Where in sonar cloud can I find who and when a quality profile was set as default?

We had a quality profile changed to be the new default. How can I find the user who did that and when it was done?

Hello Andrew!

When you are on your organization page, you can go to the Quality profiles page of your organization. From there you can click on the quality profile you want to monitor, and once you are on the quality profile page you want, then you can see the changelog thanks to the top right button that you can see in the following screenshot:

I hope this helps!

@Gregoire_Aubert - The changelog shows changes to the quality profile. I’m asking about who changed the DEFAULT quality profile for a language. That does not appear in this changelog, and someone changing the default quality profile and affecting several hundred projects is an audit detail that we need to know.

Hello,

Sorry I misunderstood your question. Indeed this information doesn’t appear in the changelog and it’s not something we track right now.
But it’s a big deal you are right, and you should be able to know who and when such things are done. I’ll make sure we discuss the topic.

In the meantime you can still control who can do that by giving or not the “Administer Quality Profile” permission.

That’s unfortunate that its not present. Our administrator group for sonar is ~40-50 people (includes dedicated devops/scm staff and each team lead). One of them changed the default quality profile and gate to one that is being tested out for about a dozen of our projects, and this created havoc and interruption for the other 650+ projects that were not supposed to be using that yet.

We only know who did it because they did it by mistake and were honest about it. Someone acting maliciously is not going to be honest about it.

I’m sure this represents a legal or regulatory issue for some, so I hope thats enough to get it a high priority. It would also be great if changes like this could send notifications to the admin group, or require some kind of approval workflow. That would be ideal, but a simple audit trail would satisfy for now.

1 Like