Full documentation for SonarQube has moved to a new location: http://docs.sonarqube.org/display/SONAR

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 40 Next »

Quality profiles

Table of content

Overview

The "Quality profiles" service allows to define several sets of quality requirements and to associate those quality profiles to projects. Here is an example of quality requirement : "A method must not have a complexity greater than 10!". Out of the box, Sonar embeds several coding rules engines (like Checkstyle, PMD and Findbugs) and can easily host any new coding rule engines provided by Sonar plugins. A quality requirement is an active and configured rule. Most of the time, several sets of quality requirements need to be defined in order to fit all kind of projects. Indeed, the quality requirements are usually not the same when starting to develop from scratch an application or when maintaining an application which is 10 years old.

A quality profile can also be used to define some set of visual alerts on measures. Here is an example of alert : "Highlight the complexity by method measure in the project's dashboard when this complexity by method is greater than 3."

Here is the default page of the "Quality Profiles" service :

By default, the "Quality Profiles" service can be accessed by any anonymous user but all administration actions require to be first logged in as an administrator.

Browsing quality profiles

By going to the configuration menu at the top right, it is possible to view the quality profiles defined in Sonar.



For each profile, there is information :

  • Name of the profile
  • Number of mandatory rules activated ( + number of optional rules)
  • Possibility to export Checkstyle and PMD rule definition for the profile
  • Number of alerts defined within the profile
  • The default profile to be used for analysis
  • Number of projects specifically associated to the profile

And there is specific information, divided in three section:

Coding rules configuration

To browse the coding rules configuration for the profile, click on the name of the profile or on the number of rules activated.



At the top, a powerful search engine enables to filter easily the rules you are interested in, using the name of the rule, the plugin, the priority or the category it belongs to and whether it is activated or not.

At the bottom of the page, the list of rules that was filtered out. For each rule, the level of activation, the name, the plugin and the family. By clicking on the name, you expand the rule and get a description of the rule as well as its parameters if any.

Alerts configuration

To browse the alerts configuration for the profile, click on the number of alerts defined for the profile.



The list of alerts shows up : each alert consists of a metric, an operator and two thresholds, one for warning and one for error.


Association between projects and alerts

To see which projects are associated explicitly to a profile, click on the number of projects defined for the profile.



The list of alerts shows up : each alert consists of a metric, an operator and two thresholds, one for warning and one for error.

Create a new profile

In order to create a new quality profile, click on the "Create" button on the upper right and enter the name of the quality profile :

You can optionally provide some Checkstyle, PMD and Findbugs configuration files to fill the new quality profile with some existing rules configurations.

Copy an existing profile

In order to copy an existing quality profile, click on the "Copy" button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.

Edit a profile

In order to edit a quality profiles, click on the name of the quality profile. By default all rules activated on that quality profile are displayed. But you can also use the search form to filter only active rules from a plugin or search a rule by name in order to activate it :



When you have found the rule to change, you can activate or deactivate it, change its priority level, configure parameters of the rules.

Some "Bulk Change" actions are also available to quickly activate or deactivate a set of rules. For instance, you can easily add all Findbugs rules to an existing quality profile by : selecting this profile, searching for Findbugs rules and launching "Activate all" action :

Icon

It is only possible to edit the homemade quality profiles. The quality profiles coming by default with Sonar cannot be amended.

Icon

No extra validation action is required to make changes to the profile.

Edit alerts

To manage alerts configuration for the quality profile, click on the quality profile's name from the "Quality Profiles" page and then on the "Alerts" tab : 



From there it is possible to fully manage alerts, by adding new one, editing or deleting existing alerts. The principle is the following :

  • Choose the metric you are interested in
  • Choose an operator (is greater than, is less than)
  • Choose the value that will trigger a warning
  • Choose the value that will trigger an error

Any change to alerts will be used when the next analysis is performed

Associate a project to a profile

To associate a project to a quality profile, click on the quality profile's name from the "Quality Profiles" page and then on the "Projects" tab :

The projects associated to a profile will appear in the right hand box. It is possible to move projects around by selecting them and use one of the 4 actions listed. A project can be associated to only one profile at the time. When a project is not explicitly associated to a quality profile, Sonar uses the default quality profile to perform the next analysis.

Delete or rename a profile

Click on the "Delete" or "Rename" buttons : 

Deleting a quality profile, will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done , Sonar will use the default profile to perform the next analysis on the (ex-)associated projects.

Icon

It is only possible to delete a homemade quality profile. The 3 profiles coming by default with Sonar (Sun checks, Sonar way and Sonar way with Findbugs) cannot be deleted.

Backup/Restore profile

This backup/restore mechanism is useful for instance to promote a quality profile from a test environment to a production environment or to share quality profile with contractors.

Click on the "Backup" button to export an XML file :


To restore a quality profile, click on the "Restore profile" link on the upper right of the "Quality profiles" page, choose the XML file to restore and click on the "Restore profile" button :

Multiple activations of the same rule

Some rules can be activated multiple times in the same quality profile with different parameter's values. Checkstyle "Regexp Singleline" rule and PMD "XPath" rule are those kind of rules.

If a rule can be activated multiple times, a "Copy" button is available at the end of the rule description :


Clicking on the "Copy rule" button displays a form to define the new rule from the parent one :

Once the new rule has been created, it can be managed as any other rules :

Extend coding rules

Checkstyle and PMD provide extension mechanisms to develop your own coding rules. Tutorials to write such custom coding rules are available online for both Checkstyle and PMD. You can for instance define your own naming conventions, forbid access to a given API or anything else that is relevant in your context.

Once this is done, you must feed the Sonar web server with those coding rules extensions. Here are the process to follow for both Checkstyle and PMD coding rules.

Checkstyle

The Checkstyle coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/checkstyle/ directory.

A XML file must then be created in the same $SONAR_HOME/extensions/rules/checkstyle/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.

This XML file must look like the following example :

PMD

The PMD coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/pmd/ directory. Moreover, the JAR file must also contain the PMD ruleset XML file (in the following example, this XML file will be available through the classloader with the following path : rulesets/myruleset.xml)

A XML file must then be created in the same $SONAR_HOME/extensions/rules/pmd/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.

This XML file must look like the following example :

A full example is published in sonar sources. See the XML file and the Maven project

Since Sonar 2.3, it's now possible to define XPath rules directly into this XML file without any need to provide an additional jar file. Here is an example of an XPath rule defintion :

Edit associated projects

To manage the projects associated to a profile, click on the number of projects defined for the profile.



The projects associated to a profile will appear in the right hand box. It is possible to move projects around by selecting them and use one of the 4 actions listed. A project can be associated to only one profile at the time. When a project is not explicitly associated to a quality profile, Sonar will use the default quality profile to perform the next analysis.

Edit alerts

To manage alerts configuration for the profile, click on the number of alerts defined for the profile.




From there it is possible to full manage alerts, by adding new one editing or deleting existing alerts. The principle is the following :

  • Choose the metric you are interested in
  • Choose an operator (is greater than, is less than)
  • Choose the value that will trigger a warning
  • Choose the value that will trigger an error

Any change to alerts will be used when the next analysis is performed

  • No labels