Quality standards and new code

SonarQube warns you whenever issues are detected in your new code. When you add new code to your projects, you usually touch a portion of the old code in the process. As a consequence, analyzing and cleaning new code allows you to fix issues in your old code and gradually improve the overall quality of your codebase.

Defining a quality standard

First, you define the code quality standard for your project: 

• With a quality profile, you define the set of rules to be applied during analysis. We recommend using the built-in quality profile, called Sonar way.  See Understanding quality profiles.
• With a quality gate, you define a set of conditions that the code must meet. By default, SonarQube implements a recommended quality gate called the Sonar way. See Managing quality gates.

Then, you define what is considered new code in your project, adapting your configuration to the nature of your project: versioned, continuous delivery, etc. 

Finally, you ensure your code is analyzed frequently and at different stages of its journey, in your IDE and your DevOps platforms. See SonarQube for IDE documentation.

Focus on new code

New code is code that you've recently added or modified. Different options can be used to define new code on a branch, project, or at global level. The new code definition tells SonarQube which part of the code is considered new during analysis.

SonarQube Community Build differentiates the analysis results on new code from overall code (overall code includes new and old code). To ensure you focus your efforts on new code, SonarQube highlights the status of new code in the UI. 

Likewise, the built-in quality gate Sonar way defines conditions applying to new code only.

New code definitions

SonarQube Community Build supports the following options for new code definition: Previous version, Number of days, Specific analysis, and Reference branch.

Except for the Reference branch option, SonarQube calculates a new code period with a start and end date. All the code that falls between the date of your last analysis and the start date is considered new code. The way the start date is calculated depends on the applying new code definition option. For information about the issue date calculation, see Issue management solution overview. 

Previous version

Any code that has changed since the most recent version increment of the project is considered new code. 

With this option, the new code period's start date is the date of the first analysis performed for the current project version. 

Number of days

Any code that has changed in the last X days is considered new code. 

With this option, the new code period's start date is the current date minus X days.

For example, setting the Number of days to 30 creates a new code period beginning 30 days before the current date. If no action is taken on a new code issue after 30 days, this issue becomes part of the overall code. The default value is 30 days, 7 or 14 days are other common values. The maximum possible value is 90 days.

Recommended option depending on project type

Depending on the type of project you're working on, the best option to use will vary.  Here are general use cases for various types of projects:

Configuration levels

The new code definition can be set at the global and project levels. 

The following applies:

• The project-level definition has precedence over the global-level definition.
• The global-level definition is called baseline for new code:
  • It applies by default to all projects. A specific new code definition can be applied to the project instead.
  • If it applies to a project, the project consistently uses the baseline for new code. Consequently, any modifications to the baseline will automatically be applied to the project. 
  • The default baseline for new code is the Previous version option. 

Three stages of SonarQube code review and analysis

1. The first base layer is code analysis in your SonarQube for IDE. This allows issues to be fixed as soon as they are introduced.
2. The pull request analysis layer ensures that all code to be merged is clean. 
3. The branch analysis layer guarantees that the main branch or another branch is ready for release or deployment.

Each layer has advantages in terms of speed and depth of analysis. We recommend implementing all three for the most comprehensive experience.

Related pages

• Setting the new code definition at the global level
• Configuring the new code calculation for your project
• Understanding quality profiles
• Managing quality gates