The Quality Profiles service is the heart of SonarQube, since it is where you define your requirements for:
- Files - by defining sets of coding rules to check / non-functional requirements (ex: A method Methods must not have a complexity greater than 10)
- Projects - by defining sets of boolean thresholds on measures (alerts) to comply with (ex: The number of new critical issues must not be greater than 0)
Even if it is recommended that, for each language, all teams share a common quality profile, it is not always possible. That's why you can define as many quality profiles as you wish whenIdeally, all projects will be measured with the same profile for any given language, but that's not always practical. For instance, you may find that:
- Technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications).
- You want to ensure stronger requirements on some of your applications (internal frameworks for example).
To Which is why you can define as many quality profiles as you wish. To manage quality profiles, go to Quality Profiles (under Settings in the top bar), where you'll find profiles grouped by language:
The Quality Profiles service can be accessed by any user (even anonymous users) but to make changes (create, edit or delete) a user must be logged in as a System administrator or a Quality Profile administrator (since version 3.6).
A project administrator can only change which profiles a project is associated with. See Project Administration.
To create a quality profile, click on the Create button on the upper right and enter the name of the quality profile.
For some languages, such as Java and PHP, you can optionally provide configuration files for the external tools used during analysis in order to pre-populate the new quality profile with some existing rules configurations. For Java you can profile files for Checkstyle, PMD and Findbugs.
Go to the Coding rules tab. Because there are numerous available coding rules, a search engine is available:
A coding rule can be activated or deactivated. Its severity can be modified. Some rules have parameters which can also be modified:
Bulk change actions are available to quickly activate or deactivate a set of rules:
No extra validation action is required to make changes to the quality profile.
Status of Rule
Since version 3.6, to help you choose which coding rules to activate, each rule has a status:
- Beta: The coding rule has been recently implemented and we haven't gotten enough feedback from users yet. So, there may be false positives or false negatives.
- Deprecated: The coding rule should no longer be used because a similar, but more powerful and accurate rule exists.
- Ready: The rule is ready to be used in production.
Date of Creation of Rule
Since version 3.6, to help you spot the new coding rules, each rule has a creation date:
Multiple Activations of a Rule
Some coding rules, such as the XPath rule can be activated multiple times in the same quality profile with different parameter values.
If a rule can be activated multiple times, a Copy button is available:
Clicking on the Copy rule link displays a form to define the new rule:
Once the new rule has been created, it can be managed like any other rule.
- the metric you are interested in
- whether the alert will be checked against the current value of the measure or the variation of this measure (available since version 3.4)
- an operator (is greater than, is less than, etc.)
- the value that will trigger a warning
- the value that will trigger an error
Any changes will be applied during the next analysis.
Maintaining lots of quality profiles over time can be tedious. To ease this maintenance, quality profiles can be inherited. For each profile, you can decide whether it has a parent profile or not on the Profile Inheritance tab:
This means that the quality profile inherits all the coding rules defined in the parent profile. This is shown on the Coding rules tab by a small blue marker next to the coding rule:
A rule inherited from a parent cannot be deactivated. But it is possible to change its parameter(s) and/or its severity. As soon as one of these values is changed, a red marker replaces the blue marker:
Alerts are not inherited from parent profiles.
Extending Rule Description
- You can extend the description of a rule to give more details, add an internal description, etc. Your extension will be added to the rule in every quality profile and will be available to users when clicking on an issue:
- You can add a rule comment, in the context of a specific quality profile, explaining the reasons of the activation of the rule, it severity, etc. Rule comments are not shown to users outside of the Quality Profile administration interface.
Associating a Project to Quality Profile
To associate/dissociate projects to/from a quality profile, go to the Projects tab:
This backup/restore mechanism is useful for instance to:
- Promote a quality profile from a staging environment to a production environment.
- Share a quality profile with outsourced subcontractors who cannot access your SonarQube platform.
Click on the Backup button to export an XML file.
To restore a quality profile, click on the Restore profile link on the top right of the Quality profiles page, choose the XML file to restore and click on the Restore profile button: Image Removed
Note that the profile you're importing must have a unique name. That is, it must not already exist in the SonarQube instance where you're trying to import it.
In order to copy an existing quality profile, click on the Copy button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.
Click on the Rename button. You are prompted to give the new name of the profile.
Click on the Delete button. You are prompted to confirm the deletion.
Deleting a quality profile will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done, the default profile is used to perform the next analysis on the (ex-) associated projects.
Note that you will not be able to delete a language's default profile. Nor will you be able to delete a profile that is the parent of another profile.
It is possible to compare 2 quality profiles to understand the differences between them:
The comparison service shows all differences (rules in one profile but not in the other, parameters differences, etc.):
Profile Change Log
Every time a change is made to a quality profile, it is going to appear in the change log:
Note that setting a parent profile will appear in a change log as the addition of that profile's rules to this one.
Extending Coding Rules
Custom coding rules can be added. See Extending Coding Rules for detailed information and tutorials.
Each language must have a default profile (marked with a green check). Projects that are not explicitly associated with a specific profile, and which do not have a
sonar.profile analysis property will be analyzed using the language's default profile.
The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means that anyone can see which rules are included in a profile, and which ones have been left out, see how a profile has changed over time, and compare the rules in any two profiles. Any user can also view the alerts associated with a profile, and the profile's inheritance tree, if any.
To make rule profile changes (create, edit or delete) users must be logged in as Quality Profile administrator.
A project administrator can choose which profiles his project is associated with. See Project Administration for more.