Analyze open-source projects

This section explains how you can analyze your open-source projects using Qodana, and how you can use Qodana Cloud to view Qodana analysis results in a convenient form and free for open-source projects.

Before you start

Depending on your needs, it may be useful to know how to:

Analyze your code using Qodana
Configure Qodana using qodana.yaml and Configuration options
Run Qodana either locally on in your CI/CD pipelines
Forward reports to Qodana Cloud

Prepare Qodana Cloud

If you plan to create a separate team and project in your Qodana Cloud account, follow these steps.

In the Qodana Cloud UI, navigate to your organization.
In your organization, create a team.
In your team, create a project.
In the project, click Generate token to generate a project token.

Analyze your projects

You can analyze your codebase using methods described in the Analyze your code section.

Depending on the Qodana license, you can configure various features, for example:

Baseline for monitoring current and new problems
Inspections that you would like to use
License audit for checking license compatibility
Quality gate for restricting the number of problems

Here are the links to the sections that describe other available features:

Configure inspections

By default, Qodana inspects your code using the qodana.starter profile. You can use additional inspections by specifying the qodana.recommended profile in the qodana.yaml file contained in your project root:

profile:
    name: qodana.recommended  

To check the overall configuration of your project, you can employ the qodana.sanity profile:

profile:
    name: qodana.sanity  

Configure license audit

License audit lets you track the compatibility of dependency licenses with your project license.

To enable the license audit, use the include option of the qodana.yaml file in your project root:

include:
  - name: CheckDependencyLicenses

Configure baseline

Baseline lets you create a snapshot of your project that will be used as a basis for later analyses. To enable it, select inspections and download the qodana.sarif.json file.

You can run Qodana with the baseline enabled using the --baseline option:

--baseline <path-to-qodana.sarif.json>

Configure the quality gate

Quality gate lets you configure the ultimate number of problems that will cause a CI/CD pipeline failure.

Once configured, a quality gate will make your CI/CD system:

Build the project only if the number of problems contained in it is below the configured threshold
Accept only the pull requests containing problems below the configured threshold

To enable the quality gate, you can use the fail-threshold <number> option.

Types of Qodana reports

Qodana can generate the following types of analysis reports:

Reports containing analysis results over a specific branch of your project
Pull or merge request analysis reports generated by GitHub Actions and GitLab CI/CD

GitHub Actions

Using this example, you can configure GitHub for:

Forwarding analysis results to Qodana Cloud
Blocking the merge of pull requests if a quality gate has failed

Follow these steps:

Create an encrypted secret with the QODANA_TOKEN name.
Create a new or open an existing GitHub workflow that invokes the Qodana Scan action.
Set the workflow to run on pull_request events that target the main branch, and forward reports to Qodana Cloud based on the QODANA_TOKEN value. Instead of main, you can specify your branch here.

name: Qodana
on:
  workflow_dispatch:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
      - 'releases/*'

jobs:
  qodana:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2022.2.3
        env:
          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

Set the number of problems (integer) for the Qodana action fail-threshold option.
Under your repository name, click Settings.
On the left menu, click Branches.
In the branch protection rules section, click Add rule.
Add main to Branch name pattern.
Select Require status checks to pass before merging.
Search for the Qodana status check, then check it.
Click Create.

GitLab CI/CD

Using this example, you can configure GitLab CI/CD for:

Inspecting the main and master branch and all merge requests
Blocking merge requests if a quality gate has failed
Forwarding analysis results to Qodana Cloud

Follow these steps to add a Qodana runner to a GitLab CI/CD pipeline:

Create the QODANA_TOKEN variable and save the Qodana Cloud project token value in it
Paste this sample to the .gitlab-ci.yml file:

include:
  - component: $CI_SERVER_FQDN/qodana/qodana/qodana-gitlab-ci@v2025.2
    inputs:
      args: --fail-threshold,<number-of-accepted-problems>,--image,&lt;image&gt;

In this sample, specify the quality gate using --fail-threshold option.

Analysis result overview

After your project is analyzed and results are uploaded to Qodana Cloud, you can view results as shown on this page.

18 August 2025