Start FreeLog in
SonarQube Cloud | Setting your standards | Managing quality profiles

Managing quality profiles

On this page

Quality profiles are a key part of your SonarQube Cloud configuration. They define the set of rules to be applied during code analysis.

Every project has a quality profile set for each supported language. When a project is analyzed, SonarQube Cloud determines which languages are used and uses the active quality profile for each of those languages in that specific project.

Go to organization name > Quality Profiles to see all the currently defined profiles grouped by language.

Built-in and default profiles

SonarQube Cloud comes with a built-in quality profile defined for each supported language, called the Sonar way profile (it is marked with the BUILT-IN tag in the interface). The Sonar way profile activates a set of rules that should be applicable to most projects. If your organization is on Free plan, Sonar way is the only quality profile available. See the Subscription plan page for more information.

In a newly set up organization, the Sonar way profile is the default for every language (marked with the DEFAULT tag in the interface). The default profile is used for that language if no other profile is explicitly defined at the project level. The default profile for a given language can be changed.

Customizing a quality profile

The Sonar way profile is designed to be broadly suitable for most projects, but it is intended only as a starting point. In most cases, you will want to adjust your profile as the project progresses.

If you have multiple projects, you might also need to have different profiles for each. You might run into the following situations:

  • You have different technical requirements from one project to another.
  • You want to ensure stronger requirements for some of your projects than for others.

New profiles can be created in two ways: 

  • Copying an existing profile and adjusting the copy.
  • Extending an existing profile.

Copying a quality profile

When you copy a profile, you clone all activated rules of the original. From here, you independently activate or deactivate rules to fit your needs; your new profile won't inherit changes made to the original profile.

Follow these steps to copy a profile:

  1. Go to the page of the profile you want to copy (organization name > Quality Profiles > profile name).
  2. Select Copy from the dropdown menu in the upper-right corner of the page.
  3. Give your new profile a name and select Copy.
  4. Modify the copy as needed.

Extending a quality profile

When you extend a profile, you create a child profile that inherits all the activated rules in the parent profile. You can then activate additional rules in the child, beyond those that are inherited. Follow these steps to extend a profile:

  1. Create a base profile with your core set of rules by clicking the Create button on the Quality Profiles page, or use an existing profile as a base profile.
  2. Find your base profile (organization name > Quality Profiles > profile name) and select Extend from the dropdown menu.
  3. After giving your new profile a name, SonarQube Cloud opens your new profile page.
  4. Below the Rules table, click Activate More to add rules to your extended profile.
  5. From the Inheritance table, you can see the hierarchy of inheritance for your profile, and you can change the parent profile by clicking Change Parent.

Your new profile has all of the activated rules from the profile you copied, but you can activate or deactivate any rules from the Rules table by clicking the numbers in the Active and Inactive columns.

You can grant permissions to other users or groups to manage specific quality profiles on that profile's page  under Permissions by selecting Grant permissions to more users.

Activating and deactivating rules in an extended profile

With an extended profile, you can activate additional rules to your extended profile or deactivate existing ones while still benefiting from any changes to the parent profile. This allows you to remain in sync with all new changes to the built-in Sonar way, such as benefiting automatically from new rules that we release as part of our default profiles.

Follow these steps to activate or deactivate rules in an extended profile:

Step 1: From the Quality Profiles page, select the name of the extended quality profile that you want to edit.

Step 2: Under Rule Breakdown you can see the list of rules, divided into Clean Code attributes, marked as either active or inactive

Step 3: The next step depends on whether you want to activate an inactive rule or deactivate an active rule: 

  1. To deactivate a rule, click on the hyperlinked number next to each Clean Code attribute to view the list of currently active rules. A list of currently active rules appears. Select a rule and click deactivate. 
  2. Once you have deactivated a rule, a message appears at the bottom of the Rule Breakdown box stating which rules have been deactivated. You can reactivate them again at any time by clicking through that link. 

3. To activate a currently inactive rule, click on the hyperlinked number next to each Clean Code attribute to view the list of currently inactive rules. A list of currently inactive rules appears.  Then, just select a rule and click activate.  

Differences between copying and extending

The key differences between an extension of a profile and a copy are:

  • With an extension, you can only activate rules that are deactivated in the parent. With a copy, you can activate or de-activate any rules you like. 
  • With an extension, any changes made to the parent will be automatically reflected in the child. This includes rules activated in the parent, rules deactivated in the parent, and new rules added to the parent by Sonar. With a copy, changes are not propagated because the copy is entirely independent.

