. See Project Administration for more.