Quality standards and new code

Use SonarQube Cloud to confirm that all of your new code meets the highest standards of quality and security before moving to production.

SonarQube Cloud warns you whenever issues are detected in your new code. When you add new code to your projects, you usually touch a portion of the old code in the process. As a consequence, analyzing and cleaning new code allows you to fix issues in your old code and gradually improve the overall quality of your codebase.

Defining a quality standard

First, you define the code quality standard for your project:

  • With a quality profile, you define the set of rules to be applied during analysis. We recommend using the built-in quality profile, called Sonar way. See Understanding quality profiles.

  • With a quality gate, you define a set of conditions that the code must meet. By default, SonarQube implements a recommended quality gate called the Sonar way. See Understanding quality gates.

Then, you define what is considered new code in your project, adapting your configuration to the nature of your project: versioned, continuous delivery, etc.

Finally, you ensure your code is analyzed frequently and at different stages of its journey, in your IDE and your DevOps platforms. See SonarQube for IDE documentation.

Focus on new code

New code is code that you’ve recently added or modified. Different options can be used to define new code on a branch, project, or at global level. The new code definition tells SonarQube which part of the code is considered new during analysis.

SonarQube Cloud differentiates the analysis results on new code from overall code (overall code includes new and old code). To ensure you focus your efforts on new code, SonarQube highlights the status of new code in the UI.

Your project overview page in SonarQube Cloud provides an overview of issues found in New Code or in your Overall Code.

Likewise, the built-in Quality gates Sonar Way defines conditions applying to new code only.

When defining your quality gate in SonarQube Cloud, you can apply different conditions to new code and overall code.

New code definitions

SonarQube Cloud supports the following options for new code definition: Previous version, Number of days, Specific version, and Specific date.

SonarQube Cloud calculates a *new code period with a start and end date. *All the code that falls between the date of your last analysis and the start date is considered new code. The way the start date is calculated depends on the applying new code definition option (for information about the issue date calculation, see the Issue management solution overview page).

Previous version

Any code that has changed since the most recent version increment of the project is considered new code.

With this option, the new code period’s start date is the date of the first analysis performed for the current project version.

Number of days

Any code that has changed in the last X days is considered new code.

With this option, the new code period’s start date is the current date minus X days.

For example, setting the Number of days to 30 creates a new code period beginning 30 days before the current date. If no action is taken on a new code issue after 30 days, this issue becomes part of the overall code. The default value is 30 days, 7 or 14 days are other common values. The maximum possible value is 90 days.

Specific version

Any code that has changed since a specific, defined version of the project is considered new code.

With this option, the new code period’s start date is the date of the first analysis performed for the specific project version.

This option gives you more control over your new code than the Number of days option. For example, for a project that follows a continuous delivery model, it allows you to mark the start of a new cycle, where a number of days would not be accurate enough.

Specific date

Any code that has changed since a specific, defined date is considered new code.

With this option, the new code period’s start date is the specific date.

Depending on the type of project you’re working on, the best option to use will vary. Here are general use cases for various types of projects:

Use cases for new code definition option in SonarQube.

Configuration levels

The new code definition can be set at the organization and project levels with the following restriction:

  • ​Only the Previous version and Number of days options can be set at the organization level.

The following applies:

  • The new code option defined at the organization level (if any) is applied by default to all new projects.

  • The project-level definition has precedence over the organization-level definition.

  • By default, no organization-level new code definition is set.

When setting your new code period, Organization-level definitions have priority over Project-level definitions.

Focus on new code in the IDE

Focusing on new code can be a helpful strategy to avoid introducing new issues into your code base. SonarQube for IDE allows you to focus on new code by filtering issues shown in the IDE, as determined by your new code definition.

The Focus on new code feature highlights only new code and works when SonarQube for IDE is running in either SonarQube for IDE or standalone mode and must be enabled manually. Please see these instructions according to the IDE you’re using:

Three stages of SonarQube code review and analysis

  1. The first base layer is code analysis in your SonarQube for IDE. This allows issues to be fixed as soon as they are introduced.

  2. The pull request analysis layer ensures that all code to be merged is clean.

  3. The branch analysis layer guarantees that the main branch or another branch is ready for release or deployment.

Each layer has advantages in terms of speed and depth of analysis. We recommend implementing all three for the most comprehensive experience.

Last updated

Was this helpful?