Qodana 2025.2 Help

Inspection profiles

Inspection profiles define inspections, file scopes that these inspections analyze, and inspection severities. This section explains how you can use existing Qodana profiles, create your own profiles, and set up profiles for analyzing your projects using Qodana.

Existing Qodana profiles

Out of the box, you can use the following Qodana profiles:

Profile name

Description

qodana.starter

The subset of the qodana.recommended profile, enabled in Qodana by default

qodana.recommended

Implements default profiles of JetBrains IDEs like IntelliJ IDEA with the following exceptions:

  • By default, Qodana provides analysis only for specific languages and frameworks. This means that, for example, Groovy or JavaScript inspections are available but disabled by default. Inspections of the INFORMATION severity in the IDE are also disabled.

  • Several inspections that affect code highlighting in IDEs and global inspections were removed from Qodana linters.

  • Flaky inspections that are still available in IDEs were removed from Qodana linters.

qodana.sanity

This profile is enabled by default to analyze whether a project is configured properly. If qodana.sanity inspections detect problems, this means that all other Qodana inspections may work improperly and the project should be reconfigured.

To learn how disable inspections of this profile, see the Disable sanity checks and Profile sections.

These profiles are hosted on GitHub, so you can learn them in detail.

Set up an existing profile

A YAML configuration serves as a universal Qodana configuration method. This means that you can configure Qodana using the qodana.yaml file once and then reuse it for running Qodana with Docker, GitHub, JetBrains IDEs or any other software currently supported by Qodana. The settings will remain consistent across all these platforms.

To set up the qodana.recommended profile, in the project root save the qodana.yaml file containing the following configuration:

version: "1.0"   profile:     name: qodana.recommended

  1. In your IDE, navigate to Tools | Qodana | Try Code Analysis with Qodana.

  2. On the profile section of the Run Qodana dialog, paste the profile configuration:

    profile:   name: qodana.recommended
    Configuring a Qodana profile

  3. On the Run Qodana dialog, check the Save qodana.yaml in project root option.

    Saving qodana.yaml to a project root

  4. Click Run to start analyzing your code.

  1. On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.

  2. On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.

  3. To analyze the main branch, release branches and the pull requests coming to your repository, save the workflow configuration to the .github/workflows/code_quality.yml file:

    name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2025.2 with: args: --profile-name,qodana.recommended env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

    Here, the --profile-name option specifies the qodana.recommended profile.

You can set up the qodana.recommended profile using the --profile-name option:

docker run \ -v $(pwd):/data/project/ \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-<image> \ --profile-name qodana.recommended
qodana scan \ -e QODANA_TOKEN="<cloud-project-token>" \ --profile-name qodana.recommended

Custom profiles

You can create custom profiles using the following formats:

  • YAML is the preferred format

  • XML can be used as an alternative to YAML

Custom profiles can either override existing profiles or be created from scratch. For example, to use the existing qodana.recommended profile and additionally enable the Java/Java language level migration aids inspection category, save this YAML configuration in the profile file:

version: "1.0" profile: name: "Configuring Qodana" baseProfile: qodana.recommended inspections: - group: "category:Java/Java language level migration aids" # Specify the inspection category enabled: true # Enable the inspection category

You can also store profile configurations in dedicated files and attach them using the imports block. In this case, it is advised to save them in the .qodana/profiles directory of your project. If you run Qodana in a CI/CD pipeline and store profile configurations in a separate file, make sure that such file resides in the working directory where the VCS stores your project before building it.

Create your profile

This snippet demonstrates how you can fine-tune Qodana to fit your needs.

version: "1.0" profile: name: "My custom profile" # Profile name baseProfile: empty # Use the 'empty' profile as an initial configuration of this profile imports: - ".qodana/profiles/other-profile.yaml" # The included file becomes part of this profile groups: # List of configured groups - groupId: InspectionsToInclude groups: - "category:PHP/General" # Inspection category from the linter - "JSCategories" # Include the JSCategories group below - "PHPInspections" # Include the PHPInspections group below - groupId: JSCategories groups: - "category:JavaScript and TypeScript/ES2015 migration aids" - groupId: PHPInspections inspections: # Inspection IDs - PhpDeprecationInspection - PhpReturnDocTypeMismatchInspection inspections: # Group invocation - group: InspectionsToInclude enabled: true # Enable the InspectionsToInclude group - inspection: PhpNonCompoundUseInspection severity: WARNING # Overriding the severity level for PhpNonCompoundUseInspection - inspection: MissortedModifiers options: m_requireAnnotationsFirst: false # Overriding the configuration option

