SonarQube Quality Profile update interval

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

Hi everybody,

We installed SonarQube 8.9 LTS around 5-6 months ago.

I need to make sure my understanding is correct. Please correct where you find it wrong.

Kotlin has a default quality profile and it has 49 rules (31 active and 18 inactive). it shows that it was updated 5 months ago (SQ shows 5 months ago for all quality profiles)


I know that we can copy this quality profile and make the remaining 18 rules, active.

  1. Why are there 18 rules inactive?
  2. Will they get activated if i upgrade to 9.1 or 9.2 or more automatically?
  3. What if I don’t want to upgrade SonarQube? new rules will be added to SonarQube default quality profiles but as inactive rules?
  4. Here Kotlin static code analysis: Boolean checks should not be inverted, Kotlin has 100 rules. Why don’t we have all the 100 rules in our Kotlin Quality Profile?
  5. Do Quality Profiles get updated automatically if we don’t upgrade the SQ version? (this is an important question to us)

For instance, by creating an extended version of Java Quality Profile, Java now has 653 rules, of which 43 are inactive. Among those 43 inactive rules, 37 rules are deprecated.

Nevertheless, Java static code analysis: Credentials should not be hard-coded shows that Java should have 649 rules, while 649 != 653 (what we have) and also 649 != 616 (excluding depcrecated rules).

I need some assistant to understand how to make out these numbers,

Thanks in advance.

Hi everybody,

May i ask for some attention to this thread?

Thanks a million

Hi again,

I appreciate if somebody shares his experience.

Not all rules make sense for all projects – so some rules are not included in the built-in Quality Profiles (which are meant to represent non-controversial, no-brainer rules that apply to every project). This should also answer Question #4.

Moving on…

Built-in Quality Profiles can change from SonarQube version to SonarQube version – and new rules (and changes to built-in Quality Profiles) are only available by upgrading SonarQube.

So the answer to Question #5 is no. represents what’s available in the bleeding-edge version of SonarQube (v9.7 and even rules deployed on SonarCloud that aren’t yet available on SonarQube), which is usually more rules than in an older version (like the SonarQube v8.9 LTS)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.