Developer(s) | JetBrains |
---|---|
Initial release | 2023 |
Stable release | 2023.2 / July 27, 2023 [1] |
Written in | |
Operating system | Cross-platform |
Type | Static program analysis |
License | Proprietary |
Website | jetbrains |
Qodana, created by developer tools company JetBrains, is a code quality platform with a static analysis engine that integrates into CI/CD pipelines. [2] It is used by software development teams to improve code quality by assisting them with the code review process, mitigating some human error, enforcing quality guidelines, and building quality gates, among other features. [3]
Qodana preview was released in 2021, and the product was officially launched to the public in 2023, with support for over 60 programming languages and frameworks, most CI pipelines, and many JetBrains IDEs. [3] JetBrains made a Visual Studio Code extension available in late 2023. [4] [5]
While developers can use the tool to support code reviews, spot bugs, and build quality gateways, it was also designed for QA engineers, security managers, development team leads, and legal teams. [3] For these teams, it is a code quality monitoring tool to identify and suggest fixes for bugs, security vulnerabilities, duplications, licence audits and imperfections.
The static code analysis tool integrates with CI/CD pipelines, allowing developers to address code problems within the IDE. [2] Qodana is the sole code quality platform that leverages inspections directly integrated into JetBrains IDEs. [3]
An integrated development environment (IDE) is a software application that provides comprehensive facilities for software development. An IDE normally consists of at least a source-code editor, build automation tools, and a debugger. Some IDEs, such as IntelliJ IDEA, Eclipse and Lazarus contain the necessary compiler, interpreter or both; others, such as SharpDevelop, NetBeans do not.
A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.
Web development is the work involved in developing a website for the Internet or an intranet. Web development can range from developing a simple single static page of plain text to complex web applications, electronic businesses, and social network services. A more comprehensive list of tasks to which Web development commonly refers, may include Web engineering, Web design, Web content development, client liaison, client-side/server-side scripting, Web server and network security configuration, and e-commerce development.
IntelliJ IDEA is an integrated development environment (IDE) written in Java for developing computer software written in Java, Kotlin, Groovy, and other JVM-based languages. It is developed by JetBrains and is available as an Apache 2 Licensed community edition, and in a proprietary commercial edition. Both can be used for commercial development.
In software engineering, continuous integration (CI) is the practice of merging all developers' working copies to a shared mainline several times a day. Nowadays it is typically implemented in such a way that it triggers an automated build with testing. Grady Booch first proposed the term CI in his 1991 method, although he did not advocate integrating several times a day. Extreme programming (XP) adopted the concept of CI and did advocate integrating more than once per day – perhaps as many as tens of times per day.
The following tables list notable software packages that are nominal IDEs; standalone tools such as source-code editors and GUI builders are not included. These IDEs are listed in alphabetic order of the supported language.
TypeScript is a free and open-source high-level programming language developed by Microsoft that adds static typing with optional type annotations to JavaScript. It is designed for the development of large applications and transpiles to JavaScript. Because TypeScript is a superset of JavaScript, all JavaScript programs are syntactically valid TypeScript, but they can fail to type-check for safety reasons.
FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity. FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, NetBeans, IntelliJ IDEA, Gradle, Hudson, Maven, Bamboo and Jenkins.
Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.
This is a compendium of continuous integration software that supports a software engineering practice, continuous integration, in which developers' changes are immediately tested and reported when they are added to the mainline code base. The comparison of various continuous integration tools is done on the basis of platform, license, builders and Integration IDEs.
YouTrack is a proprietary, commercial browser-based bug tracker, issue tracking system and project management software developed by JetBrains. It focuses on query-based issue search with auto-completion, manipulating issues in batches, customizing the set of issue attributes, and creating custom workflows.
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.
Pylint is a static code analysis tool for the Python programming language. It is named following a common convention in Python of a "py" prefix, and a nod to the C programming lint program. It follows the style recommended by PEP 8, the Python style guide. It is similar to Pychecker and Pyflakes, but includes the following features:
PyCharm is an integrated development environment (IDE) used for programming in Python. It provides code analysis, a graphical debugger, an integrated unit tester, integration with version control systems, and supports web development with Django. PyCharm is developed by the Czech company JetBrains.
Dart is a programming language designed by Lars Bak and Kasper Lund and developed by Google. It can be used to develop web and mobile apps as well as server and desktop applications.
JetBrains s.r.o. is a Czech software development private limited company which makes tools for software developers and project managers. The company has its headquarters in Prague, and has offices in China, Europe, and the United States.
CircleCI is a continuous integration (CI) and continuous delivery (CD) platform that can be used to implement DevOps practices. The company was founded in September 2011 and has raised $315 million in venture capital funding as of 2021, at a valuation of $1.7 billion. CircleCI is one of the world's most popular CI/CD platforms. Facebook, Coinbase, Sony, Kickstarter, GoPro, and Spotify used CircleCI in 2019.
ESLint is a static code analysis tool for identifying problematic patterns found in JavaScript code. It was created by Nicholas C. Zakas in 2013. Rules in ESLint are configurable, and customized rules can be defined and loaded. ESLint covers both code quality and coding style issues. ESLint supports current standards of ECMAScript, and experimental syntax from drafts for future standards. Code using JSX or TypeScript can also be processed when a plugin or transpiler is used.
Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.