Application security rating difference between the overview and measures dashboard

Using the last version 9.9 LTS.

We notice on application analyses that the Security rating is a C in the Overview dashboard and the rating of E on the Measures dashboard.

The correct rating is normally C, because based on the average of all projects rating in the application as stated in the documentation: Portfolios

image 2-5.png

Why the rating in the Measures dashboard is E, based on the worst score of the projects?

Hi @Doudou ,

Welcome to the Sonar Community!

Note that these ratings are calculated differently between Applications and Portfolios. For Applications, all of these ratings are calculated in the same manner as an individual Project, not an average of the containing Projects. In the case of Application Security Rating, it should reflect the highest severity Vulnerability for all issues on all Projects.

Let me know if additional clarification is needed.


Hi Brian

thank you for your answer, i am not sure about understanding. So the portfolio rating is based on the applications rating average (Portfolio rating) and the application rating should have the same rating as the most vulnerable project (applications metrics),

In our case the application rating is E

but why in the overview dashboard, the rating of the application (not portfolio) is different and it seems using the rating average “C” ? is the application considered as subportfolio ?

Many thanks,

Hello @Doudou ,

I have not been able to reproduce this. Did you block out the other ratings or a \re they not appearing?
Can you make sure your Portfolio and Application have been recalculated? It should automatically happen when a component Project is analyzed but you can force using Application/Portfolio Settings > Edit Definition Page.



i cannot give more details than my screenshots and the ratings were differents even after recalculated but the topic is not blocker. thank you for your trying.
may be i will back to you in the future if our teams ask me the question again.