What is SonarQube
SonarQube is an open-source platform which is developed by SonarSource. SonarQube is one of the DevOps tools which is known for automated code review and continuous inspection of code quality. As a result, this tool helps in delivering clean code and reviewing static analysis of code to detect bugs, code smells, and security vulnerabilities. It can also perform analysis on 20+ different languages. SonarQube helps you get rid of technical debt by making your code base readable and streamlined. The technique shown in the next graphic shows how Sonar aids in code analysis
What is SonarQube Portfolio
To continuously monitor the reliability of the projects under a manager or tech lead supervision the SonarQube portfolio home page is very useful. Also, the portfolio is based on the quality gate used by projects.
The portfolio depicts the following things:
- overall releasability
- graph showing the reliability trend
- number of project branches scanned
- how many branches are failing or passing the quality gate, etc
The portfolio’s overall health is shown by the reliability, vulnerabilities, maintainability scores, and security review for both new code and existing code.
Releasability rating: The percentage of projects in the portfolio that have passed the quality gate is the releasability rating.
A: > 80%
B: > 60%
C: > 40%
D: > 20%
E: <= 20%
Reliability, security vulnerabilities, security review, and maintainability ratings
The scores for each project in a portfolio are averaged as a result to provide the ratings for reliability, security vulnerabilities, security assessment, and maintainability.
SonarQube calculates the average number for all of the projects in the portfolio, translates that average to a letter rating, and then turns each project’s letter rating into a number.
The “lowest” of the two possible ratings is assigned to averages ending in .5, so an average of 2.5 would be rounded up to 3 and receive a “C” rating.
Portfolio PDF report
By choosing Download as PDF in the top-right corner of a portfolio’s main page, you can download a PDF overview of the portfolio. So for instance, if you’re heading into a meeting where you might not have access to your SonarQube instance, this is incredibly helpful.
Selecting Subscribe from the “Portfolio PDF Report” selection will enable you to sign up to receive PDFs by email. The reported frequency can be configured to daily, weekly, or monthly at the portfolio and global levels. The monthly cycle is the default.
Steps to create a portfolio
- Go to the Administration
- Click on Configuration
- From the dropdown list select the Portfolios section
- Click on Create Option
- Fill in all necessary details
- Give portfolio name
- Description (optional)
- Provide a key to the portfolio
- Click on Create
- Select visibility of portfolio – public or private
- Now the portfolio is created, so you can select Projects and branches selection mode: Manual
- Thereafter add the required project whose portfolio needs to be created
- Click on Open Dashboard and then you will be able to view portfolio health factors
Benefits of SonarQube Portfolio
- Display combined data for multiple projects
- Easy to view Reliability, security vulnerabilities, security review, and maintainability ratings in a single dashboard for multiple projects
- Even without a Sonar instance running at any one time, data analysis can be done via the Portfolio PDF output.
The primary location for managers and tech leaders to monitor the Releasability of the projects under their control is the Portfolio Home Page. SonarQube as a result has given us this extremely useful portfolio option, which makes work simple. One can easily view Ratings of reliability, security flaws, security assessment, and maintainability for numerous projects in a single dashboard.