Qodana 2023.3 Help

Qodana for JVM

official JetBrains project

The Docker image for the Qodana for JVM linter is provided to support different usage scenarios:

  • Running analyses on a regular basis as part of your continuous integration (CI-based execution)

  • Single-shot analyses (for example, performed locally).

If you are familiar with IntelliJ IDEA Ultimate code inspections and know what to expect from the static analysis outside the editor, you can skip the following section and continue from Using an existing profile.

If you are just starting in the field, we recommend proceeding with the default setup we provide. You will see the results of the most common checks performed on your code base. Later, you can adjust them to suit your needs better.

You can run the Qodana for JVM linter using two methods. Qodana CLI is the easiest method. If necessary, check the installation page to install Qodana CLI. Alternatively, you can use the Docker commands from the Docker image tab.

Run analysis locally

  1. Pull the image from Docker Hub (only necessary to update to the latest version):

    docker pull jetbrains/qodana-jvm
  2. Run the following command:

    docker run \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-jvm

    where source-directory and output-directory are full local paths to, respectively, the project source code directory and the analysis results directory. The QODANA_TOKEN variable refers to the project token required by the Ultimate and Ultimate Plus linters.

This command will run the analysis on your source code and start the web server to provide a convenient view of the results. Open Qodana Cloud in your browser to examine inspection results. Here you can also reconfigure the analysis. See the Inspection report for details.

If you don't need the user interface and prefer to study raw data, use the following command:

docker run \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-jvm

The output-directory will contain all the necessary results. You can further tune the command as described in the technical guide.

If you run the analysis several times in a row, make sure you've cleaned the results directory before using it in docker run again.

You can run Qodana for JVM using private NuGet feeds:

docker run \    -v <source-directory>/:/data/project/ \    -e QODANA_TOKEN="<cloud-project-token>" \    -e QODANA_NUGET_URL=<private-NuGet-feed-URL> \    -e QODANA_NUGET_USER=<login> \    -e QODANA_NUGET_PASSWORD=<plaintext-password> \    -e QODANA_NUGET_NAME=<name-of-private-NuGet-feed> \    jetbrains/qodana-jvm \    --show-report

Configuration examples for using private NuGet feeds are available on the GitHub website.

In the project root directory, run this command to inspect your code and view the inspection report locally:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-jvm \ --show-report

If you don't need the user interface and prefer to study raw data, use the following command:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-jvm \ --results-dir <output-directory>

The output-directory specifies the directory where the SARIF-formatted report will be saved. The QODANA_TOKEN variable refers to the project token required by the Ultimate and Ultimate Plus linters.

Run analysis in CI

Use the following command as a task in a generic shell executor:

docker run \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-jvm

where source-directory and output-directory are full paths to, respectively, the project source code directory and the analysis results directory. The QODANA_TOKEN variable refers to the project token required by the Ultimate and Ultimate Plus linters.

Consider using the Quality gate feature to make the build fail when a certain number of problems is reached and the Baseline feature to compare each new Qodana for JVM run to some initial run selected as a baseline. Running as non-root is also supported.

Run this command in the project root directory:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-jvm \ --results-dir <output-directory>

This will save inspection results to the directory specified by output-directory.

You can also apply the Quality gate feature to make the build fail when a certain number of problems is reached by using the --fail-threshold option.

The Baseline feature compares each new Qodana for JVM run to some initial run using the --baseline and --baseline-include-absent options.

Using an existing profile

This section is intended for users familiar with configuring code analysis via IntelliJ IDEA Ultimate inspection profiles.

You can pass the reference to the existing profile in multiple ways. Here are some examples:

  • Mapping the profile to /data/profile.xml inside the container:

    docker run \ -p 8080:8080 \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -v <inspection-profile.xml>:/data/profile.xml \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-jvm \ --show-report
  • Using the name of the profile in your project .idea/inspectionProfiles/ folder.

    docker run \ -p 8080:8080 \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-jvm \ --show-report \ --profile-name <custom-profile-name>

You can pass the reference to the existing profile in multiple ways. Here are some examples, run both commands in the project root directory:

  • Mapping the profile inside the container:

    qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-jvm \ --results-dir <output-directory> \ --profile-path <path-to-profile> \ --show-report
  • Using the name of the profile in your project .idea/inspectionProfiles/ folder:

    qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ -l jetbrains/qodana-jvm \ --results-dir <output-directory> \ --profile-name <custom-profile-name> \ --show-report

Configure via qodana.yaml

Qodana automatically recognizes the qodana.yaml file for the analysis configuration, so that you don't need to pass any additional parameters.

The references to the inspection profiles will be resolved in a particular order. To learn about the format, see YAML file.

Plugins management

Paid plugins are not yet supported. Each vendor must clarify licensing terms for CI usage and collaborate with us to make it work.

Any free IntelliJ platform plugins or your custom plugin can be added by mounting it to the container plugins' directory using the following command:

docker run \ -v /your/custom/path/%\pluginName%:/opt/idea/plugins/%\pluginName% \ jetbrains/qodana-jvm

Refer to the technical guide for more details.

Usage statistics

According to the JetBrains EAP user agreement, we can use third-party services to analyze the usage of our features to further improve the user experience. All data will be collected anonymously. You can disable the reporting of usage statistics by adjusting the options of the Docker command you use. Refer to the technical guide for details.

Last modified: 20 March 2024