New in version 2025.2
Version 2025.2 of Qodana contains several updates.
Native mode updates
As of version 2025.2, Qodana provides native mode for the following linters:
CLI option changes
Version 2025.2 of Qodana introduces the following CLI options:
Option | Description | Usage example |
|---|---|---|
Specify the Docker image of Qodana. Replacement for the |
| |
Specify Docker invocation. If set to |
|
The existing -l,--linter option lets you specify one of the existing Qodana linters either in native or in container mode depending on the --within-docker option.
OWASP Top 10 improvements for Java and Kotlin
Improvement | Description |
|---|---|
Expanded taint modeling for Java collections | Support for all standard Java collections to improve taint propagation and sink coverage in common data structures |
Coverage for Kotlin Collection API | Modelling standard Kotlin collection APIs, expanding analysis depth for Kotlin applications |
Kotlin string taint propagation | Modelling Kotlin String APIs to improve detection of injection and data exposure risks |
Kotlin engine stability improvements | Improved reliability and consistency of Kotlin analysis across larger codebases |
Improved field-sensitive data flow in Java | Enhanced tracking of tainted data through class fields, enabling deeper analysis of complex object graphs and reducing false negatives |
Taint analysis improvements
Version 2025.2 of Qodana introduces significant enhancements to the performance and accuracy of the taint analysis engine.
Performance improvements include the following:
A lightweight distributive reachability analysis (IFDS) now runs as a preprocessing step. It checks the presence of any potential paths from sources to sinks within current scopes.
Analysis optimization for functions that have no paths.
The IFDS algorithm operates in linear time and is field-sensitive, call-sensitive, and flow-sensitive.
Accuracy improvements include the following:
Analysis capabilities for codebases containing seven million lines of code in just under half an hour.
IFDS improves the quality of reported paths, making them linear and unambiguous.
Fixing many false positives and false negatives.
The overall analysis is now both faster and more accurate.
Improved trace UI
Besides these improvements, the Security analysis tab of IntelliJ IDEA now provides improved UI that lets you improve trace readability, support more efficient navigation, and provide more information about traces. More details are available in the Taint analysis section.