This snippet consists of several nodes:

Section

Description

baseProfile

The profile that will serve as a basis for your profile configuration

name

Name of the inspection profile

imports

Include an existing file-based profile into your profile

groups

Inspection groups that need to included or excluded in your profile

inspections

List of changes applied for baseProfile. These changes could be applied to groups or single inspections

baseProfile

The baseProfile block lets you specify the profile that will serve as a basis for your profile configuration. It can accept the following values:

baseProfile value

Description

Default

The default profile taken from the JetBrains IDE

Project Default

The profile is basically similar to Default, but contains user changes stored in the .idea/inspectionProfiles/Project_Default.xml file

Custom profile name

Any name of an XML or YAML profile contained in the .idea/inspectionProfiles directory

qodana.starter

The default Qodana profile, a subset of the qodana.recommended profile

qodana.recommended

The default Qodana profile implementing the default profiles of JetBrains IDEs

empty

Severities and parameters of inspections are taken from Project Default, but none of the inspections are included. Using empty, you can you can build your profile from scratch

If this parameter is missing, Qodana will employ the Project Default profile, so all settings applied in your custom profile will override such settings contained in Project Default.

name

Arbitrary name for your profile.

name: "Name of your profile"

imports

Contains the list of relative paths to imported profiles.

imports: - ".qodana/profiles/firstprofile.yaml" - ".qodana/profiles/anotherprofile.yaml"

The imports block is not related to baseProfile. If baseProfile contains no values, it is set to Default.

To view the default profile, in the JetBrains IDE navigate to Settings | Editor | Inspections and select the Default profile in the Profile drop-down selector.

File contents are included in the order of appearance, thus becoming part of your profile. This means that the settings of the included files are used prior to the settings specified in your custom profile.

Example

Suppose, you have the foo.yaml and bar.yaml profiles.

The foo.yaml profile enables the Inspection1, Inspection2 and Inspection3 inspections:

inspections: - inspection: Inspection1 enabled: true - inspection: Inspection2 enabled: true - inspection: Inspection3 enabled: true

The bar.yaml profile disables the Inspection1 inspection:

inspections: - inspection: Inspection1 enabled: false

You can include these two files in the custom profile and disable Inspection2:

include: - "foo.yaml" - "bar.yaml" inspections: - inspection: Inspection2 enabled: false

In this case, the effective profile configuration read by Qodana will look like this:

inspections: - inspection: Inspection1 enabled: false # "bar.yaml" was included later than "foo.yaml" - inspection: Inspection2 enabled: false # it was applied in the custom profile last - inspection: Inspection3 enabled: true

groups

The groups block is a list of user-defined groups. Here, you can combine inspection categories and single inspections, and then configure their usage in the inspections block.

Each group definition can include or exclude other groups or single inspections.

You can use the exclamation mark character (!) to negate a group or a category. For example, you can exclude a specific category usage in a group that will be included.

Here is the sample containing the EnabledInspections group defined by a user:

groups: - groupId: EnabledInspections groups: - "category:Java/Probable bugs" inspections: - RedundantIf

This sample contains the following properties:

Property

Description

groupId

ID of the group

inspections

List of included and excluded inspections in this group

groups

List of included and excluded groups in this group

groups.groupId

Unique group identifier.

- groupId: IncludedInspections

In case two groups are defined under the same groupId, the latest group met in the file will be employed. This rule also works for all included files because the settings contained in the included files are considered prior to the settings laid out in the current file.

groups.inspections

The list of inspections included in the group.

inspections: - RedundantIf - UnnecessaryLocalVariable
groups.groups

The list of group IDs with possible exclamation mark character (!):

groups: - "ALL" - "category:Java/Probable bugs" - "IncludedInspections" - "!ExcludedInspections" - "severity:WEAK WARNING"