Copied profiles are typically used to establish a new common profile that you want full control over and that can serve as the base profile for all your projects. Extension is typically used to provide customized profiles for projects which all follow a common base set of rules, but where each also requires different additional ones.

Delegating permission to manage quality profiles

This feature is only available in the Enterprise plan.

With the Administer Quality Profiles permission, you can authorize users or groups to manage a specific custom quality profile, it means:

  • Edit or delete the profile.
  • Associate the profile with projects. 
Allowing a user or group to manage a quality profile
  1. In the SonarQube Cloud UI, retrieve the quality profile.
  2. In the Permissions section, select Grant permissions to more users. The corresponding dialog opens.
  3. In the field, type the first characters of the user or group login/name you want to authorize. In the search results, select the user or group.
  4. Select Add. The added user or group is displayed in the Permissions section.
Removing a user's permission on a quality profile
  1. In the SonarQube Cloud UI, retrieve the quality profile.
  2. In the Permissions section, click  in front of the permission to be removed. A confirmation dialog opens.
  3. In the dialog, select Remove

Comparing two quality profiles

You can compare the activated rules between two quality profiles. This is especially useful when you're using a quality profile copied from another profile because you won't automatically inherit new rules added to the original quality profile.

To compare two profiles:

  1. From the Quality Profiles page, select the name of the first profile you'd like to compare.
  2. Select Compare from the drop-down menu.
  3. Select the second profile you'd like to compare from the Compare with drop-down menu.

From here you can push rules between the two profiles using the buttons.

Finding out what has changed in a quality profile

When SonarQube Cloud notices that an analysis was performed with a quality profile that is different in some way from the previous analysis, a quality profile event is added to the project's event log. To see the changes in a profile, navigate to the profile (organization name > Quality Profiles > profile name) and choose Changelog. This can help you understand how profile changes impact the issues raised in an analysis.

Additionally, users with the Administer Quality Profile privilege are notified by email each time a built-in profile is updated.

Importing a quality profile from another SonarQube Cloud organization

To import a profile from another SonarQube Cloud organization, do the following:

  1. From the source organization, open the quality profile you want to use.
  2. Select Back up from the drop-down menu. This exports the profile as an XML file.
  3. From the target organization, click the Restore button on the Quality Profiles main page.
  4. Choose the XML file that you exported previously, and click Restore.

Applying profiles to projects

One profile for each language is marked as the default. Barring any other intervention, all projects that use that language will be analyzed with that profile. To have a project analyzed by a non-default profile instead, start from Quality Profiles, and navigate to your target profile, then use the Projects part of the interface to manage which projects are explicitly assigned to that profile.

Ensuring your quality profile has all relevant new rules

From time to time new rules are added to SonarQube Cloud. New rules won't appear automatically in your profile unless you're using a built-in profile or a profile extended from a built-in profile (see Extending a quality profile, above).

If you're not using a built-in profile, you can compare your profile to the built-in profile to see which rules you're missing (see Comparing two quality profiles, above).

Another option is to go to organization name > Rules and use the Available Since search facet to see what rules have been added to the platform since the day you created your quality profile.

And finally, the Quality Profiles main page shows recently added rules in the Recently Added Rules section on the right side of the page.

Avoiding deprecated rules

The Deprecated Rules section of the Quality Profiles page has a pink background and is your first warning that a profile contains deprecated rules. This section gives the total number of instances of deprecated rule(s) that are currently active in each Quality Profile, and provides a breakdown of deprecated rule(s) per profile. Clicking through the Deprecated Rules section takes you either to the Rules page or to the relevant Quality Profile to investigate further.

Alternatively, you can perform a Rules search for the rules in a profile (either manually or by clicking through from the Quality Profiles page) and use the Status rule search facet (in the left sidebar) to narrow the list to the ones that need attention.

Security

The Quality Profiles page of a public project can be accessed by any user (even anonymous users). All users can view every aspect of any profile. That means anyone can see which rules are included in a profile, which rules have been left out, how a profile has changed over time, and compare the rules between any two profiles. To create, edit, or delete a profile, a user must be granted the Administer Quality Profiles permission. A project administrator can choose which profiles their project is associated with. 


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License