The "Quality profiles" service allows to define several sets of quality requirements and to associate those quality profiles to projects. Here is an example of quality requirement : "A method must not have a complexity greater than 10!". Out of the box, Sonar embeds several coding rules engines (like Checkstyle, PMD and Findbugs) and can easily host any new coding rule engines provided by Sonar plugins. A quality requirement is an active and configured rule. Most of the time, several sets of quality requirements need to be defined in order to fit all kind of projects. Indeed, the quality requirements are usually not the same when starting to develop from scratch an application or when maintaining an application which is 10 years old.
A quality profile can also be used to define some set of visual alerts on measures. Here is an example of alert : "Highlight the complexity by method measure in the project's dashboard when this complexity by method is greater than 3."
Here is the default page of the "Quality Profiles" service :
By default, the "Quality Profiles" service can be accessed by any anonymous user but all administration actions require to be first logged in as an administrator.
Create a new profile
In order to create a new quality profile, click on the "Create" button on the upper right and enter the name of the quality profile :
You can optionally provide some Checkstyle, PMD and Findbugs configuration files to fill the new quality profile with some existing rules configurations.
Copy an existing profile
In order to copy an existing quality profile, click on the "Copy" button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.
Edit a profile
In order to edit a quality profiles, click on the name of the quality profile. By default all rules activated on that quality profile are displayed. But you can also use the search form to filter only active rules from a plugin or search a rule by name in order to activate it :
When you have found the rule to change, you can activate or deactivate it, change its priority level, configure parameters of the rules.
Some "Bulk Change" actions are also available to quickly activate or deactivate a set of rules. For instance, you can easily add all Findbugs rules to an existing quality profile by : selecting this profile, searching for Findbugs rules and launching "Activate all" action :
To manage alerts configuration for the quality profile, click on the quality profile's name from the "Quality Profiles" page and then on the "Alerts" tab :
From there it is possible to fully manage alerts, by adding new one, editing or deleting existing alerts. The principle is the following :
- Choose the metric you are interested in
- Choose an operator (is greater than, is less than)
- Choose the value that will trigger a warning
- Choose the value that will trigger an error
Any change to alerts will be used when the next analysis is performed
Associate a project to a profile
To associate a project to a quality profile, click on the quality profile's name from the "Quality Profiles" page and then on the "Projects" tab :
The projects associated to a profile will appear in the right hand box. It is possible to move projects around by selecting them and use one of the 4 actions listed. A project can be associated to only one profile at the time. When a project is not explicitly associated to a quality profile, Sonar uses the default quality profile to perform the next analysis.
Delete or rename a profile
Click on the "Delete" or "Rename" buttons :
Deleting a quality profile, will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done , Sonar will use the default profile to perform the next analysis on the (ex-)associated projects.
This backup/restore mechanism is useful for instance to promote a quality profile from a test environment to a production environment or to share quality profile with contractors.
Click on the "Backup" button to export an XML file :
To restore a quality profile, click on the "Restore profile" link on the upper right of the "Quality profiles" page, choose the XML file to restore and click on the "Restore profile" button :
Multiple activations of the same rule
Some rules can be activated multiple times in the same quality profile with different parameter's values. Checkstyle "Regexp Singleline" rule and PMD "XPath" rule are those kind of rules.
If a rule can be activated multiple times, a "Copy" button is available at the end of the rule description :
Clicking on the "Copy rule" button displays a form to define the new rule from the parent one :
Once the new rule has been created, it can be managed as any other rules :
Extend coding rules
Checkstyle and PMD provide extension mechanisms to develop your own coding rules. Tutorials to write such custom coding rules are available online for both Checkstyle and PMD. You can for instance define your own naming conventions, forbid access to a given API or anything else that is relevant in your context.
Once this is done, you must feed the Sonar web server with those coding rules extensions. Here are the process to follow for both Checkstyle and PMD coding rules.
The Checkstyle coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/checkstyle/ directory.
A XML file must then be created in the same $SONAR_HOME/extensions/rules/checkstyle/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.
This XML file must look like the following example :
The PMD coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/pmd/ directory. Moreover, the JAR file must also contain the PMD ruleset XML file (in the following example, this XML file will be available through the classloader with the following path : rulesets/myruleset.xml)
A XML file must then be created in the same $SONAR_HOME/extensions/rules/pmd/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.
This XML file must look like the following example :
Since Sonar 2.3, it's now possible to define XPath rules directly into this XML file without any need to provide an additional jar file. Here is an example of an XPath rule defintion :