Ctrlk
Start Free
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Portfolios

Portfolios allow you to track releasability and ratings information for multiple projects.

Portfolios are available starting in Enterprise Edition.

Retrieving a portfolio

To retrieve a portfolio:

  1. Go to Portfolios.

  2. Filter the list of portfolios by My Favorites, All or search for your portfolio by its name.

  3. Select Exclude sub-portfolios to filter the results to include top level portfolios only.

  4. Select your portfolio from the list of results. Once selected the portfolio Overview page opens.

Portfolio Overview page

The Portfolio Overview page is the central place for managers and tech leads to keep an eye on the releasability of the projects under their supervision. Releasability is based on the projects’ quality gates included in the portfolio. Each portfolio home page offers an aggregate view of the releasability status of all projects in the portfolio.

Depending on the configuration of your SonarQube Server instance, the portfolio report is generated with metrics either from Standard Experience or MQR mode.

Portfolio releasability

At the top of the page, you can see the overall releasability of the portfolio, a graph showing the releasability trend, and the number of project branches that are failing and passing their quality gate.

Reliability, Security (in MQR Mode) or Security Vulnerabilities (in Standard Experience), Security Review, and Maintainability ratings show the portfolio’s overall health, both for new code and overall code.

Portfolios ratings

Below the new code rating for each metric, you see how many project branches are doing well and how many are at risk.

Below the overall code rating, a graph showing the trend for each metric is displayed, along with the number of at risk project branches.

Rating conversion

Reliability, Security (in MQR Mode) or Security Vulnerabilities (in Standard Experience), Security Review, and Maintainability ratings for a portfolio are calculated as the average of the ratings for all projects included in the portfolio.

SonarQube Server converts each project’s letter rating to a number, calculates an average number for the projects in the portfolio, and converts that average to a letter rating. Averages ending with .5 are rounded up resulting in the "lower" of the two possible ratings, so an average of 2.5 would be rounded up to 3 and result in a "C" rating).

This gives a problem density measure on the four axes of Reliability, Security (in MQR Mode) or Security Vulnerability (in Standard Experience), Security Review, and Maintainability for your portfolio.

Rating conversion: E->5, D->4, C->3, B->2, A->1

Releasability

  • The releasability rating is based on the proportion of projects in the portfolio that have passed their quality gate. The rating is as follows: A: > 80% B: > 60% and <= 80% C: > 40% and <= 60% D: > 20% and <= 40% E: <= 20%

  • At the project level: The state of the quality gate associated with the project can be passed or failed.

Security

  • The average security rating of all projects in the portfolio.

  • At the project level: The security rating is related to issues that mark potential weaknesses to hackers. The rating is as follows: A: 0 vulnerability B: at least one minor vulnerability C: at least one major vulnerability D: at least one critical vulnerability E: at least one blocker vulnerability

Reliability

  • The average reliability rating of all projects in the portfolio.

  • At the project level: The reliability rating is related to issues that mark code where you will get behavior other than what was expected. The rating is as follows: A: 0 bugs B: at least one minor bug C: at least one major bug D: at least one critical bug E: at least one blocker bug

Maintainability

  • The average maintainability rating of all projects in the portfolio.

  • At the project level: The maintainability rating is related to issues that mark code that will be more difficult to update competently than it should. The maintainability rating is based on the technical debt ratio value (the ratio between the cost to develop the software and the cost to fix it). The default rating is as follows: A: <= 0.05 B: > 0.05 and <= 0.1 C: > 0.1 and <= 0.20 D: > 0.2 and <= 0.5 E: > 0.5

Security review

  • The average security review rating of all projects in the portfolio.

  • At the project level: The security review rating is based on the percentage of reviewed security hotspots. Note that security hotspots are considered reviewed if they are marked as Fixed or Safe. The rating is as follows: A: >= 80% B: >= 70% and <80% C: >= 50% and <70% D: >= 30% and <50% E: < 30%

Note: the Portfolio Overview page is also available at the sub-portfolio level

Portfolio breakdown

The Portfolio Breakdown page shows ratings for your portfolio’s Releasability, Security, Reliability, Maintainability, and Security Review for new and overall code. Additional columns include Lines of code and Last analysis.

Viewing your portfolio details

The Portfolio details section shows the aggregated portfolio rating. If the projects included in the portfolio have AI Code Assurance enabled on their quality gates, additional ratings appear for:

  • AI Code Assurance enabled projects

  • Projects without AI Code Assurance enabled

See the AI Code Assurance page for more information about enabling AI Code Assurance on your projects.

Viewing the portfolio breakdown

The breakdown section includes a list of all projects, applications and nested portfolios included in your portfolio. The $contains-ai-code label indicates that the item includes AI-generated code, as marked by a Quality Standard admin.

Related pages

PreviousRegulatory reportsNextMonitoring code metrics

Last updated

Was this helpful?