Retrieving and viewing rules
How to retrieve and view SonarQube rules.
To retrieve and view rules:
From within your organization, select Rules in the navigation bar to see all the available rules.
Use filters to narrow your results.
A list of rules appears on the right side of the page.
Filters
You can filter the list of rules using the following criteria in the left sidebar:
Language: the language to which a rule applies.
Code Attribute: the single attribute evaluated by the rule. A code attribute contributes to the long-term value of your software. The possible values are: consistency, intentionality, adaptability, responsibility. For more information, see Code attributes.
Software Quality: the software quality addressed by the rule. The same rule may address several software qualities. The possible values are: security, reliability, maintainability. Fore more information, see Software qualities.
Severity (software quality): the impact level with which a software quality is impacted if the rule is broken. The possible values are: blocker, high, medium, low, info.
Type: the category of the issue raised by the rule if the rule is broken. The possible values are: bug, vulnerability, code smell, security hotspot.
Type severity: the severity of the issue or hotspot raised by the rule if the rule is broken. The possible values are : blocker, critical, major, minor, info. Note that quality gate conditions related to severity currently use type severities.
Tag: you can add tags to rules in order to classify them and to help discover them more easily.
Repository: the engine/analyzer that contributes rules to SonarQube Cloud.
Status: rules can have 3 different statuses:
Ready: the rule is ready to be used in production.
Beta: the rule has been recently implemented and Sonar hasn’t gotten enough feedback from users yet, so there may be false positives or false negatives.
Deprecated: the rule should no longer be used because a similar, but more powerful and accurate rule exists.
Security Category: security rules are classified according to well-established security standards such as CWE and OWASP Top 10. See the Security-related rules page for more detail.
Available Since: The date when a rule was first added on SonarQube Cloud. This is useful to list all the new rules since the last upgrade of a plugin, for instance.
Quality Profile: Inclusion in or exclusion from a specific profile.
Inheritance: Available when an inherited quality profile is selected. It filters inherited rules, other rules, or inherited rules that have been overridden by other settings.
Activation severity is available when an inherited quality profile is selected. It can filter by severity using the value chosen when the rule was activated in the quality profile.
Rule details
To see the details of a rule, either select the rule title or use the arrow keys to cycle through the list. Inside the detailed view, along side the basic rule data, you’ll also see which profiles the rule is active in.
Add/Remove tags:
You can add existing tags to a rule or create new ones, just enter a new name while typing in the text field. For more information, see Adding tags to a rule.
Note that some rules have built-in tags that you cannot remove. They are provided by the plugins that contribute the rules.
Extend description:
You can extend rule descriptions to let users know how your organization uses a particular rule or give more insight into a rule.
Commercial-level rules
There are commercial-level rules that are available in SonarQube Cloud to all plans. This availability is shown on the Sonar rules page.
In order for these rules to appear in SonarQube for IDE, it must be in connected mode. In the standalone mode these rules are not visible. See SonarQube for IDE for more information about the connected mode.
Related pages
Last updated
Was this helpful?