Here, groups lists several values:

groupId value

Description

ALL

Include all inspections. Besides that, you can also use LOCAL to analyze your code using inspections available locally, or GLOBAL to analyze your code using the Inspect code action of the JetBrains IDE

category:Java/Probable bugs

Name of the inspection category in the category:categoryname notation, matches the name from the Editor | Settings | Inspections section of the JetBrains IDE

IncludedInspections

Name of the existing user-defined group, or a group from an included profile

!ExcludedInspections

Negate the existing ExcludedInspections inspection group, either user-defined or included from another profile

severity:WEAK WARNING

Include or exclude inspections by a certain severity level. Because the severity value is taken from the Default profile, Qodana is not aware of the changes made in your profile

By default, Qodana uses severity levels inherited from the JetBrains IDEs shown in this table:

IDE severity

SARIF severity

Qodana report severity

Code Climate severity

Bitbucket severity

ERROR

ERROR

Critical

Blocker

High

WARNING

WARNING

High

Critical

High

WEAK WARNING

NOTE

Moderate

Major

Medium

TYPO

NOTE

Low

Minor

Low

INFORMATION

NOTE

Info

Info

Info

OTHER

NOTE

Info

Info

Info

inspections

Using inspections, you can:

  • Enable or disable a specific group or an inspection,

  • Define the order of applying these settings,

  • Define the paths or scopes to be ignored by the specific group or the inspection,

  • Customise severity for specific inspections or inspection groups,

  • Configure inspection options.

inspections: - group: InspectionGroup - inspection: JavadocReference severity: WARNING - group: ALL ignore: - "vendor/**" - "scope#file[*test*]:src/*" - group: DisabledInspections enabled: false - inspection: MissortedModifiers options: m_requireAnnotationsFirst: false

This sample contains several properties:

Property

Description

group

The ID of the group from the groupId property of an embedded or a user-defined group

inspection

The ID of the inspection

severity

Severity level that will be assigned to a group of inspections or a single inspection. For example, you can specify WARNING instead of ERROR

ignore

List of paths using the glob patterns and scopes that will be ignored during inspection

enabled

Specify whether the group or the inspection is enabled in the profile. Accepts either true or false

options

List of options that you can configure for a specific inspection

Examples

Here you can find several examples of profile configuration.

Exclude inspection

This lets you exclude the PhpDeprecationInspection inspection available in the Qodana for PHP linter:

name: "PHP/General without PhpDeprecationInspection" baseProfile: qodana.starter inspections: - inspection: PhpDeprecationInspection enabled: false

Alternatively, you can exclude the PhpDeprecationInspection inspection using groups:

name: "PHP/General without PhpDeprecationInspection" baseProfile: qodana.starter groups: - groupId: Inspection inspections: - PhpDeprecationInspection # Specify the PhpDeprecationInspection inspection inspections: - group: Inspection enabled: false # Disable the PhpDeprecationInspection inspection
Exclude paths

You can use the ignore block to ignore specific scopes and paths while inspecting your code.

In the sample below, the vendor/** value employs glob patterns for ignoring the contents of the vendor directory contained in your project root.

The scope definition scope#file:*.js:testData//* ignores all files with the .js extension recursively contained in the testData/ directory.

name: "Ignoring paths" inspections: - inspection: NpmUsedModulesInstalled ignore: - "vendor/**" # Ignore a path - group: "category:JavaScript and TypeScript/General" ignore: - "scope#file:*.js:testData//*" # Ignore a scope
Create profile

Using baseProfile, this configuration defines the empty profile, and then it includes only the Java/Data flow inspection group from the Qodana for JVM linter.

name: "Java/Data flow only" baseProfile: empty inspections: - group: "category:Java/Data flow" enabled: true # Enable the 'Java/Data flow' category

As an alternative to baseProfile, you can use ALL in the groups property:

name: "Java/Data flow only" groups: - groupId: ExcludedInspections groups: - "ALL" - groupId: IncludedInspections groups: - "category:Java/Data flow" # Specify the 'Java/Data flow' category inspections: - group: ExcludedInspections enabled: false # Disable all inspections - group: IncludedInspections enabled: true # Enable the 'Java/Data flow' category
Override profile

You can exclude inspection categories from the qodana.starter profile that are not related to the Qodana for .NET linter.

