Hi!! We are using Enterprise Edition v2026.1 and we are looking for users who deactivated Security Rules in Quality Profiles but when we look at the Changelog inside Quality Profiles there is no info about when or who deactivated the rule. For example, in “Quality Profiles => C# => Digital Quality Profile” we have 14 Inactive Security Rules but if we access the Changelog there are no Deactivated actions for any rule.
Does that mean the rules were already disabled by default?
Or is there another section where we can check the user who performed the action?
To be clear, you mean that there are 14 security rules that are not included in the profile?
It could mean they were never included in the profile to start with but it can’t mean they were removed on the SonarSource side. Why?
We don’t/can’t edit your custom profiles.
Even when we remove rules from Sonar way, that shows up in the change log.
Can you double-check that these rules did start out in your profile? Because I’ve just run a test on 2026.1.2 and the rules I removed from my Quality profile were reflected in the change log.
I have found that the rules that were not appearing as active are due to the fact that they belong to a profile that inherits from a Sonar way profile, and while they are active in the child, they appear as inactive in the parent’s summary.
I am new to the company and to SonarQube, and I could not figure out why that was happening, but I have now gained a better understanding of how Quality Profiles work.
) if you have more questions.