Configuring Quality Profiles
Quality Profiles are central to SonarQube, since this is where the security related rules are defined and assigned to projects. For additional information on Quality Profiles, refer to Quality Profiles in the SonarQube Documentation. Quality profiles for Checkmarx are automatically created by the Checkmarx SonarQube plugin, therefore security rules are already predefined. For additional information about rules, please refer to Rules in the SonarQube Documentation.
Traditionally, when starting with quality profiles, you would use the default profile Sonar Way because it contains all the rules that are generally applicable to most projects. In some instances you could define a Quality Profile that uses Sonar Way and Checkmarx rules.
Defining a Quality Profile using SonarWay and Checkmarx Rules
To create a new quality profile, refer to Quality Profiles in the SonarQube Documentation for further information and instructions.
Notice
Creating a new quality profile is required from v6.5 of SonarQube because the default profile (Sonar way) is read-only and cannot be edited.
Assigning a Checkmarx Quality Profile to a Project
Checkmarx Quality profiles and their predefined rules can be assigned to projects as explained below.