개요

품질 프로파일(Quality Profile)은 SonarQube의 핵심 서비스입니다. 품질 프로파일은 사용자가 정의한 코딩 규칙의 집합이기 때문입니다(예: Methods must not have a complexity greater than 10).

이상적인 경우, 모든 프로젝트는 특정 언어에 대해 동일한 품질 프로파일을 가져야 하나, 이러한 전제가 항상 현실적인 것은 아닙니다. 예를 들면, 다음과 같은 경우가 있습니다:

• 어플리케이션 사이에 기술적인 구현이 상이한 경우(예를 들면, Thread 기반 혹은 Non-Threaded 기반의 Java application을 구현하는 경우 코딩 규칙이 상이함)
• 특정 어플리케이션을 대상으로 더 확고한 기준을 적용하고자 하는 경우(예를 들면, 내부 프레임워크 등)
• 기타

어느 경우라도 사용자는 원하는 만큼의 품질 프로파일을 정의할 수 있습니다. 프로그래밍 언어별로 설정된 품질 프로파일을 관리하려면, Quality Profiles (top menu) 메뉴를 사용합니다.

모든 프로그래밍 언어 플러그인은 기본 프로파일을 내장하고 있기 때문에("Sonar way"), 특별한 설정 없이도 곧바로 소스 코드를 분석할 수 있습니다. 즉, 새로운 언어 플러그인을 추가하면, 최소한 하나의 품질 플러그인을 사용할 수 있습니다.

모든 프로그래밍 언어는 기본 품질 프로파일을 가집니다("Default" 태그로 표시됨). 특정한 품질 프로파일을 할당하지 않은 프로젝트는 해당 언어의 기본 프로파일을 사용해 분석됩니다.

SonarQube를 처음 사용한다면, Sonar way를 기본 프로파일로 사용하는 것도 좋습니다. Sonar way 프로파일은 해당 언어로 작성된 대부분의 프로젝트들에 적용 가능한 규칙들로 구성되어 있습니다. 하지만, 사용자의 프로젝트에 최적인 프로파일을 사용하고자 하는 경우에는 새로운 프로파일을 만들 것을 권장합니다(Sonar way를 복사하여 프로파일을 생성할 수 있습니다). 이 방법을 사용하면 Sonar way를 품질 프로파일의 기준선으로 활용해, 사용자가 생성한 프로파일의 변경 내역을 추적할 수 있기 때문입니다. 또한, Sonar way에는 플러그인의 신규 버전이 릴리스 될 때마다 새로운 규칙이 추가되기도 하고, 기존 규칙의 심각도가 조정되기도 합니다. Sonar way를 복사해서 생성한 품질 프로파일에 이러한 변경 사항이 자동으로 적용되지는 않지만, 생성한 품질 프로파일을 업데이트했다면, 새로운 Sonar way에 어떤 규칙들이 추가되었는지 비교해볼 수 있습니다("내가 만든 프로파일에 필요한 신규 규칙들을 모두 추가했는지 알 수 있을까요?" 항목 참조).

When starting from a new installation, it's tempting to use Sonar way as your default profile because it contains all the rules that are generally applicable to most projects. But as a best practice, you should create a new profile (you can populate it by copying the contents of Sonar way) and use it instead. Why? Because then Sonar way can serve as a baseline against which you can track your own profile as you make changes to it (and you will). Plus, Sonar way is typically updated with each new version of the plugin to add rules and sometimes adjust rule severities. These changes aren't applied to existing copies of the profile automatically, but once you've updated your copy, you can compare your profile against the Sonar way baseline to see which new on-by-default rules have been added. (See "Make sure I've got all the relevant new rules in my profile?" for details.) 

How do I...

Copy the rules from one profile to another?

Many times people want to work from a profile that's based on a built-in profile without actually updating the built-in profile. The easiest thing to do in this case is to go to the original profile, we'll call it Source, in Quality Profiles. From there, click through on the total number of rules in Source to land on the Rules page at a pre-narrowed search of Source's rules. Use Bulk Activate to turn Source's rules on in your target profile. 

Know what's changed in a profile?

When SonarQube notices that an analysis was performed with a profile that is different in some way from the previous analysis, a Quality Profile event is added to the project's event log. To see the changes in a profile, navigate to the profile (Quality Profiles > [ Profile Name ]), and choose Changelog. This may help you understand how profile changes impact the issues raised in an analysis.

Copy a profile from one SonarQube instance to another?

Use the Back up feature on the source instance to export the profile to an XML file. Use the Restore Profile feature on the target instance to import the file. Note that some limitations on this feature exist:

Apply a core set of rules plus additional rules to a project?

Let's say your company has a minimum set of coding rules that all teams must follow, but you want to add rules that are specific to the in use technology in your project. Those rules are good for your team, but irrelevant or even misleading for others. This situation calls for inheritance. Set up a base profile, we'll call it Root with your core set of rules. Then create a child profile, we'll call it Sprout. Once it's created, you can Change parent to inherit from Root, then add your missing rules.

Make sure my non-default profile is used on a project?

One profile for each language is marked the default. Barring any other intervention, all projects that use that language will be analyzed with that profile. To have a project analyzed by a non-default profile instead, start from Quality Profiles, and click through on your target profile, then use the Projects part of the interface to manage which projects are explicitly assigned to the profile.

Make sure I've got all the relevant new rules in my profile?

Each time a language plugin update is released, new rules are added, but they won't appear automatically in your profile. If you're using a built-in profile such as Sonar way, you can use the Restore Built-in Profiles option to update a built-in profile to what it would be in a fresh install.

If you're not using the default profiles, doing a restore is still a good first step. Then you can compare your profile to the built-in profile to see what new on-by-default rules you're missing.

Another option is to go to the Rules space, and use the Available Since search facet to see what rules have been added to the platform since the day you upgraded the relevant plugin.

And finally, the profile interface itself will help you be aware of rules added in a new plugin version in the Latest New Rules section on the right of the interface.

Compare two profiles?

Starting from the Quality Profiles page, click through on one of the profiles you'd like to compare, then use the Actions > Compare interface to select the second profile and see the differences.

Make sure I don't have any deprecated rules in my profile?

The Deprecated Rules section of the rules interface itself is your first warning that a profile contains deprecated rules. This pink-background section gives the total number of instances of deprecated rules that are currently active in profiles, and a breakdown of deprecated count per profile. A click-through here takes you to the Rules page to edit the profile in question.

Alternately, you can perform a Rules search for the rules in a profile (either manually or by clicking-through from Quality Profiles page) and use the Status rule search facet to narrow the list to the ones that need attention.

Security

The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means anyone can see which rules are included in a profile, and which ones have been left out, see how a profile has changed over time, and compare the rules in any two profiles.

To make rule profile changes (create, edit or delete) users must be granted the Administer Quality Profiles and Gates permission.

A project administrator can choose which profiles his project is associated with. See Project Settings for more.