Managing portfolios

Portfolios home page is the central place for managers and tech leads to monitor the releasability of projects under their supervision.

This feature is only available in the Enterprise plan.

Releasability is based on the projects’ quality gates included in your portfolio. Each portfolio home page offers an aggregate view of the releasability status of all projects in the portfolio. See Viewing portfolios for more information.

Permissions

To manage a portfolio, you will need at least Edit permissions granted by the portfolio’s administrator. See Administering portfolios for more details.

Creating a portfolio

You can create a portfolio if you have the Create Portfolio permission enabled. See Create Portfolios permission for more details.

  1. Select My Portfolios in the top navigation bar and select the enterprise to which you want to add a new portfolio.

  2. Select Create portfolio on the Portfolios home page to start the portfolio creation wizard.

The Create portfolio button is found on your SonarQube Cloud organization's Portfolios page.

You can also create a portfolio by selecting the ‘+’ sign at the top right of the page.

Portfolio creation wizard

The wizard takes you through 4 steps of the portfolio creation process and the system automatically saves the information you have entered when you go to the next step. You can find the draft portfolios on the Portfolios home page and resume the process in case you get interrupted.

The third step when creating a portfolio in SonarQube Cloud is to set permissions for users. Select Save and continue when finished.

The portfolio creation process consists of the following steps:

  1. Add details: Choose the enterprise where the portfolio will reside if you have permission to more than one enterprise. Then, enter the portfolio name and description.

  2. Add projects: From the How do you want to add projects? dropdown menu choose projects either:

    • By name: This option shows the list of organizations and projects associated with them. Select the projects and choose the project’s branch you want to include in the portfolio.

    • By tags: Select existing tags by which you want to query projects and define the project branch to add to the portfolio. If you choose a branch other than the main branch, you need to specify the branch’s name.

    • By regular expression (RegEx) using project keys: Write RegEx to query the project by project key and define the project branch to add to the portfolio. If you choose a branch other than the main branch, you need to specify the branch’s name.

    • By organization: Select the organizations and define the project’s branch to include in the portfolio. If you choose a branch other than the main branch, you need to specify the branch’s name.

  3. Set permissions: Add portfolio Administer, Edit, and View permissions to specific groups and users or apply a permission template.

  4. Review: Take a final look at all the portfolio details and select Complete to finalize the process.

Currently, you cannot mix and match portfolio creation methods. For example, mixing RegEx and Tags to generate a list of projects for a portfolio is not possible. You can only use one method.

Once the portfolio is created, it will be populated with ratings for Releasability, Security, Reliability, Maintainability, and Security Review.

The maximum number of projects that you can add to your portfolio is 5,000.

Ensuring a reliable security report

To ensure a reliable security report, check that the relevant security rules are activated in your quality profiles for projects you have included in your portfolio. For instance, if no rule corresponding to a given OWASP category is activated in your quality profile, you won’t get Security issues or Security Hotspots linked to that specific category in the OWASP report. See Checking the security rules included in a project’s quality profile for more information.

Defining a portfolio with regular expressions (RegEx)

Following are some examples of RegEx that may help you write your own RegEx and retrieve matches against project keys.

Selects all projects with a key that includes “python”:

.*python.*

Selects all projects with a key that starts with “sonar”:

^sonar.*

Selects all projects with a key that ends with “-scanner”:

.*-scanner$

For more information about how to write regular expressions, see regex101.com

Editing a portfolio

With the Edit permission on a portfolio, you can add and remove projects from it. Note that you don’t add a project, but a long-lived branch of a project. Currently, you can only add a single branch per project.

To edit a portfolio in SonarQube Cloud, select Portfolio Definition from the Settings menu.

Proceed as follows:

  1. In the top navigation bar, go to My Portfolios and select your enterprise from the drop-down menu.

  2. On the Portfolios home page, select the portfolio you want to edit.

  3. Go to Settings > Portfolio Definition.

  4. Select Edit selection.

  5. From a list of organizations and projects to which you have permissions, select projects to include or exclude from the portfolio. Alternatively, use the search field to find projects by name.

  6. If the selected project contains several long-lived branches, select the branch to be added. By default, the main branch is selected.

  7. Select Save.

Deleting a portfolio

With the Edit permission on a portfolio, you can remove it from the system.

  1. In the top navigation bar, go to My Portfolios and select your enterprise from the drop-down menu.

  2. Select the portfolio you want to remove.

  3. Go to Settings > Delete portfolio.

Portfolio recomputation

The following events will trigger the recalculation of a portfolio:

  • When a project within the portfolio has a new analysis.

  • If a project is removed from an organization within the enterprise.

  • When an organization is removed from the enterprise.

For information on how ratings are calculated, see Understanding measures and metrics for more information.

Last updated

Was this helpful?