Skip to main content

Configuring Quality Profiles

Quality Profiles are central to SonarQube since this is where the security-related rules are defined and assigned to projects. For additional information on Quality Profiles and security-related rules, refer to Quality Profiles and Rules in the SonarQube Documentation. Quality profiles for Checkmarx are automatically created by the Checkmarx SonarQube plugin, so security rules are predefined.

Traditionally, when starting with quality profiles, you would use the default profile Sonar Way because it contains all the rules generally applicable to most projects. Sometimes, you could define a Quality Profile that uses Sonar Way and Checkmarx rules.

Defining a Quality Profile using SonarWay and Checkmarx Rules

To create a new quality profile, refer to Quality Profiles in the SonarQube Documentation for further information and instructions.


Creating a new quality profile is required from v6.5 of SonarQube because the default profile (Sonar way) is read-only and cannot be edited.

Assigning a Checkmarx Quality Profile to a Project

Checkmarx Quality profiles and their predefined rules can be assigned to projects, as explained below.