Salesforce recently announced the general availability of their own code analyzer tool, which brings popular quality scans to the local development environment, including PMD, ESLint, RetireJS, Cop/Paste Detector and Salesforce Graph Engine.
Tag: Security
View Sonar Analysis for Apex in VS Code
In previous posts, we looked at how to set up SonarCloud code analysis for Salesforce using automatic analysis, as well as GitHub Actions to trigger scans from a CI job. Show the results of code analysis once changes are merged to a shared branch is great, but ideally develops are […]
Add Apex Code Coverage to GitHub Pull Requests with SonarCloud
In the previous SonarCloud post, we looked at how to set up SonarCloud code analysis for Salesforce using automatic analysis, as well as GitHub Actions to trigger scans from a CI job. If you want to include Apex test code coverage in the SonarCloud dashboard then running the scan from […]
SonarCloud Code Analysis for Salesforce
SonarCloud is the hosted offering of SonarQube, provided by SonarSource. In this post we will look at how to run a Sonar code quality scan on a Salesforce project using automatic analysis and GitHub Actions. The example in this post is focused on Apex classes and triggers, but SonarCloud also […]
Veracode Static Code Analysis for Salesforce
Veracode is a leading provider of application security testing products. Veracode recently added support for Apex, Visualforce, Lightning Web Components and Aura components to its static code analysis product. Veracode provides three solutions for scanning code: an IDE plugin called Greenlight, a development pipeline option called Pipeline Scan, and a […]