Inspection profiles

Inspection profiles define inspections, file scopes that these inspections analyze, and inspection severities. This section explains how you can use existing Qodana profiles, create your own profiles, and set up profiles for analyzing your projects using Qodana.

Existing Qodana profiles

Out of the box, you can use the following Qodana profiles:

Profile name	Description
`qodana.starter`	The subset of the `qodana.recommended` profile, enabled in Qodana by default
`qodana.recommended`	Implements default profiles of JetBrains IDEs like IntelliJ IDEA with the following exceptions: By default, Qodana provides analysis only for specific languages and frameworks. This means that, for example, Groovy or JavaScript inspections are available but disabled by default. Inspections of the `INFORMATION` severity in the IDE are also disabled. Several inspections that affect code highlighting in IDEs and global inspections were removed from Qodana linters. Flaky inspections that are still available in IDEs were removed from Qodana linters.
`qodana.sanity`	This profile is enabled by default to analyze whether a project is configured properly. If `qodana.sanity` inspections detect problems, this means that all other Qodana inspections may work improperly and the project should be reconfigured. To learn how disable inspections of this profile, see the Disable sanity checks and Profile sections.

Profile name

Description

qodana.starter

The subset of the qodana.recommended profile, enabled in Qodana by default

qodana.recommended

Implements default profiles of JetBrains IDEs like IntelliJ IDEA with the following exceptions:

By default, Qodana provides analysis only for specific languages and frameworks. This means that, for example, Groovy or JavaScript inspections are available but disabled by default. Inspections of the INFORMATION severity in the IDE are also disabled.
Several inspections that affect code highlighting in IDEs and global inspections were removed from Qodana linters.
Flaky inspections that are still available in IDEs were removed from Qodana linters.

qodana.sanity

This profile is enabled by default to analyze whether a project is configured properly. If qodana.sanity inspections detect problems, this means that all other Qodana inspections may work improperly and the project should be reconfigured.

To learn how disable inspections of this profile, see the Disable sanity checks and Profile sections.

These profiles are hosted on GitHub, so you can learn them in detail.

Set up an existing profile

A YAML configuration serves as a universal Qodana configuration method. This means that you can configure Qodana using the qodana.yaml file once and then reuse it for running Qodana with Docker, GitHub, JetBrains IDEs or any other software currently supported by Qodana. The settings will remain consistent across all these platforms.

To set up the qodana.recommended profile, in the project root save the qodana.yaml file containing the following configuration:

            version: "1.0"
             
            profile:
                name: qodana.recommended
            

In your IDE, navigate to Tools | Qodana | Try Code Analysis with Qodana.
On the profile section of the Run Qodana dialog, paste the profile configuration:
profile: name: qodana.recommended
On the Run Qodana dialog, check the Save qodana.yaml in project root option.
Click Run to start analyzing your code.

On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.
On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.
To analyze the main branch, release branches and the pull requests coming to your repository, save the workflow configuration to the .github/workflows/code_quality.yml file:
name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2025.2 with: args: --profile-name,qodana.recommended env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
Here, the --profile-name option specifies the qodana.recommended profile.

You can set up the qodana.recommended profile using the --profile-name option:

            docker run \
               -v $(pwd):/data/project/ \
               -e QODANA_TOKEN="<cloud-project-token>" \
               jetbrains/qodana-<image> \
               --profile-name qodana.recommended
        

            qodana scan \
               -e QODANA_TOKEN="<cloud-project-token>" \
               --profile-name qodana.recommended
        

Custom profiles

You can create custom profiles using the following formats:

YAML is the preferred format
XML can be used as an alternative to YAML

Custom profiles can either override existing profiles or be created from scratch.

This snippet demonstrates how you can fine-tune Qodana to fit your needs using the YAML format:

version: "1.0"

profile:  
  base: 
    name: empty # Use the 'empty' profile as an initial configuration of this profile

  name: "My custom profile" # Profile name
    
  groups: # List of configured groups
    - groupId: InspectionsToInclude
      groups:
        - "category:PHP/General" # Inspection category from the linter
        - "JSCategories" # Include the JSCategories group below
        - "PHPInspections" # Include the PHPInspections group below
    - groupId: JSCategories
      groups:
        - "category:JavaScript and TypeScript/ES2015 migration aids"
    - groupId: PHPInspections 
      inspections: #  Inspection IDs
        - PhpDeprecationInspection 
        - PhpReturnDocTypeMismatchInspection
        
  inspections: # Group invocation
    - group: InspectionsToInclude
      enabled: true # Enable the InspectionsToInclude group
    - inspection: PhpNonCompoundUseInspection
      severity: WARNING # Overriding the severity level for PhpNonCompoundUseInspection
    - inspection: MissortedModifiers
      options:
        m_requireAnnotationsFirst: false # Overriding the configuration option

imports:
  - ".qodana/profiles/other-profile.yaml" # The included file becomes part of this profile

