How changing the mode of your instance effects your metrics

The concept of two modes

SonarQube Community Build includes a concept of two modes: Standard Experience and Multi-Quality Rule (MQR) Mode. 

In Standard Experience, you can use familiar workflows and categorization for issues such as bugs, vulnerabilities, and code smells without impacting your way of working.

In MQR mode you can use new concepts introduced in Clean Code. If you've already adopted the new software quality classifications and severities, you can continue using them in MQR Mode.

Standard Experience metrics

The Standard Experience encompasses the use of rule types such as bugs, code smells, and vulnerabilities, with a single type and severity level for each rule. This approach focuses on assigning severity to a rule based on the single software quality (security, reliability, or maintainability) it has the largest impact on. 

Severities in Standard Experience (Blocker, Critical, Major, Minor, and Info) are applied at the overall rule level.

Multi-Quality Rule Mode metrics

The new MQR Mode aims to more accurately represent the impact an issue has on all software qualities. It does this by assigning a separate severity to a rule for each software quality it might impact. This approach focuses on ensuring the impact on all affected software qualities is clear, not just the one most severely impacted. 

Severities in MQR Mode (Blocker, High, Medium, Low, and Info) are applied at the software quality level. 

Example and comparison

To illustrate the difference between Standard Experience and MQR Mode, let's examine the Arguments in long RUN instructions should be sorted rule in Docker: 

• When your code breaks this rule in Standard Experience an issue is raised with a Code Smell type and Minor severity level.
• In MQR Mode, however, an issue is raised that impacts all three software qualities at different severity levels: Maintainability (Medium), Reliability (Low), and Security (Low). This provides you with a more comprehensive picture of the issue's impact on your project.

Switching modes

Permissions

To change from Standard Experience to MQR Mode and vice versa, you need instance admin permissions.

To switch the mode in your SonarQube Community Build instance go to Administration > Configuration > General Settings > Mode and select either Standard Experience or Multi-Quality Rule Mode.

From Standard Experience to MQR Mode

After switching to MQR Mode you will notice some changes in your SonarQube Community Build instance:

• The severities levels for rules, issues and ratings are now Blocker, High, Medium, Low, and Info.
• Bugs, Vulnerabilities, and Code Smells are replaced with software qualities: Reliability, Security, and Maintainability. Security vulnerabilities are replaced with Security in Portfolios and Security Reports.
• Since issues might impact multiple software qualities, the number of issues may increase. This might also impact the outcome of your quality profiles and quality gates.
• You might have to update the conditions of custom Quality Gates to use them with the MQR metrics as some metrics might impact more than one software quality.
• Check if your API calls to the Sonar solution use the correct MQR Mode metrics. See the Metric definitions page for more details.
• If you are using the generic issue format for the analysis report, make sure to use the latest format version as outlined on the Generic formatted issue reports page.

From MQR Mode to Standard Experience

After switching to Standard Experience you will notice some changes in your SonarQube Community Build instance:

• The severities levels for rules, issues and ratings are now Blocker, Critical, Major, Minor, and Info.
• Reliability, Security, and Maintainability are replaced with Bugs, Vulnerabilities, and Code Smells types. Security is replaced with Security Vulnerabilities in Portfolios and Security Reports.
• Since issues impact only one type you might see different outcomes in your quality profiles and quality gates.
• You might have to update the conditions of custom Quality Gates to use them with the Standard Experience metrics.
• Check if your API calls to the Sonar solution use the correct Standard Experience metrics. See the Metric definitions page for more details.
• If you are using the generic issue format for the analysis report, make sure to use the latest format version as outlined on the Generic formatted issue reports page.