Qodana for .NET
The Docker image for the Qodana for .NET linter is provided to support different usage scenarios:
Running the analysis on a regular basis as part of your continuous integration (CI-based execution)
Single-shot analysis (for example, performed locally).
If you are familiar with Rider code inspections and know what to expect from the static analysis outside the editor, you can skip the following section and continue from Using an existing profile.
If you are just starting in the field, we recommend proceeding with the default setup we provide. You will see the results of the most common checks performed on your code base. Later, you can adjust them to suit your needs better.
You can run the Qodana for .NET linter using two methods. Qodana CLI is the easiest method. If necessary, check the installation page to install Qodana CLI. Alternatively, you can use the Docker commands from the tab.
Quick start with the recommended profile
Run analysis locally
Pull the image from Docker Hub (only necessary to update to the
latest
version):docker pull jetbrains/qodana-dotnet:2023.1-eapRun the following command:
docker run --rm -it -p 8080:8080 \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ jetbrains/qodana-dotnet:2023.1-eap --show-reportwhere
source-directory
andoutput-directory
are full local paths to, respectively, the project source code directory and the analysis results directory.
This command will run the analysis on your source code and start the web server to provide a convenient view of the results. Open http://localhost:8080
in your browser to examine the found problems and performed checks. Here you can also reconfigure the analysis. See the User interface overview for details. When done, you can stop the web server by pressing Ctrl-C in the Docker console.
If you don't need the user interface and prefer to study raw data, use the following command:
The output-directory
will contain all the necessary results. You can further tune the command as described in the technical guide.
If you run the analysis several times in a row, make sure you've cleaned the results directory before using it in docker run
again.
In the project root directory, run this command to inspect your code:
If you don't need the user interface and prefer to study raw data, use the following command:
The output-directory
specifies the directory where the SARIF-formatted report will be saved.
Run analysis in CI
Use the following command as a task in a generic Shell executor:
where source-directory
and output-directory
are full paths to, respectively, the project source code directory and the analysis results directory.
Consider using the Quality gate feature to make the build fail when a certain number of problems is reached and the Baseline option to compare each new Qodana for .NET run to some initial run selected as a baseline. Running as non-root is also supported.
Run this command in the project root directory:
This will save inspection results to the directory specified by output-directory
.
You can also apply the Quality gate feature to make the build fail when a certain number of problems is reached by using the --fail-threshold
option.
The Baseline feature compares each new Qodana for .NET run to some initial run using the --baseline
and --baseline-include-absent
options.
Run analysis in GitHub
In GitHub, Qodana is implemented as the Qodana Scan
GitHub Action.To configure the Qodana Scan
GitHub Action, save the .github/workflows/code_quality.yml
file containing the workflow configuration:
Using this workflow, Qodana will run on the main branch, release branches, and on the pull requests coming to your repository.
Because Qodana Scan
is experimental, you may need to additionally configure the pr-mode
parameter in the with
section:
By default, Qodana Scan
uses the experimental mode of the Qodana for .NET linter. If you are experiencing issues with it, you can report an issue in our bug tracker.
To authorize in Qodana Cloud and forward reports to it, follow these steps:
In the GitHub UI, create the
QODANA_TOKEN
encrypted secret and save the project token as its value.In a GitHub workflow, add this snippet to invoke the
Qodana Scan
action:- name: 'Qodana Scan' uses: JetBrains/qodana-action@v2022.3.3 env: QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
Using an existing profile
This section is intended for users familiar with configuring code analysis via Rider inspection profiles.
You can pass the reference to the existing profile by mapping the profile to /data/profile.xml
inside the container:
You can pass the reference to the existing profile by mapping the profile inside the container:
Configure via qodana.yaml
The qodana.yaml
file will be automatically recognized and used for the analysis configuration, so that you don't need to pass any additional parameters.
The references to the inspection profiles will be resolved in a particular order. To learn about the format, see YAML file.
Analyze specific solution or project
By default, Qodana tries to locate and employ a single solution file, or, if no solution file is present, it tries to find a project file. If your project contains multiple solution files, you need to specify the exact file name using the --property
option. For example, to make Qodana always analyze the MySolution.sln
solution file, you can use:
Alternatively, you can specify the solution file name in the qodana.yaml
file using the solution
option:
If you project contains no solution files and multiple project files, you need to specify the exact file name of a project. For example, for the MyProject.csproj
project file it can be:
Alternatively, you can specify the project file name in the qodana.yaml
file using the project
option:
Configure a solution
A solution configuration defines which projects in the solution are build, and which project configurations are used for specific projects within the solution.
Each newly-created solution includes the Debug
and Release
configurations, which can be complemented by your custom configurations.
You can switch configurations of the current solution using the --property
configuration option. For example, use this to switch to the Release
configuration:
Alternatively, you can specify the configuration in qodana.yaml
:
By default, the solution platform is set to Any CPU
.You can override this using the --property
option:
Alternatively, you can specify the platform in qodana.yaml
:
Inspect projects using private NuGet repositories
Qodana for .NET does not support authentication for private NuGet repositories using, for example, Windows Authentication. To overcome this limitation, you can place all required packages within the Qodana cache as shown below:
In the local filesystem, create the folder that will contain cache. For example, it can be
C:/Temp/QodanaCache
.Run Qodana using the
--cache-dir C:/Temp/QodanaCache
option.Copy all NuGet packages contained by default in the
%userprofile%\.nuget\packages
folder toC:/Temp/QodanaCache/nuget
. If you have a custom package folder, copy packages from that folder instead of%userprofile%\.nuget\packages
.Run Qodana using the
--cache-dir C:/Temp/QodanaCache
once more.
Usage statistics
According to the JetBrains EAP user agreement, we can use third-party services to analyze the usage of our features to further improve the user experience. All data will be collected anonymously. You can disable the reporting of usage statistics by adjusting the options of the Docker command you use. Refer to the technical guide for details.