This snippet contains the following keys:

Node name	Description
`profile`	The main node for profile configuration
`imports`	The list of relative paths to imported profiles

profile

profile:
  base: 
    name: empty

  name: "My custom profile"
    
  groups:
    - groupId: InspectionsToInclude
      groups:
        - "category:PHP/General" 

  inspections: 
    - group: InspectionsToInclude
      enabled: true

The profile key consists of the following elements:

Section	Description
`base`	The profile that will serve as a basis for your profile configuration
`name`	Name of the inspection profile
`groups`	Inspection groups that need to included or excluded in your profile
`inspections`	List of changes applied for `base`. These changes could be applied to groups or single inspections

base

The base node lets you specify the profile that will serve as a basis for your profile configuration. You can use either a file path or a name:

base: # Use either path or name
  # path: .qodana/profiles/base-profile.yaml
  # name: qodana.starter

The name key supports the following values:

`base.name` values	Description
`Default`	The default profile taken from the JetBrains IDE
`Project Default`	The profile is basically similar to `Default`, but contains user changes stored in the `.idea/inspectionProfiles/Project_Default.xml` file
`Custom profile name`	Any name of an XML or YAML profile contained in the `.idea/inspectionProfiles` directory
`qodana.starter`	The default Qodana profile, a subset of the `qodana.recommended` profile
`qodana.recommended`	The default Qodana profile implementing the default profiles of JetBrains IDEs
`empty`	Severities and parameters of inspections are taken from `Project Default`, but none of the inspections are included. Using `empty`, you can you can build your profile from scratch

If the name declaration is missing, Qodana will employ the Project Default profile, so all settings applied in your custom profile will override such settings contained in Project Default.

name

Arbitrary name for your profile.

name: "Name of your profile"

groups

The groups node is a list of user-defined groups. Here, you can combine inspection categories and single inspections, and then configure their usage in the inspections node.

Each group definition can include or exclude other groups or single inspections.

You can use the exclamation mark character (!) to negate a group or a category. For example, you can exclude a specific category usage in a group that will be included.

Here is the sample containing the EnabledInspections group defined by a user:

groups:
  - groupId: EnabledInspections
    groups:
      - "category:Java/Probable bugs"
    inspections:
      - RedundantIf

This sample contains the following elements:

Property	Description
`groupId`	ID of the group
`inspections`	List of included and excluded inspections in this group
`groups`	List of included and excluded groups in this group

groups.groupId

Unique group identifier.

- groupId: IncludedInspections

In case two groups are defined under the same groupId, the latest group met in the file will be employed. This rule also works for all included files because the settings contained in the included files are considered prior to the settings laid out in the current file.

groups.inspections

The list of inspections included in the group.

inspections:
    - RedundantIf
    - UnnecessaryLocalVariable

groups.groups

The list of group IDs with possible exclamation mark character (!):

groups:
    - "ALL"
    - "category:Java/Probable bugs"
    - "IncludedInspections" 
    - "!ExcludedInspections"
    - "severity:WEAK WARNING"

Here, groups accepts several values:

`groupId` value	Description
`ALL`	Include all inspections. Besides that, you can also use `LOCAL` to analyze your code using inspections available locally, or `GLOBAL` to analyze your code using the Inspect code action of the JetBrains IDE
`category:Java/Probable bugs`	Name of the inspection category in the `category:categoryname` notation, matches the name from the Editor \| Settings \| Inspections section of the JetBrains IDE
`IncludedInspections`	Name of the existing user-defined group, or a group from an included profile
`!ExcludedInspections`	Negate the existing `ExcludedInspections` inspection group, either user-defined or included from another profile
`severity:WEAK WARNING`	Include or exclude inspections by a certain severity level. Because the severity value is taken from the `Default` profile, Qodana is not aware of the changes made in your profile

By default, Qodana uses severity levels inherited from the JetBrains IDEs shown in this table:

IDE severity	SARIF severity	Qodana report severity	Code Climate severity	Bitbucket severity
ERROR	ERROR	Critical	Blocker	High
WARNING	WARNING	High	Critical	High
WEAK WARNING	NOTE	Moderate	Major	Medium
TYPO	NOTE	Low	Minor	Low
INFORMATION	NOTE	Info	Info	Info
OTHER	NOTE	Info	Info	Info

inspections

Using inspections, you can:

Enable or disable a specific group or an inspection,
Define the order of applying these settings,
Define the paths or scopes to be ignored by the specific group or the inspection,
Customise severity for specific inspections or inspection groups,
Configure inspection options.