name: "My custom profile" baseProfile: qodana.starter # Use the 'qodana.starter' profile groups: - groupId: ExcludedInspections groups: - "category:Java" - "category:Kotlin" - "category:JVM languages" - "category:Spring" - "category:CDI (Contexts and Dependency Injection)" - "category:Bean Validation" - "category:Reactive Streams" - "category:RegExp" - "category:PHP" - "category:Go" - "category:Python" - "category:General" - "category:TOML" inspections: - group: ExcludedInspections enabled: false
Filter by severity

This sample includes all inspections with the WEAK WARNING severity level while inspecting Java code:

name: "My custom profile" groups: - groupId: IncludedInspections groups: - "category:Java" - "severity:WEAK WARNING" inspections: - group: IncludedInspections enabled: true
Override severity

You can override the severity levels for existing inspections. Here’s how you can assign the WARNING severity level to the JavadocReference inspection:

name: "My custom profile" inspections: - inspection: JavadocReference severity: WARNING
Override options

Specific inspections offer configurable options. For example, the JvmCoverageInspection inspection offers the classThreshold, methodThreshold, and warnMissingCoverage options.

To discover this, configure this inspection in IntelliJ IDEA and then export the profile. Here is a profile example for the JvmCoverageInspection inspection:

<component name="InspectionProjectProfileManager"> <profile version="1.0"> <option name="myName" value="Project Default" /> <inspection_tool class="JvmCoverageInspection" enabled="true" level="WARNING" enabled_by_default="true"> <option name="classThreshold" value="51" /> <option name="methodThreshold" value="51" /> <option name="warnMissingCoverage" value="true" /> </inspection_tool> </profile> </component>

This sample demonstrates how to configure the inspection options in your custom profile:

name: "My custom profile" # Profile name baseProfile: qodana.recommended inspections: - inspection: JvmCoverageInspection options: classThreshold: 51 methodThreshold: 51 warnMissingCoverage: true

Custom XML profiles

You can create XML-formatted inspection profiles using your IDE. For example, for IntelliJ IDEA this is explained on the Configure profiles page. After you create a profile, you can export it to a file.

To run Qodana with the custom profile, you can follow the recommendations from the Set up an existing profile section. In this case, the profile name does not necessarily match the name of the containing file. The actual name is stored as the %profileName% value in the profile file.

Use your profile

A YAML configuration serves as a universal Qodana configuration method. This means that you can configure Qodana using the qodana.yaml file once and then reuse it for running Qodana with Docker, GitHub, JetBrains IDEs or any other software currently supported by Qodana. The settings will remain consistent across all these platforms.

Depending on your needs, specify a profile configuration or path to a file containing the profile configuration:

version: "1.0"   profile: # Direct profile configuration example     name: "Configuring Qodana"     baseProfile: qodana.recommended # Using the configuration from file     path: .qodana/profiles/<custom-profile.yaml>

The following examples show how you can use configurations stored in files:

  1. On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.

  2. On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.

  3. To analyze the main branch, release branches and the pull requests coming to your repository, save the workflow configuration to the .github/workflows/code_quality.yml file:

    name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2025.2 with: args: --profile-path,.qodana/profiles/<custom-profile.yaml> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

    Here, the --profile-path option specifies the relative path to the file containing a custom profile.

You can set up your custom profile using the --profile-path option:

docker run \ -v $(pwd):/data/project/ \ -v $(pwd)/.qodana/<custom-profile.yaml>:/data/project/myprofiles/<custom-profile.yaml> \ -e QODANA_TOKEN="<cloud-project-token>" \ jetbrains/qodana-<image> \ --profile-path /data/project/myprofiles/<custom-profile.yaml>
qodana scan \ -v .qodana/<custom-profile.yaml>:/data/project/myprofiles/<custom-profile.yaml> \ -e QODANA_TOKEN="<cloud-project-token>" \ --profile-path .qodana/<custom-profile.yaml>

Order of resolving a profile

Qodana checks the configuration parameters for resolving the inspection profile in this order:

  • Profile with the name %name% from the command-line option --profile-name %name%

  • Profile by the path %path% from the command-line option --profile-path %path%

  • Profile with the name %name% from qodana.yaml

  • Profile by the path %path% from qodana.yaml

  • Profile mounted to /data/profile.xml

  • Fall back to using the default qodana.recommended profile.

10 December 2025
Configuration optionsJDK configuration