Qodana vs. InspectCode

[Danielku15]

Ignoring fully aspects like the convenience, interactivity, etc. of Qodana. And limiting the question to C++ and C# only.

What additional analyses does Qodana perform compared to the JetBrains InspectCode and JetBrains Rider? Can we expect the exact same inspections and reports or is there a more advanced static code analysis done?

Comparing it to SonarQube: SonarQube tracks certain usages across the codebase and reports problematic code execution flows (something is not validated at method A and data is forwarded to method B, and in method B data might be used in some way that causes problems). This goes beyond what I've seen in the JetBrains IDEs.

[matkoch]

Everything related to .NET is essentially running InspectCode which now can output results in SARIF format. See https://www.jetbrains.com/help/qodana/dotnet.html. That also means that the feature set / inspections in Qodana are the same as in the IDE. With the added benefit of quality gates, historical statistics, license checks, and outsourced analysis load (CI agent).

One of the really cool improvements is that it's easier to reference plugins. You just add them to the qodana.yml.