Viewing portfolios
This feature is only available in the Enterprise plan.
A portfolio is a set of projects within your enterprise that enables an aggregate view of the project metrics and risks. More precisely, a portfolio consists of project branches and for each project, you can add a single long-lived branch to the portfolio.
Before you can view the Enterprise-level reports, your organization must be added to an enterprise. For more information, see the Managing your enterprise page.
Retrieving a portfolio
- Click My Portfolios in the top navigation bar and select your enterprise
- The Portfolios home page lists all the portfolios that belong to this organization. Use the search box to narrow down the results.
- Here, you can review the portfolio’s overall code ratings, including the number of projects with the worst rating, see the number of Lines of Code analyzed, and see the number of projects included in the portfolio.
- Click on the portfolio name to view more details.
See the Managing portfolios article for more information about how to create, edit, and delete portfolios.
Portfolio metrics
The reliability, security vulnerabilities, security review, and maintainability ratings are calculated as the average of the ratings for all projects included in the portfolio.
SonarQube Cloud converts each project's letter rating to a number, calculates an average number for the projects in the portfolio, and converts that average to a letter rating. Averages ending with .5 are rounded up, resulting in the "lower" of the two possible ratings, so an average of 2.5 would be rounded up to 3 and result in a "C" rating).
This gives a "problem density" measure for your portfolio's four axes: reliability, security vulnerabilities, security review, and maintainability.
Rating conversion: E->5, D->4, C->3, B->2, A->1
A risk level is associated with each metric, except for the Releasability:
- High: if at least one project in the portfolio is rated E or D.
- Medium: if at least one project in the portfolio is rated C or B.
- Low: If all projects in the portfolio are rated A.
Each metric is calculated by SonarQube Cloud for New and Overall Code.
Releasability
- The releasability rating is based on the proportion of projects in the portfolio that have passed their quality gate. The rating is as follows:
A: > 80%
B: > 60% and <= 80%
C: > 40% and <= 60%
D: > 20% and <= 40%
E: <= 20% - At the project level: The state of the quality gate associated with the project can be passed or failed.
Security
- The average security rating of all projects in the portfolio.
- At the project level: The security rating is related to issues that mark potential weaknesses to hackers. The rating is as follows:
A: 0 vulnerability
B: at least one minor vulnerability
C: at least one major vulnerability
D: at least one critical vulnerability
E: at least one blocker vulnerability
Reliability
- The average reliability rating of all projects in the portfolio.
- At the project level: The reliability rating is related to issues that mark code where you will get behavior other than what was expected. The rating is as follows:
A: 0 bugs
B: at least one minor bug
C: at least one major bug
D: at least one critical bug
E: at least one blocker bug
Maintainability
- The average maintainability rating of all projects in the portfolio.
- At the project level: The maintainability rating is related to issues that mark code that will be more difficult to update competently than it should. The maintainability rating is based on the technical debt ratio value (the ratio between the cost to develop the software and the cost to fix it). The default rating is as follows (this rating definition can be changed):
A: <= 0.05
B: > 0.05 and <= 0.1
C: > 0.1 and <= 0.20
D: > 0.2 and <= 0.5
E: > 0.5
Security review
- The average security review rating of all projects in the portfolio.
- At the project level: The security review rating is based on the percentage of reviewed security hotspots. Note that security hotspots are considered reviewed if they are marked as Fixed or Safe. The rating is as follows:
A: >= 80%
B: >= 70% and <80%
C: >= 50% and <70%
D: >= 30% and <50%
E: < 30%
Overview page
Once you retrieve a portfolio, you will land on an Overview page, which displays a summary of information from the project branches included in the portfolio for Releasability, Security, Reliability, Maintainability, and Security Review. The ratings are calculated on New and Overall code and include project distribution for a rating as well as a risk level.
Portfolio Breakdown page
The Portfolio Breakdown page lists the projects included in the portfolio for which you have the Browse permission. They are ordered according to the Releasability column. You can switch between New code and Overall code views.
Measures page
The Measures page provides an in-depth breakdown of metrics across your portfolio projects, helping you gain broader visibility. It includes:
- Software quality rating breakdown: View ratings breakdown across multiple projects at once.
- Code coverage visibility: Easily see code coverage at the portfolio level without manually aggregating project data.
- Duplication insights: View duplications by project in your portfolio to maintain high-quality, maintainable software. Note that his feature does not cover cross-project duplications.
- Lines of Code (LOC) tracking: Quickly understand LOC usage breakdown by language and by project.
See the Understanding measures and metrics article for more information about code metrics used in the Sonar solution.
Related pages
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
