Qodana
The code quality platform for teams
Qodana 2023.1: Flexible Profile Configuration, Support for Migration to the Kotlin/JS IR Compiler, License Compatibility Checks for Go, Plugin Integrations, and 30+ New Inspections
Currently in preview, Qodana is a smart code quality platform by JetBrains. This powerful static analysis engine brings inspections from JetBrains IDEs to any CI pipeline, runs resource-intensive checks on the CI server, and saves you time and computing resources. Enjoy support for more than 60 technologies and analyze unlimited lines of code.
The new Qodana release is live with major enhancements to help you ensure your code is of the highest quality. Version 2023.1 brings much more flexibility to the static analysis step of your CI pipeline. We’ve introduced a smart way to configure checks for scanning your projects, and we’ve implemented perhaps the easiest way to add plugins to your Qodana static analysis engine.
Read on to see the full list of major updates or jump straight to linter-specific enhancements.
Major updates
Flexible profile configuration with the new YAML format
Inspection profiles are a key part of your Qodana configuration. They define a set of inspections that Qodana will apply to your code while running its analysis.
Starting from version 2023.1, Qodana provides flexible profile configuration capabilities in the human-readable YAML format, making it even easier to customize your inspection profile and adjust it as your project progresses. Here are the options for fine-tuning your analysis:
- [NEW] Group inspections and manage such groups.
- [NEW] Include existing and compose new profiles.
- Enable and disable inspections.
- Set up inspection parameters.
- Configure the inspection scope.
For example, you can exclude the PhpDeprecationInspection
inspection from the Qodana for PHP linter while inspecting your code using the PHP/General inspection category.
name: "PHP/General without PhpDeprecationInspection" inspections: - group: "category:PHP/General" enabled: true # Enable the 'PHP/General' category - inspection: PhpDeprecationInspection enabled: false # Disable the PhpDeprecationInspection inspection
See the documentation to learn more about custom profiles.
Major refactoring of default profiles
Qodana offers two types of default profiles – qodana.starter, which is used for vital checks only and is ideal for the initial scan of the project, and qodana.recommended, which enables a preselected set of inspections that are broadly suitable for most projects.
We’ve rewritten both profiles, bringing them into alignment with the Default profile provided in our IDEs. This change provides more transparency and allows you to ensure that the inspections run by Qodana and your IDE are mostly the same, facilitating a more consistent approach to code quality.
The updated qodana.recommended profile can be found on GitHub. This profile matches the Default IDE profile with a few exceptions:
- For more lightweight analysis, all global inspections are disabled, as they can be very time consuming.
- Some project directories, like build directories and test sources, are excluded from the analysis by default.
The updated qodana.starter profile can also be found on GitHub. This profile is derived from the qodana.recommended profile and performs only vital checks. Here are the major changes we’ve made:
- Inspections with codestyle and code conventions semantics are disabled.
- Inspections are disabled for non-executable parts of the codebase (for example, Javadocs).
Easy way to add plugins to Qodana
If you want to extend Qodana and use inspection plugins from JetBrains Marketplace, you just need to add their IDs to your qodana.yaml
file.
Thanks to recent Marketplace updates, you can now copy a plugin’s ID directly from its page.
There are 2 ways to install third-party software required for your plugins:
- Use the
bootstrap
option. - Develop a custom
Dockerfile
that starts withFROM jetbrains/qodana...
You can use QodanaDockerfile
examples available on GitHub.
Here are some noteworthy and popular plugins you might want to check out:
- Grazie Professional, which offers advanced natural-language writing assistance, featuring spell-check, grammar correction, natural language completion, and other helpful tools for writing and editing text.
- CheckStyle, which provides both real-time and on-demand scanning of Java files with CheckStyle from within IntelliJ IDEA.
- Zero Width Characters Locator, which adds an inspection that prevents some hard to find bugs related to invisible zero width characters in source code and resources.
You can find more plugins with this search on JetBrains Marketplace.
Qodana currently does not support paid plugins, and there may still be plugins that are not compatible with the current version. We are working on introducing proper compatibility checks for Qodana plugins on JetBrains Marketplace this year.
