Qodana 2026.1 Help

Analyze open-source projects

This section explains how you can analyze open-source projects using Qodana and covers the following use cases:

  • Configuring Qodana and its features

  • Analyzing code locally or using CI/CD pipelines

  • Forwarding analysis reports to Qodana Cloud and viewing them there

The Qodana products licensed under the Community license are free of charge and are well-suited for open-source projects.

Before you start

Available linters and features

The following Qodana linters and their features are available with the Community license:

Programming languages and features

Description

Java, Kotlin, Groovy

The qodana-jvm-community and qodana-jvm-android linters

C#, C/C++, VB.NET

The qodana-cdnet linter

C and C++

The qodana-clang linter

Python

The qodana-python-community linter

Static analysis of code

Analyze an entire codebase or its incremental changes

Baseline

Compare code against its snapshot to track various problems

Quality gate

Set thresholds to terminate Qodana locally and in CI/CD pipelines.

This can be set up for a number of problems and their severities.

To run Qodana locally, make sure that you have already deployed Qodana CLI on your machine.

Use linter names from the table above to replace, e.g. qodana-jvm-community, to replace the <linter> placeholders in configuration snippets provided in this section.

Prepare Qodana Cloud

  1. In the Qodana Cloud UI, navigate to your organization.

    Creating an organization

  2. On the organization page, click Create team.

    Create a team

    This will open the Create team dialog.

  3. On the New team dialog, specify the team name, its visibility and then click Create.

    The New team dialog

  4. On a team page, click the Create project button.

    Creating a new project

  5. In the project, click Generate token to generate a project token.

    Generate the project token

The generated project token will be used in the configuration snippets as the value for the QODANA_TOKEN variable.

Analyze your projects

Inspection profiles

By default, Qodana analyzes your code using the qodana.starter profile. You can use additional inspections by specifying the qodana.recommended profile. To do this, save this configuration to the qodana.yaml file contained in your project root:

version: "1.0"   profile: name: qodana.recommended   linter: <linter>

Alternatively, you can make the same configuration directly in the application configuration:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ --profile-name qodana.recommended \ --linter <linter>
name: Qodana on: workflow_dispatch: pull_request: branches: - main push: branches: - main - 'releases/*' jobs: qodana: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2026.1 with: args: | --profile-name qodana.recommended --linter <linter> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

To analyze the overall configuration of your project, employ the qodana.sanity profile instead.

Incremental analysis

Regular analyses are enabled by default and are performed on an entire project. Incremental analyses can be carried out as described below:

Incremental analysis

Description

The --diff-start option

Pull or merge requests

The --diff-start and --diff-end options

Changes between two commits

To analyze pull requests, use the --diff-start option, for example:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ --diff-start=<GIT_START_HASH> \ --linter <linter>

The pull request mode is enabled by default in GitHub Actions, so it does not require any additional configuration.

Here are the configuration samples for analyzing changes between two commits:

qodana scan \ -e QODANA_TOKEN="&lt;cloud-project-token&gt;" \ --diff-start=<GIT_START_HASH> \ --diff-end=<GIT_END_HASH> \ --linter &lt;linter&gt;
name: Qodana on: workflow_dispatch: pull_request: branches: - main push: branches: - main - 'releases/*' jobs: qodana: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2026.1 with: args: | --diff-start <GIT_START_HASH> --diff-end <GIT_END_HASH> --linter <linter> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

Information about incremental analysis is available in the Incremental analysis section.

Baseline and quality gate

Baseline and quality gates are configured using the following options:

Feature

Configured via

Baseline

--baseline <path-to-qodana.sarif.json>

Absolute number of problems

fail-threshold <number>

Severity thresholds

failureConditions: severityThresholds: any: <number> # Total problems critical: <number> # Severities high: <number> moderate: <number> low: <number> info: <number>

Use these snippets to configure a baseline and a quality gate for a total number of problems:

qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ --baseline <path-to-qodana.sarif.json> \ --fail-threshold <number> \ --linter <linter>
name: Qodana on: workflow_dispatch: pull_request: branches: - main push: branches: - main - 'releases/*' jobs: qodana: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2026.1 with: args: | --baseline <path-to-qodana.sarif.json> --fail-threshold <number> --linter <linter> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

You can also configure the absolute number of problems using the fail-threshold option saved in the qodana.yaml file contained in your project root:

version: "1.0" fail-threshold: <number> linter: <linter>

Once configured in the qodana.yaml file, this does not have to be set up in the application configuration.

Severity thresholds are configurable only via the qodana.yaml file.

View analysis reports

Information from project reports is aggregated and displayed in several sections marked on this image.

Qodana Cloud report overview

Here is the description of each section:

  1. The project name, the branch name, the time passed since the last analysis, the number of detected problems, and their severity.

  2. The analysis report, which uses the code coverage and license audit features.

  3. The context menu that lets you:

    • Configure the HTTPS or SSH URL of the VCS

    • Move your project to another team

    • Rename the project

    • Copy or regenerate the project token

    • Delete the project

This table shows how Qodana Cloud interprets and displays several reports depending on their metadata.

Branch name

Commit time

Commit hash

Displays

The same

The same

N/A

The latest report and overwrites the previous reports

The same

Different

N/A

Separate reports

N/A

N/A

The same

Single report

To see the project reports, click it. This will open the report page.

Report overview

The upper part of the report page contains:

  1. The branch selector, which lets you view reports for each branch in your project.

  2. The commit hash and time of the latest analysis.

  3. The timeline, which shows the date of the analysis and the number of detected problems.

  4. Buttons for navigating to the build page, downloading the report in SARIF format, opening the help guide, and configuring the project.

  5. A selector for viewing either the absolute number of detected problems or the number of problems relative to a baseline set for this project.

To learn more about Qodana report UI, see the Analysis reports section.

17 June 2026
Single Sign-onStarting the analysis