In December 2020, we announced the EAP for Qodana, which is rapidly evolving into a comprehensive platform that allows companies to perform multi-level evaluations of the quality of code they own, contract, or purchase.
Qodana helps you detect bugs without relying on an IDE, either on a local machine or a build server, and it is designed to be seamlessly integrated into CI/CD pipelines. In addition to delivering static analysis for automated project-level evaluations, the Qodana team is developing additional audit features. One of them is Clone Finder, which looks for duplicates in software repositories.
Why is this important? Code duplication and reuse present several problems and risks:
- Penalties for the unlicensed use of third-party code
- Excessive project maintenance costs due to overgrown codebases
- Increased security risks because fixing detected vulnerabilities across all instances of the copied code can be difficult
Clone Finder is designed to prevent these problems rather than face the consequences down the line. By supporting CI integration, the tool makes clone detection a routine check and makes it possible to find borrowed code before it can lead to trouble.
A sample report
Clone Finder’s UI provides a variety of features that make the analysis more helpful and convenient:
- A sunburst diagram offers a quick overview of the problems detected.
- From the diagram you can navigate to a complete list of detected problems. Clones are prioritized and displayed in the order of their importance.
- When you expand an item, the duplicate code fragments are provided with decorated code diffs and are annotated with tags, licenses, languages, and file paths.
We’ve created a playground that allows you to see Qodana in action for popular projects: PHPUnit, WordPress, Laravel, Pest. To open the playground, use the following link https://qodana.teamcity.com/ and select the Login as guest option to explore the UI integrated into JetBrains TeamCity. In this example, you can use the Qodana tab to see that there are 7 duplicates.
A decorated clone diff
Let’s take a closer look at our web reports.
A diff example in PHP.
A diff example in Java with a license mismatch warning.
Clone Finder highlights similar lines and presents the following information to help you investigate the problem:
Lists all detected duplicate functions ranked by their importance.
Categorizes detected copies using 256 topics (see Figure 3 for a dendrogram of supported topics).
Lists licenses related to duplicate code fragments detected in the compared projects.
By the way, to supplement this feature, we are working on another tool that will list the licenses for third-party libraries used in the queried project and warn about incompatibilities between the queried project’s license and third-party licenses. Stay tuned!
- License mismatch warnings
Displays a warning when the licenses in duplicate code fragments are different.
Displays the programming language of the clones. The EAP version of Clone Finder supports PHP, Java, and Kotlin.
Try it now
Clone Finder is packed into a ready-to-use Docker image.
Detailed instructions on how to start using Qodana are available in our documentation.
You can run it:
- By manually invoking it in your projects
- By integrating it into your CI gateway
- Using GitHub Actions
- On JetBrains TeamCity, both standalone and Cloud
JetBrains Qodana Clone Finder is now available under an Early Access Program (EAP). During the EAP, users will have full access to the Qodana IntelliJ Docker image, the Qodana IntelliJ TeamCity plugin, and the Qodana IntelliJ GitHub application free of charge. While we try to keep EAP releases stable, they have not undergone the same degree of testing as full public release builds. This means both that there may still be flaws and also that the UI and configurations can change frequently.