SBN

Using quality profiles in Sonar

Editor's Note: This post now contains outdated information. Read the documentation on the quality profiles instead.

Last month, Sonar 1.6 was released. The main feature of the new version is the ability to manage quality profiles. The purpose of this post is to explain what gap the functionality fills, to define what is a quality profile and to explain how to use it.

Prior to Sonar 1.6, it was only possible to run analysis with one set of defined coding rules per instance of Sonar. It means that within an instance of Sonar, it was not possible to process differently various types of projects (legacy application, technical libraries, new projects, …). They were all analyzed with the same set of rules. Therefore there was sometimes unnecessary noise around the quality data that made it difficult to see quickly what real action was required. Sonar 1.6 turns off this noise by allowing to define and simultaneously use several quality profiles.

A quality profile in Sonar consists of :

  • A set of activated coding rule among +600 available (PMD, Checkstyle and FindBugs) : an activation level (mandatory or optional) and parametrization for each rule
  • The definition of thresholds (warning and error) on critical metrics, to trigger automatic alerts

Once a quality profile is defined, projects can be associated to the so-defined profile.

Let's now describe how to use quality profiles in Sonar. To manage quality profiles, you need to first sign in and click on the configuration option at the top right of the screen. From there, any action linked to profile management can be performed :

Create a quality profile

This can be done by copying an existing profile : click on the copy button next to the profile to copy. You are prompted to give the name of the new profile. The newly created profile is the exact copy of the copied one. You can then make changes to the new profile.

The second solution is to create a profile from scratch by clicking on the create profile button.

Enter the name of the profile. You then have the possibility to upload your existing Checkstyle and PMD configuration files (the FindBugs configuration cannot be uploaded at this point in time in Sonar). Click on create to complete the process.

Associate a profile to a project

To manage the association project / profile, click on the number of projects defined for the profile in the main management screen.

Association is made by moving projects around. A project can be associated to one profile at the time. When a project is not explicitly associated to a quality profile, Sonar will use the default quality profile to perform the next analysis.

Association can be made as well at analysis time. This can be useful to force a profile during the very first analysis. Indeed until the project has been analyzed once, it is not possible to make the association through the web interface:

mvn ... -Dsonar.profile="Your profile name"


By combining this to the sonar.branch parameter, you get a new advanced functionality : analyzing the same project within two different quality profiles :

mvn ... -Dsonar.profile="Your profile name" -Dbranch=YOUR BRANCH

For a complete description of how to manage quality profile, you can refer to Sonar documentation.

*** This is a Security Bloggers Network syndicated blog from Sonar Blog RSS feed authored by Olivier Gaudin. Read the original post at: https://www.sonarsource.com/blog/using-quality-profiles-in-sonar