Source code analysis tool are used to scan and analyze your Salesforce code (Apex, Visualforce, Lightning, JavaScript, HTML5), detect violation of best practices, inefficiencies & security vulnerabilities along with recommendations to fix it. Integrate it with your IDE, source control repository, and/or CI/CD pipeline to automate the analysis and raise a hand when something needs your attention. Bake quality in your code with these code scanning tools
1. Force.com Code Scanner Portal
- Provided by Salesforce in partnership with Checkmarx
- Submit the scanning request and get the result through email
- Limited to 360,000 lines of code scanned in any trailing 12 month period
- Free
2. Checkmarx
- Scan Apex, VisualForce, Javascript, HTML5
- IDE & Source Repository Integration
- Has a free plan with limited features
- Contact the company for paid plans
3. Clayton
- Scans Apex, Visualforce, Lightning, Process Builder, Flows, object definitions, and more
- Catch OWASP Top 10 vulnerabilities as well as Salesforce-specific security flaws such as CRUD and FLS violations, SOQL-injections and more.
- Has a free plan with limited features
- Paid plans start from US$ 599/month
4. Codescan.io
- Choose from self-host or cloud plan
- 500+ security and quality rules for Apex, Visualforce, Lightning and Metadata
- Integrates directly with Salesforce and all popular CI/CD pipelines
- Integrates into the developer environment
- US$ 2,800/year for 40,000 lines of code
5. Apex PMD
- Finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth
- Supports Salesforce Apex & Visualforce
- Also available as an Extension in Visual Studio
- Free
5. Sonarsource
- Apex static code analysis for 56 rules
- Integrates with CI/CD
- Integrates with Source/Version Control Systems
- Available on Cloud with Sonarcloud and on-premise with Sonarqube
- Free & open source
.png)
0 Comments