Top 5 Salesforce Source Code Analysis Tools

Source code analysis tool are used to scan and analyze your Salesforce code (Apex, Visualforce, Lightning, JavaScript, HTML5), detect violation of best practices, inefficiencies & security vulnerabilities along with recommendations to fix it. Integrate it with your IDE, source control repository, and/or CI/CD pipeline to automate the analysis and raise a hand when something needs your attention. Bake quality in your code with these code scanning tools

1. Force.com Code Scanner Portal

Provided by Salesforce in partnership with Checkmarx
Submit the scanning request and get the result through email
Limited to 360,000 lines of code scanned in any trailing 12 month period
Free

2. Checkmarx

Scan Apex, VisualForce, Javascript, HTML5
IDE & Source Repository Integration
Has a free plan with limited features
Contact the company for paid plans

3. Clayton

Scans Apex, Visualforce, Lightning, Process Builder, Flows, object definitions, and more
Catch OWASP Top 10 vulnerabilities as well as Salesforce-specific security flaws such as CRUD and FLS violations, SOQL-injections and more.
Has a free plan with limited features
Paid plans start from US$ 599/month

4. Codescan.io

Choose from self-host or cloud plan
500+ security and quality rules for Apex, Visualforce, Lightning and Metadata
Integrates directly with Salesforce and all popular CI/CD pipelines
Integrates into the developer environment
US$ 2,800/year for 40,000 lines of code

5. Apex PMD

Finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth
Supports Salesforce Apex & Visualforce
Also available as an Extension in Visual Studio
Free

5. Sonarsource