Qodana
Platform for inspection of code quality
From Wikipedia, the free encyclopedia
Qodana, created by developer tools company JetBrains, is a code quality platform with a static analysis engine that integrates into CI/CD pipelines.[2] It is used by software development teams to improve code quality by assisting them with the code review process, mitigating some human error, enforcing quality guidelines, and building quality gates, among other features.[3]
| Qodana | |
|---|---|
| |
 Qodana insights dashboard example | |
| Developer | JetBrains |
| Initial release | 2023 |
| Stable release | 2025.3
/ December 19, 2025[1] |
| Written in | |
| Operating system | Cross-platform |
| Type | Static program analysis |
| License | Proprietary |
| Website | jetbrains |
History and product development
Qodana preview was released in 2021, and the product was officially launched to the public in 2023, with support for over 60 programming languages and frameworks, most CI pipelines, and many JetBrains IDEs.[3]
JetBrains made a Visual Studio Code extension available in late 2023.[4][5] In 2024, hardcoded password detection was implemented as well as self-hosting.[6]
In 2025, integration with the AI-enabled Cursor was introduced, as well as a public API, native mode configuration, an insights dashboard, single sign-on for enterprise clients, SOC 2 compliance and OWASP security inspections.[7][8][9]
While developers can use the tool to support code reviews, spot bugs, and build quality gateways, it was also designed for QA engineers, security managers, development team leads, and legal teams.[3] For these teams, it is a code quality monitoring tool to identify and suggest fixes for bugs, security vulnerabilities, duplications, licence audits and imperfections.
Capabilities
The static code analysis tool integrates with CI/CD pipelines, allowing developers to address code problems within the IDE.[2] Qodana is the sole code quality platform that leverages inspections directly integrated into JetBrains IDEs.[3]
Features
- Insights dashboard
- Self-hosting
- SOC 2-compliant
- Baseline state comparison
- Project license audit (SBOM)[10]
- Quality gates
- Code inspections
- Global configuration
- Quick fix
- Taint analysis
- Vulnerability checker
- Multi-IDE support
- CI/CD integration
- Public API
- SSO
- OWASP inspections
- Hardcoded password detection
