Blog post

Scaling Clean Code Across the Enterprise

Bruce Herbert photo

Bruce Herbert

Product Marketing Manager

5 min read

  • How we work
  • Quality
  • Security
  • Clean Code
  • Clean as You Code
Image of different elements of clean code going across the page in different ways symbolizing the enterprise.

Code is at the core of your software and dictates its behavior and performance. 

Clean code makes it easier for your development teams to introduce changes and enhancements to software because it is free of issues. No time is wasted reworking tangled or rigid code that is costly and disruptive to your business.

Clean code helps ensure that your software continues to be an asset—not a liability—and is a key driver for your business success. 

A true clean code solution for software development is maintainable, reliable, and secure. But what tools enable you to implement a clean code standard that can scale across your enterprise? This blog takes a closer look at some of those tools.

Quality Profiles

Quality profiles are a key part of your software development project configuration. They define the set of rules to be applied during code analysis.

Bugs and Vulnerabilities from Scaling Clean Code Across the Enterprise.

Every project has a quality profile set for each supported language. When a project is analyzed, you should be able to determine which languages are used and use the active quality profile for each of those languages in that specific project.

Built-in and default profiles

Sonar comes with a built-in quality profile defined for each supported language, called the Sonar way profile. The Sonar way activates a set of rules that should be applicable to most projects – it represents Sonar’s recommendations and it is updated in every release to include new rules.

In a newly set up instance, the Sonar way profile is the default for every language. The default profile is used for that language if no other profile is explicitly defined at the project level. The default profile for a given language can be changed.

Customizing a quality profile

The Sonar way profile is designed to be broadly suitable for most projects, but it is intended only as a starting point. In most cases, you will want to adjust your profile as your organization’s usage of Sonar progresses.

If you have multiple projects, you might also need to have different profiles for each. You might run into the following situations:

  • You have different technical requirements from one project to another.
  • You want to ensure stronger requirements for some of your projects than for others.

A couple of important points that should be noted regarding customizing Quality Profiles:

  • Make sure you revisit customized Quality Profiles periodically, especially after upgrades to include new rules and eliminate deprecated rules.
  • Keep the number of Quality Profiles at a minimum so that you don't end up in a situation where every project is following a different set of rules, i.e., consistency across the organization.

Quality Gates

Quality Gates enforce a quality policy in your organization by answering one question: is my project ready for release?

green passed sign for creating new enterprise code

To answer this question, you define a set of conditions against which projects are measured. For example:

  • No new blocker issues
  • Code coverage on new code greater than 80%

Ideally, all projects will use the same Quality Gate, but that's not always practical. For instance, you may find that:

  • Technological implementation differs from one application to another (you might not require the same code coverage on new code for Web or Java applications).
  • You want to ensure stronger requirements on some of your applications (internal frameworks for example).

You can define and manage as many Quality Gates as you need, and as a result, you can refocus Quality Gate conditions on issues that should be fixed immediately.


Thanks to the Sonar notification mechanism, you can be notified when a Quality Gate fails. Simply subscribe to the new quality gate status notification for all projects or a set of projects you're interested in. There are a few ways to get notified of a Quality Gate failure but the most common is email.

At the end of each analysis, notifications are computed for each subscribed user. Then, asynchronously, these notifications are sent via email.

Only users who subscribe themselves will get notifications. If you believe a user should be receiving notifications, then it may be time to practice the gentle art of persuasion.

Enterprise Reporting

Careful project planning and collaboration between development team members are key factors that make software development projects advance. It is important that your developers align their team on a shared definition of code health for their code analysis. 

Green Quality Gate passed with all conditions

Sonar’s project reports give development teams a current Quality Gate status and any failing conditions, plus the major metric values on new code. With a common understanding and carefully defined measures, code quality is maintained and projects are delivered on time.

Development teams can group projects that map to your enterprise hierarchy. Portfolios give them immediate insight into the health of all the projects across an entire department, including their projects’ releasability.

With Sonar, development teams can generate, export and schedule reports in PDF format to ensure visibility of key metrics to all stakeholders.

Conclusion on scaling enterprise code

When you need to scale a clean code standard across your enterprise, start by understanding the value of the tools described in this blog. With this foundation, you can help ensure that your software continues to be an asset and is key to your business success.

If you would like to see these tools in action, simply sign up for a 14-day free trial of SonarQube Enterprise Edition.

Free Video! Scale Clean Code across your enterprise with SonarQube.
Watch Now