The Quality Profiles service is the heart of SonarQube, since it is where you define your requirements for:
- Files - by defining sets of coding rules to check (ex: A method must not have a complexity greater than 10)
- Projects - by defining sets of boolean thresholds on measures (alerts) to comply with (ex: The number of new critical issues must not be greater than 0)
Even if it is recommended that, for each language, all teams share a common quality profile, it is not always possible. That's why you can define as many quality profiles as you wish when:
- Technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications).
- You want to ensure stronger requirements on some of your applications (internal frameworks for example).
To manage quality profiles, go to Quality Profiles (under Settings in the top bar):
The Quality Profiles service can be accessed by any user (even anonymous users) but to make changes (create, edit or delete) a user must be logged in as a System administrator or a Quality Profile administrator (since version 3.6).
A project administrator can only change which profiles a project is associated with. See Project Administration#SettingQualityProfiles.
To create a quality profile, click on the Create button on the upper right and enter the name of the quality profile.
For some languages, such as Java and PHP, you can optionally provide configuration files for the external tools used during analysis in order to pre-populate the new quality profile with some existing rules configurations. For Java you can profile files for Checkstyle, PMD and Findbugs.
Go to the Coding rules tab. Because there are numerous available coding rules, a search engine is available:
A coding rule can be activated or deactivated. Its severity can be modified. Some rules have parameters which can also be modified:
Bulk change actions are available to quickly activate or deactivate a set of rules:
Status of Rule
Since version 3.6, to help you choose which coding rules to activate, each rule has a status:
- Beta: The coding rule has been recently implemented and we haven't gotten enough feedback from users yet. So, there may be false positives or false negatives.
- Deprecated: The coding rule should no longer be used because a similar, but more powerful and accurate rule exists.
- Ready: The rule is ready to be used in production.
Date of Creation of Rule
Since version 3.6, to help you spot the new coding rules, each rule has a creation date:
Multiple Activations of a Rule
Some coding rules, such as the XPath rule can be activated multiple times in the same quality profile with different parameter values.
If a rule can be activated multiple times, a Copy button is available:
Clicking on the Copy rule link displays a form to define the new rule:
Once the new rule has been created, it can be managed like any other rule.
To manage your alerts configuration, got to the profile's Alerts tab:
From there, it is possible to fully manage alerts, by adding new ones, editing or deleting existing ones. Choose:
- the metric you are interested in
- whether the alert will be checked against the current value of the measure or the variation of this measure (available since version 3.4)
- an operator (is greater than, is less than, etc.)
- the value that will trigger a warning
- the value that will trigger an error
Any changes will be applied during the next analysis.
Maintaining lots of quality profiles over time can be tedious. To ease this maintenance, quality profiles can be inherited. For each profile, you can decide whether it has a parent profile or not on the Profile Inheritance tab:
This means that the quality profile inherits all the coding rules defined in the parent profile. This is shown on the Coding rules tab by a small blue marker next to the coding rule:
A rule inherited from a parent cannot be deactivated. But it is possible to change its parameter(s) and/or its severity. As soon as one of these values is changed, a red marker replaces the blue marker:
Changes made to an inherited coding rule can be reverted by clicking on the Revert to parent definition button:
Extending Rule Description
- You can extend the description of a rule to give more details, add an internal description, etc. Your extension will be added to the rule in every quality profile and will be available to users when clicking on an issue:
- You can add a rule comment, in the context of a specific quality profile, explaining the reasons of the activation of the rule, it severity, etc. Rule comments are not shown to users outside of the Quality Profile administration interface.
Associating a Project to Quality Profile
To associate/dissociate projects to/from a quality profile, go to the Projects tab:
When a project is not explicitly associated to a quality profile, the default quality profile is used to perform the next analysis.
This backup/restore mechanism is useful for instance to:
- Promote a quality profile from a staging environment to a production environment.
- Share a quality profile with outsourced subcontractors who cannot access your SonarQube platform.
Click on the Backup button to export an XML file.
To restore a quality profile, click on the Restore profile link on the top right of the Quality profiles page, choose the XML file to restore and click on the Restore profile button:
In order to copy an existing quality profile, click on the Copy button next to the profile you want to copy. You are prompted to give the name of the new profile. The profile is the exact copy of the copied one. You can then make desired changes to the new quality profile.
Click on the Rename button. You are prompted to give the new name of the profile.
Click on the Delete button. You are prompted to confirm the deletion.
Deleting a quality profile will delete the alerts defined in the profile and will remove the association with projects. If nothing else is done, the default profile is used to perform the next analysis on the (ex-) associated projects.
It is possible to compare 2 quality profiles to understand the differences between them:
The comparison service shows all differences (rules in one profile but not in the other, parameters differences, etc.):
Profile Change Log
Every time a change is made to a quality profile, it is going to appear in the change log:
Extending Coding Rules
Custom coding rules can be added. See Extending Coding Rules for detailed information and tutorials.