Quality standards and new code

Defining a quality standard

SonarQube helps you improve code quality as you write by focusing on new code and applying consistent quality standards. As a developer, you focus on maintaining high standards for the code you add or change. SonarQube gives you the tools to enforce those standards and take pride in shipping maintainable and secure code.

Focus on new code

By focusing on Defining New Code (code that has been added or changed according to your new code definition), you can make sure the code you write today is maintainable and secure.

The Defining New Code definition can be set at different levels (global, project, and, starting in Developer Edition, at the branch level). Depending on the level at which your new code definition is set, you can change the starting point to fit your situation.

For more information on setting your new code definition, check out Defining New Code.

Personal responsibility

By focusing on new code, you aren’t responsible for anyone else’s code. You own the quality and security of the code you are working on today. If you add new issues, SonarQube automatically assigns them to you so you can maintain the quality of your code.

For more information on issues and how they are assigned, check out the Issues page.

Quality gate

Your Quality gates is a set of conditions that tells you whether or not your project is ready for release. To support improving code quality as you write, your quality gate should:

• Focus on New code metrics – When your quality gate is set to focus on new code metrics (like the built-in Sonar way quality gate), new features can be delivered with high code quality and security. As long as your quality gate is green, your releases will continue to improve.

• Set and enforce high standards – When standards are set and enforced on new code, you aren’t worried about having to meet those standards in old code and having to remediate someone else’s code. You can take pride in meeting high standards in your code. If a project doesn’t meet these high standards, it won’t pass the quality gate, and is therefore not ready to be released.

• Be a reliable measure of code quality - When you consistently have a passing quality gate, you have a clear indication that developers can maintain high standards on all new code.

For more information on quality gates and to make sure your quality gate is enforcing your standards, check out the Quality gates page.

What does a quality gate focused on new code require?

A quality gate focused on new code helps you keep code quality and security high while changes are still easy to review and fix.

• No new bugs are introduced

• No new vulnerabilities are introduced

• All new security hotspots are reviewed

• New code has limited technical debt

• New code has limited duplication

• New code is properly covered by tests

For more information see Quality gates.

Pull request analysis

You can use pull request analysis and pull request decoration to make sure that your code meets your standards before merging. Pull request analysis lets you see your pull request’s quality gate in the SonarQube UI. You can then decorate your pull requests with SonarQube issues directly in your DevOps platform’s interface.

For more information on setting up pull request analysis and pull request decoration, see the documentation on Pull request analysis.

Potential drawbacks of stricter quality gates

A quality gate focused on new code is designed to keep each change maintainable and secure with the least amount of friction in the development process. Adding more conditions may lead to bottlenecks in the pace of development with minimal benefit. You also run the risk of an ignored quality gate because frequent failures may cause a debate on which conditions to prioritize.

It is also important to note that adding conditions on overall code will shift your focus away from new code to old code. This makes it harder for developers to take ownership of their own code because they also have to worry about older code.