Can't put shared library used by multiple apps into portfolio

We have the same problem 4 years later on Sonarqube Enterprise 10.2.
We have applications using shared libraries, sometimes tied to different branches, ex:

Application 1

  • library 1 branch A

Application 2

  • library 1 branch B

Application 3

  • library 1 branch A

We need to create portfolios per customer or product suite. Real-world application development scenarios are complex and often driven by technical and business motivations; blocking the analysis of a portfolio because a shared library is used by multiple applications is clearly a bug; it cannot be a design choice. Portfolio functionality is currently unusable in many real-world scenarios.

We purchased sonarqube enterprise for the portfolio functionality, which was beautiful during the demo. Despite paying a lot of money we only found out later that it is not possible to open a support ticket or report a bug privately.

I kindly request that the bug be taken care of.


Welcome to the community!

I’ve moved your post to a new topic because the topic you posted in was nearly 4 years old. Per the FAQ, you should create a new thread if the one you’re thinking of adding to is more than 2 months old.

Regarding the content of your post, I’m sorry you’re disappointed in the Portfolio functionality. The reason a project can’t be present in a portfolio more than once is because it would screw up the math. For instance, if you were to put all three of your Applications, with their references to the same library, into the same portfolio, any issues in that library would be counted three times instead of just once.


Hi Ann,
thank you for your support.

It is not clear what you mean by “it would screw up the math”, this might be a correct way to work:

  • in the issues section all issues should be shown.
  • In the portfolio breakdown section the scores of individual applications should be shown.
  • The overview/security reports/measures sections should show the scores calculated on all projects (of applications or sub-portfolios), counting once project+branch. If different branches are present for a project, the same vulnerabilities should be counted only once.

The current behavior is clearly a bug, an unmanaged case, it is not correct that applications that have components in common cannot be put in a portfolio, it is a very common thing when developing product suites. The portfolio feature is designed to group applications and even other portfolios together.

Beyond the philosophy of how to do the calculations, it is not fair to demo such an important functionality by omitting such serious limitations.

Could you please open an issue on your ticket system?

Thank you for your support


You have the ability to add multiple branches of the same project to the hierarchy. However, with the current design of the feature, adding the same branches multiple times would make the figures hard to understand.

I understand your concerns. This request is not one that we frequently encounter.
We do not have any immediate plans to implement this change. However, your feedback has been noted and will be taken into consideration for possible future enhancements to the feature.