Our team recently had a discussion about including the default code analysis rules/configuration that are included with SonarQube in our version control system. As far as I understand, SonarQube rule status (enabled/disabled) is tracked in the database. Custom rules are either implemented as XPath rules or Java plugins. Please let me know if my understanding is correct.
What you can put into source control is an export of the relevant rule profiles, but:
I don’t think the export won’t include your XPath rules (I can’t find the relevant ticket right now. This would be worth testing on your end.)
I don’t think the notes / extended description you’ve added will be included in the export
Changes to the stored export won’t affect analysis unless you re-import it. And BTW that would mean deleting the existing profile and re-creating it with the import.