The Quality Profiles service is the heart of SonarQube, since it is where you define your requirements for:
- Files - by defining sets of coding rules / non-functional requirements (ex: Methods must not have a complexity greater than 10)
- Projects - by defining sets of boolean thresholds on measures (alerts) to comply with (ex: The number of new critical issues must not be greater than 0)
Ideally, all projects will be measured with the same profile for any given language. However, that's not always practical. For instance, you may find that:
- Technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications).
- You want to ensure stronger requirements on some of your applications (internal frameworks for example).
Which is why you can define as many quality profiles as you wish. To manage quality profiles, go to Quality Profiles (under Settings in the top bar), where you'll find profiles grouped by language:
Projects may be explicitly associated with a specific profile. Projects that are not associated with a profile, and which do not have a
sonar.profile analysis property will be analyzed using the language's default profile. Each language's default profile is marked with a green check in the list of profiles.
The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means that anyone can see which rules are included in a profile, and which ones have been left out, as well as compare two profiles. Any user can also view the alerts associated with a profile, the profile's change log, and the profile's inheritance tree, if any.
To make rule profile changes (create, edit or delete) users must be logged in as either a System administrator or a Quality Profile administrator (since version 3.6).
A project administrator can choose which profiles his project is associated with. See Project Administration for more.