Salesforce Graph Engine performs more complex checks than an average static analysis tool because Graph Engine uses data flow analysis, which is a technique for gathering information about the possible set of values calculated at various points in the application.
Salesforce recently announced the general availability of their own code analyzer tool, which brings popular quality scans to the local development environment, including PMD, ESLint, RetireJS, Cop/Paste Detector and Salesforce Graph Engine.
In previous posts, we looked at how to set up SonarCloud code analysis for Salesforce using automatic analysis, as well as GitHub Actions to trigger scans from a CI job. Show the results of code analysis once changes are merged to a shared branch is great, but ideally develops are […]
In the previous SonarCloud post, we looked at how to set up SonarCloud code analysis for Salesforce using automatic analysis, as well as GitHub Actions to trigger scans from a CI job. If you want to include Apex test code coverage in the SonarCloud dashboard then running the scan from […]
SonarCloud is the hosted offering of SonarQube, provided by SonarSource. In this post we will look at how to run a Sonar code quality scan on a Salesforce project using automatic analysis and GitHub Actions. The example in this post is focused on Apex classes and triggers, but SonarCloud also […]
Veracode is a leading provider of application security testing products. Veracode recently added support for Apex, Visualforce, Lightning Web Components and Aura components to its static code analysis product. Veracode provides three solutions for scanning code: an IDE plugin called Greenlight, a development pipeline option called Pipeline Scan, and a […]