# Portfolios

*Portfolios are available starting in* [*Enterprise Edition*](https://www.sonarsource.com/plans-and-pricing/enterprise/)*.*

## Portfolio Overview page <a href="#portfolios-home-page" id="portfolios-home-page"></a>

The Portfolio Overview page is the central place for managers and tech leads to keep an eye on the releasability of the projects under their supervision. **Releasability** is based on the projects’ quality gates included in the portfolio. Each portfolio home page offers an aggregate view of the releasability status of all projects in the portfolio.

Depending on the configuration of your SonarQube Server instance, the portfolio report is generated with metrics either from [Standard Experience](/sonarqube-server/2026.1/instance-administration/analysis-functions/instance-mode/standard-experience.md) or [MQR mode](/sonarqube-server/2026.1/instance-administration/analysis-functions/instance-mode/mqr-mode.md).

At the top of the page, you can see the overall releasablilty of the portfolio, a graph showing the releasability trend, and the number of project branches that are failing and passing their quality gate.

Reliability, Security (in MQR Mode) or Security Vulnerabilities (in Standard Experience), Security Review, and Maintainability ratings show the portfolio’s overall health, both for new code and overall code.

Below the new code rating for each metric, you see how many project branches are doing well and how many are at risk.

Below the overall code rating, a graph showing the trend for each metric is displayed, along with the number of at risk project branches.

## Rating conversion <a href="#reliability-security-vulnerabilities-security-review-and-maintainability-ratings" id="reliability-security-vulnerabilities-security-review-and-maintainability-ratings"></a>

Reliability, Security (in MQR Mode) or Security Vulnerabilities (in Standard Experience), Security Review, and Maintainability ratings for a portfolio are calculated as the average of the ratings for all projects included in the portfolio.

SonarQube Server converts each project’s letter rating to a number, calculates an average number for the projects in the portfolio, and converts that average to a letter rating. Averages ending with .5 are rounded up resulting in the "lower" of the two possible ratings, so an average of 2.5 would be rounded up to 3 and result in a "C" rating).

This gives a *problem density* measure on the four axes of Reliability, Security (in MQR Mode) or Security Vulnerability (in Standard Experience), Security Review, and Maintainability for your portfolio.

Rating conversion: E->5, D->4, C->3, B->2, A->1

<details>

<summary>Releasability</summary>

* The releasability rating is based on the proportion of projects in the portfolio that have passed their quality gate. The rating is as follows:\
  **A**: > 80%\
  **B**: > 60% and <= 80%\
  **C**: > 40% and <= 60%\
  **D**: > 20% and <= 40%\
  **E**: <= 20%
* At the project level: The state of the quality gate associated with the project can be passed or failed.

</details>

<details>

<summary>Security</summary>

* The average security rating of all projects in the portfolio.
* At the project level: The security rating is related to issues that mark potential weaknesses to hackers. The rating is as follows:\
  **A**: 0 vulnerability\
  **B**: at least one minor vulnerability\
  **C**: at least one major vulnerability\
  **D**: at least one critical vulnerability\
  **E**: at least one blocker vulnerability

</details>

<details>

<summary>Reliability</summary>

* The average reliability rating of all projects in the portfolio.
* At the project level: The reliability rating is related to issues that mark code where you will get behavior other than what was expected. The rating is as follows:\
  **A**: 0 bugs\
  **B**: at least one minor bug\
  **C**: at least one major bug\
  **D**: at least one critical bug\
  **E**: at least one blocker bug

</details>

<details>

<summary>Maintainability</summary>

* The average maintainability rating of all projects in the portfolio.
* At the project level: The maintainability rating is related to issues that mark code that will be more difficult to update competently than it should. The maintainability rating is based on the technical debt ratio value (the ratio between the cost to develop the software and the cost to fix it). The default rating is as follows:\
  **A**: <= 0.05\
  **B**: > 0.05 and <= 0.1\
  **C**: > 0.1 and <= 0.20\
  **D**: > 0.2 and <= 0.5\
  **E**: > 0.5

</details>

<details>

<summary>Security review</summary>

* The average security review rating of all projects in the portfolio.
* At the project level: The security review rating is based on the percentage of reviewed security hotspots. Note that security hotspots are considered reviewed if they are marked as **Fixed** or **Safe**. The rating is as follows:\
  **A**: >= 80%\
  **B**: >= 70% and <80%\
  **C**: >= 50% and <70%\
  **D**: >= 30% and <50%\
  **E**: < 30%

</details>

*Note: the Portfolio Overview page is also available at the sub-portfolio level*

## Portfolio breakdown <a href="#portfolio-breakdown" id="portfolio-breakdown"></a>

The Portfolio Breakdown page shows ratings for your portfolio’s **Releasability**, **Security**, **Reliability**, **Maintainability**, and **Security Review** for new and overall code. Additional columns include **Lines of code** and **Last analysis**.

### Viewing your portfolio details <a href="#viewing-your-portfolio-details" id="viewing-your-portfolio-details"></a>

The **Portfolio details** section shows the aggregated portfolio rating. If the projects included in the portfolio have AI Code Assurance enabled on their quality gates, additional ratings appear for:

* **AI Code Assurance enabled projects**
* **Projects without AI Code Assurance enabled**

See the [AI Code Assurance](/sonarqube-server/2026.1/ai-capabilities/ai-code-assurance.md) page for more information about enabling AI Code Assurance on your projects.

### Viewing the portfolio breakdown <a href="#viewing-the-portfolio-breakdown" id="viewing-the-portfolio-breakdown"></a>

The breakdown section includes a list of all projects, applications and nested portfolios included in your portfolio. The ![$contains-ai-code](/files/CbhFHzz92q9TXOM4NzNi) label indicates that the item includes AI-generated code, as marked by a Quality Standard admin.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [PDF reports](/sonarqube-server/2026.1/user-guide/viewing-reports/pdf-reports.md)
* [Managing portfolios](/sonarqube-server/2026.1/project-administration/managing-portfolios.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-server/2026.1/user-guide/viewing-reports/portfolios.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.