The Quality Profiles service is the heart of SonarQubeas SonarQube, since it is where you define your requirements onfor:
- Files - by defining sets of coding rules to check (ex: A method must not have a complexity greater thant than 10)
- Projects - by defining sets of boolean thresholds on measures thresholds (alerts) to comply with (ex: The number of new critical issues must not be greater than 0)
To manage quality profiles, go to Quality Profiles (under Settings in the top bar):
The Quality Profiles service can be accessed by any users user (even anonymous users) but any to make changes (create, edit or delete) require to a user must be logged in as a System administrator or a Quality Profile administrator (since version 3.6).
A project administrator can only change the quality which profiles associated to its project(s)a project is associated with. See Project Administration.
To create a quality profile, click on the Create button on the upper right and enter the name of the quality profile.
For some languages, such as Java and PHP, you can optionally provide some Checkstyle, PMD and Findbugs configuration files to fill for the external tools used during analysis in order to pre-populate the new quality profile with some existing rules configurations. For Java you can profile files for Checkstyle, PMD and Findbugs.
Go to the Coding rules tab. As Because there are numerous available coding rules, a search engine is available:
A coding rule can be activated or deactivated. Its severity and parameters can can be modified. Some rules have parameters which can also be modified:
Some bulk Bulk change actions are available to quickly activate or deactivate a set of rules:
- Beta: The coding rule has been recently implemented and we haven't get gotten enough feedback from users yet. So, it there may log some be false positives or generate some false negatives.
- Deprecated: The coding rule should no longer be used as because a similar one, but more powerful and accurate , rule exists.
- Ready: The rule is ready to be used in production.
Multiple Activations of a Rule
Some coding rules, such as the XPath rule can be activated multiple times in the same quality profile with different parameters parameter values. XPath rule is one of this kind.
If a rule can be activated multiple times, a Copy button is available:
Once the new rule has been created, it can be managed as like any other rulesrule.
To manage your alerts configuration, got to the profile's Alerts tab:
From there, it is possible to fully manage alerts, by adding new ones, editing or deleting existing ones. Choose:
- the metric you are interested in
- whether the alert will be checked against the current value of the measure or the variation of this measure (available since version 3.4)
- an operator (is greater than, is less than, etc.)
- the value that will trigger a warning
- the value that will trigger an error
Any changes will apply be applied during the next analysis.
This means that the quality profile inherits from all the coding rules defined in the parent oneprofile. This is shown on the Coding rules tab by a small blue marker next to the coding rule:
Extending Rule Description
- Extend You can extend the description of a rule to give more details, add an internal description, etc. This is going to be attached Your extension will be added to the rule in every quality profile and will also be available to users when clicking on an issue:
- Add You can add a rule comment, in the context of a specific quality profile, explaining the reasons of the activation of the rule, it severity, etc. Rule comments are not shown to users outside of the Quality Profile administration interface.
Associating a Project to Quality Profile
To associate/dissociate projects to/from a quality profile, go to the Projects tab:
This backup/restore mechanism is useful for instance to promote a quality profile from a staging environment to a production one environment, or to share quality profiles with subcontractors.
To restore a quality profile, click on the Restore profile link on the top right of the Quality profiles page, choose the XML file to restore and click on the Restore profile button:
Note that the profile you're importing must have a unique name. That is, it must not already exist in the SonarQube instance where you're trying to import it.
In order to copy an existing quality profile, click on the Copy button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.
Click on the Delete button. You are prompted to confirm the deletion.
Deleting a quality profile will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done, the default profile is used to perform the next analysis on the (ex-) associated projects.
Note that you will not be able to delete a language's default profile. Nor will you be able to delete a profile that is the parent of another profile.
It is possible to compare 2 quality profiles to understand the differences between them:
Every time a change is made to a quality profile, it is going to appear in the change log:
Note that setting a parent profile will appear in a change log as the addition of that profile's rules to this one.
Extending Coding Rules
Custom coding rules can be added. See Extending Coding Rules for detailed information and tutorials.