What is it?
Introduction: In the dynamic world of Salesforce development, maintaining the highest quality of code is crucial for building scalable, efficient, and error-free applications.
You might read some of my previous articles on PMD and SFDX CLI Scanner in this blog.
This is where the Salesforce Code Analyzer comes to the rescue, with its new capabilities announced.
The Salesforce Code Analyzer is a powerful tool that analyzes your Apex code and provides valuable insights, suggestions, and optimizations to enhance the overall quality and performance of your Salesforce applications.
development efforts with the Salesforce Code Analyzer. Let’s embark on this exciting journey together!
Code Analyzer currently supports the:
| Rule Engine | Description |
|---|---|
| Salesforce Graph Engine | Detects security and quality issues in code, as an open-source |
| PMD | Allows for static analysis of code including Apex, and Visualforce |
| CPD | Identifies blocks of duplication across files |
| ESLint for LWC | Evaluates Salesforce Lightning Web Components |
| ESLint for Typescript | Evaluates any targeted TypeScript (.ts) files |
| RetireJS | Analyzes a project’s third-party JavaScript dependencies and identifies security vulnerabilities |
Installation
As you probably have the Salesforce CLI, then this is candy for you:
sfdx plugins:install @salesforce/sfdx-scanner
Usage
Even Code Analyzer is a SFDX CLI plugin, unfortunately is not integrated in VsCode, but in this video Alba and Ananya made by day, announcing that later this year, we’ll be able to have in our Vscode (6′:47») – btw very recommended video.
Also, in my opinion, the main command sfdx:scanner:run is overwhelming with the huge number of options available:
sfdx scanner:run -t <array> [-c <array>] [-r <array>] [-e <array>] [-f
csv|html|json|junit|sarif|table|xml] [-o <string>] [--tsconfig <string>] [--eslintconfig <string>] [--pmdconfig <string>] [--env <string>] [-s <integer> | undefined | [-v | --json]] [--normalize-severity] [--verbose] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
If you want to try it in your code without much of a hustle:
- Go to your project and place yourself in the root of your project
- Execute:
sfdx scanner:run -t . - Don’t miss the point indicating all files
Results
The following is an abstract of the results when I run this command on the magnificient LWC recipes project:
LOCATION DESCRIPTION CATEGORY U R L
force-app\main\default\classes\AccountController.cls:1 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\AccountController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\AccountController.cls:8 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ApexTypesController.cls:1 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ApexTypesController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ApexTypesController.cls:6 Avoid debug statements since they impact on Performance https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_performance.html#avoiddebugstatements
performance
force-app\main\default\classes\ApexTypesController.cls:6 Calls to System.debug should specify a logging Best Practices https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_bestpractices.html#debugsshoulduselogginglevel
level.
force-app\main\default\classes\ContactController.cls:1 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ContactController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ContactController.cls:22 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ContactController.cls:34 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ContactController.cls:44 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\ContactController.cls:55 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\CustomWrapper.cls:5 Missing ApexDoc @description Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\CustomWrapper.cls:7 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\CustomWrapper.cls:9 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\CustomWrapper.cls:11 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\LMSVisualforceController.cls:1 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\LMSVisualforceController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\LMSVisualforceController.cls:5 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\LMSVisualforceController.cls:9 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\TestAccountController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\TestAccountController.cls:21 'Assert.areEqual' should have 3 parameters. Best Practices https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_bestpractices.html#apexassertionsshouldincludemessage
force-app\main\default\classes\TestAccountController.cls:32 'Assert.areEqual' should have 3 parameters. Best Practices https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_bestpractices.html#apexassertionsshouldincludemessage
force-app\main\default\classes\TestContactController.cls:3 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\TestContactController.cls:19 Missing ApexDoc comment Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\main\default\classes\TestLMSVisualforceController.cls:23 Missing ApexDoc @description Documentation https://pmd.github.io/pmd-6.55.0/pmd_rules_apex_documentation.html#apexdoc
force-app\test\jest-mocks\lightning\modal.js:60 'apis' is defined but never used. problem https://eslint.org/docs/latest/rules/no-unused-vars
force-app\main\default\aura\lmsPublisherAuraComponent\lmsPublisherAuraComponentController.js:10 '$A' is not defined. problem https://eslint.org/docs/latest/rules/no-undef
force-app\main\default\lwc\apexWireMethodWithParams\apexWireMethodWithParams.js:18 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
force-app\main\default\lwc\compositionContactSearch\compositionContactSearch.js:16 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
force-app\main\default\lwc\dispatchEventHeadlessAction\dispatchEventHeadlessAction.js:24 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Empty block statement. suggestion https://eslint.org/docs/latest/rules/no-empty
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
force-app\main\default\staticresources\fullCalendar\main.min.js:8 Expected a conditional expression and instead saw problem https://eslint.org/docs/latest/rules/no-cond-assign
an assignment.
used.
force-app\main\default\lwc\compositionContactSearch\__tests__\compositionContactSearch.test.js:63 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
force-app\main\default\lwc\datatableInlineEditWithUiApi\__tests__\datatableInlineEditWithUiApi.test.js:67 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
force-app\main\default\lwc\ldsNotifyRecordUpdateAvailable\__tests__\ldsNotifyRecordUpdateAvailable.test.js:40 Definition for rule '@lwc/lwc/no-async-operation' problem
was not found.
Executed pmd, found 27 violation(s) across 8 file(s).
Executed eslint, found 202 violation(s) across 16 file(s).
Executed retire-js, found 0 violation(s) across 0 file(s).
Rule violations were logged to the console.
More important than the results is what is not visible:
- Multiples rule engines are executed: PMD, ESlint, etc.
- You can customize the analysis
- Can be attached to an CI/CD pipeline even for the pull request common workflow
- The Salesforce Graph engine detects security issues
It is important to know that Code Analyzer is not unconnected execution of the different rule engines, and for example the Severity is normalized so you can request an analysis based on the same severity across all the rulesets:
| Normalized Severity | PMD | ESLint | ESLint-LWC | ESLint-TypeScript | Retire-JS | Salesforce Graph Engine |
|---|---|---|---|---|---|---|
| 1 (High) | 1 | 2 | 2 | 2 | 1 | 1 |
| 2 (Moderate) | 2 | 1 | 1 | 1 | 2 | 2 |
| 3 (Low) | 3, 4, 5 | 3 | 3 |
As a Salesforce developer or architect, stay tuned and get ready to supercharge your development experience with SFCA. The future of static code analysis will be through this tool, and I think it’s time to embrace its transformative power.
Links
- Find the lastest info to SFCA here: https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/introduction/
Salesforce FOR ARTISANS 
Deja una respuesta