inspections:
  - group: InspectionGroup
  - inspection: JavadocReference
    severity: WARNING
  - group: ALL
    ignore:
      - "vendor/**" 
      - "scope#file[*test*]:src/*"
  - group: DisabledInspections
    enabled: false
  - inspection: MissortedModifiers
    options:
      m_requireAnnotationsFirst: false

This sample contains several elements:

Property	Description
`group`	The ID of the group from the `groupId` property of an embedded or a user-defined group
`inspection`	The ID of the inspection
`severity`	Severity level that will be assigned to a group of inspections or a single inspection. For example, you can specify `WARNING` instead of `ERROR`
`ignore`	List of paths using the glob patterns and scopes that will be ignored during inspection
`enabled`	Specify whether the group or the inspection is enabled in the profile. Accepts either `true` or `false`
`options`	List of options that you can configure for a specific inspection

imports

Configure the list of imported profiles relatively to the project root.

imports:
    - ".qodana/profiles/firstprofile.yaml" 
    - ".qodana/profiles/anotherprofile.yaml"

The imports node is not related to base. If base contains no values, it is set to Default.

To view the default profile, in the JetBrains IDE navigate to Settings | Editor | Inspections and select the Default profile in the Profile drop-down selector.

File contents are included in the order of appearance, thus becoming part of your profile. This means that the settings of the included files are used prior to the settings specified in your custom profile.

Example of import

Suppose, you have the foo.yaml and bar.yaml profiles.

The foo.yaml profile enables the Inspection1, Inspection2 and Inspection3 inspections:

inspections:
  - inspection: Inspection1
    enabled: true
  - inspection: Inspection2
    enabled: true
  - inspection: Inspection3
    enabled: true

The bar.yaml profile disables the Inspection1 inspection:

inspections:
  - inspection: Inspection1
    enabled: false

You can include these two files in the custom profile and disable Inspection2:

imports:
  - "foo.yaml"
  - "bar.yaml"

profile:
  inspections:
    - inspection: Inspection2
      enabled: false

In this case, the effective profile configuration read by Qodana will look like this:

inspections:
  - inspection: Inspection1
    enabled: false # "bar.yaml" was included later than "foo.yaml"
  - inspection: Inspection2
    enabled: false # it was applied in the custom profile last
  - inspection: Inspection3
    enabled: true

Configuration examples

Here you can find several examples of profile configuration.

Exclude inspection

This lets you exclude the PhpDeprecationInspection inspection available in the Qodana for PHP linter:

name: "PHP/General without PhpDeprecationInspection"

base: 
  name: qodana.starter
inspections:
  - inspection: PhpDeprecationInspection
    enabled: false 

Alternatively, you can exclude the PhpDeprecationInspection inspection using groups:

name: "PHP/General without PhpDeprecationInspection"

base: 
  name: qodana.starter

groups:
  - groupId: Inspection
    inspections:
      -  PhpDeprecationInspection # Specify the PhpDeprecationInspection inspection   

inspections:  
  - group: Inspection 
    enabled: false # Disable the PhpDeprecationInspection inspection

Exclude paths

You can use the ignore key to ignore specific scopes and paths while inspecting your code.

In the sample below, the vendor/** value employs glob patterns for ignoring the contents of the vendor directory contained in your project root.

The scope definition scope#file:*.js:testData//* ignores all files with the .js extension recursively contained in the testData/ directory.

name: "Ignoring paths"

inspections:
  - inspection: NpmUsedModulesInstalled
    ignore:
      - "vendor/**" # Ignore a path
  - group: "category:JavaScript and TypeScript/General"
    ignore:
      - "scope#file:*.js:testData//*" # Ignore a scope

Create profile

Using base, this configuration defines the empty profile, and then it includes only the Java/Data flow inspection group from the Qodana for JVM linter.

name: "Java/Data flow only"

base: 
  name: empty
               
inspections:  
  - group: "category:Java/Data flow"
    enabled: true # Enable the 'Java/Data flow' category

As an alternative to base, you can use ALL in the groups property:

name: "Java/Data flow only"

groups:
  - groupId: ExcludedInspections
    groups:
      - "ALL"
  - groupId: IncludedInspections
    groups:
      - "category:Java/Data flow" # Specify the 'Java/Data flow' category
               
inspections:  
  - group: ExcludedInspections
    enabled: false # Disable all inspections    
  - group: IncludedInspections
    enabled: true # Enable the 'Java/Data flow' category

Override profile

You can exclude inspection categories from the qodana.starter profile that are not related to the Qodana for .NET linter.