Linter-specific updates
New JVM inspections in Qodana
Inspections for the Kotlin / JS IR compiler
The Kotlin team has introduced a new IR compiler that supports the migration of your Kotlin source code to JavaScript. To facilitate the migration process and spot potential errors, Qodana now supports the following inspections:
NonExternalClassifierExtendingStateOrProps
Using Kotlin interfaces and classes (including data classes) that derive from pure JS classes, such as React’s State
and Props
, can cause ClassCastExceptions
. Such exceptions occur because the compiler attempts to work with instances of these classes as if they were Kotlin objects, despite actually coming from JS.
The solution is to convert all classes and interfaces that derive from pure JS classes to external interfaces. Qodana will report non-external classifier-extending uses of State
or Props
.
NonVarPropertyInExternalInterface
Properties of external interfaces in Kotlin / JS code can’t be read-only (val
) properties because their values can be assigned only after the objects are created with js()
or jso()
. The solution is to convert all properties of external interfaces to var
.
Qodana will highlight all of the properties that are not var
so you can convert them.
SpringTransactionalMethodCallsInspection
The Spring framework allows you to manage application transactions using code annotations. Only external calls of a method marked with `@Transaction`
are run under the transaction, which means that self-invocation doesn’t start a new transaction. With this new inspection, Qodana highlights such cases, as they can lead to errors in transaction management.
JUnitMixedFramework
Having multiple versions of JUnit in a project can lead to errors due to developers mistakenly mixing different versions in one test case. For example, consider the following code:
The test is run with JUnit4, so JUnit5’s BeforeEach
annotation won’t be processed, and the test will fail with NullPointerException.
By default, Qodana doesn’t check test sources, so to include this inspection, you need to add the following configuration to qodana.yaml
:
include: - name: JUnitMixedFramework paths: - <path-to-tests-directory>
MathRoundingWithIntArgument
This inspection reports calls to round()
, ceil()
, floor()
, and rint()
methods for Math
and StrictMath
. Calling these methods on an integer is redundant and indicates that a mistake was made, like accidental integer division.
Third-party license audit for Go
If you rely on open-source components, outsource development, or reuse code from services like GitHub, you need to make sure that you use the appropriate licenses. You may accidentally import a library with a restrictive license into a software codebase or forget to update an expired license. If you do, your organization may be a subject to reputational and legal risks.
To minimize these risks, we introduced License audit functionality for Java, Kotlin, PHP, and JavaScript last year. In this release, we’ve added support for Go. Qodana will list dependency licenses in an analyzed repository and warn you about any problems concerning their compatibility with project licenses, as in the example below:
Here’s what the dependency license list looks like:
Updates for .NET
The inspection profile now respects repository settings
Previously, the inspection severity settings in the inspection profile for the .NET linter were based on the default values obtained from ReSharper. However, this approach led to settings being duplicated when a project was already using solution and project configuration layers of ReShaper and Rider along with .editorconfig
files stored in the repository. This meant that if you made changes to any of these layers, you had to make the same change in the Qodana YAML profile.
The inspection profile now automatically inherits settings from ReSharper and the .editorconfig
file if they are provided in the repository. No manual work needed anymore!
The Qodana YAML configuration settings section has been renamed
The qodana.yaml
configuration file previously contained a dot-net section, which allowed you to specify the solutions or projects to be opened, as well as configuration and platform options. This section has been renamed to dotnet and the dot-net notation will be deprecated starting from the 2023.2 version of Qodana.
How to upgrade to Qodana 2023.1
If you run Qodana with the latest
Docker tag, no changes need to be made. If not, update to version 2023.1 in the CI workflow you use Qodana for. You can learn more about the existing CI integrations in our documentation.
Not all inspections are automatically enabled. To exclude or include certain inspections in your analysis, you may need to customize your inspection profile.
That wraps up the highlights for Qodana 2023.1! For more details, check the release notes. We hope you enjoy this new release. If you have any suggestions for future blog topics or if you want to learn more about how Qodana can help you and your business, post a comment here, tag us on Twitter, or contact us at qodana-support@jetbrains.com.
Happy developing and keep your code clean!
Your Qodana team
Deliver code that makes you proud