name: "My custom profile"

base: 
  name: qodana.starter # Use the 'qodana.starter' profile

groups:
  - groupId: ExcludedInspections
    groups:
      - "category:Java"
      - "category:Kotlin"
      - "category:JVM languages"
      - "category:Spring"
      - "category:CDI (Contexts and Dependency Injection)"
      - "category:Bean Validation"
      - "category:Reactive Streams"
      - "category:RegExp"
      - "category:PHP"
      - "category:Go"
      - "category:Python"
      - "category:General"
      - "category:TOML"
      
inspections:  
  - group: ExcludedInspections
    enabled: false

Filter by severity

This sample includes all inspections with the WEAK WARNING severity level while inspecting Java code:

name: "My custom profile"

groups:
  - groupId: IncludedInspections
    groups:
      - "category:Java"
      - "severity:WEAK WARNING"
            
inspections:  
  - group: IncludedInspections
    enabled: true

Override severity

You can override the severity levels for existing inspections. Here’s how you can assign the WARNING severity level to the JavadocReference inspection:

name: "My custom profile"
            
inspections:  
  - inspection: JavadocReference
    severity: WARNING

Override options

Specific inspections offer configurable options. For example, the JvmCoverageInspection inspection offers the classThreshold, methodThreshold, and warnMissingCoverage options.

To discover this, configure this inspection in IntelliJ IDEA and then export the profile. Here is a profile example for the JvmCoverageInspection inspection:

<component name="InspectionProjectProfileManager">
    <profile version="1.0">
        <option name="myName" value="Project Default" />
        <inspection_tool class="JvmCoverageInspection" enabled="true" level="WARNING" enabled_by_default="true">
            <option name="classThreshold" value="51" />
            <option name="methodThreshold" value="51" />
            <option name="warnMissingCoverage" value="true" />
        </inspection_tool>
    </profile>
</component>

This sample demonstrates how you can configure the inspection options in your custom profile:

name: "My custom profile" # Profile name

base: 
  name: qodana.recommended

inspections:
  - inspection: JvmCoverageInspection
    options:
      classThreshold: 51
      methodThreshold: 51
      warnMissingCoverage: true

Custom XML profiles

You can create XML-formatted inspection profiles using your IDE. For example, for IntelliJ IDEA this is explained on the Configure profiles page. After you create a profile, you can export it to a file.

To run Qodana with the custom profile, you can follow the recommendations from the Set up an existing profile section. In this case, the profile name does not necessarily match the name of the containing file. The actual name is stored as the %profileName% value in the profile file.

Use your profile

A YAML configuration serves as a universal Qodana configuration method. This means that you can configure Qodana using the qodana.yaml file once and then reuse it for running Qodana with Docker, GitHub, JetBrains IDEs or any other software currently supported by Qodana. In this case, no additional configuration is required, and all settings will remain consistent across all these platforms, see the example below:

version: "1.0"
 
profile:
    name: "Configuring Qodana"
    base:
        path: .qodana/profiles/<custom-profile.yaml>

The following examples show how you can invoke your custom profiles using the --profile-path option:

On the Settings tab of the GitHub UI, create the QODANA_TOKEN encrypted secret and save the project token as its value.
On the Actions tab of the GitHub UI, set up a new workflow and create the .github/workflows/code_quality.yml file.
To analyze the main branch, release branches and the pull requests coming to your repository, save the workflow configuration to the .github/workflows/code_quality.yml file:
name: Qodana on: workflow_dispatch: pull_request: push: branches: # Specify your branches here - main # The 'main' branch - 'releases/*' # The release branches jobs: qodana: runs-on: ubuntu-latest permissions: contents: write pull-requests: write checks: write steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit fetch-depth: 0 # a full history is required for pull request analysis - name: 'Qodana Scan' uses: JetBrains/qodana-action@v2025.2 with: args: --profile-path,.qodana/profiles/<custom-profile.yaml> env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}

You can set up your custom profile using the --profile-path option:

            docker run \
               -v $(pwd):/data/project/ \
               -v $(pwd)/.qodana/<custom-profile.yaml>:/data/project/myprofiles/<custom-profile.yaml> \
               -e QODANA_TOKEN="<cloud-project-token>" \
               jetbrains/qodana-<image> \
               --profile-path /data/project/myprofiles/<custom-profile.yaml>
        

            qodana scan \
               -v .qodana/<custom-profile.yaml>:/data/project/myprofiles/<custom-profile.yaml> \
               -e QODANA_TOKEN="<cloud-project-token>" \
               --profile-path .qodana/<custom-profile.yaml>
        

Order of resolving a profile

Qodana checks the configuration parameters for resolving the inspection profile in this order:

Profile with the name %name% from the command-line option --profile-name %name%
Profile by the path %path% from the command-line option --profile-path %path%
Profile with the name %name% from qodana.yaml
Profile by the path %path% from qodana.yaml
Profile mounted to /data/profile.xml
Fall back to using the default qodana.recommended profile.

15 December 2025