Useful Resources: Source Code Analysis Tools

Source Code Analysis Tool

Use a source code analysis tool to scan and analyze your Salesforce code (Apex, Visualforce, Lightning, JavaScript, HTML5), detect violation of best practices, inefficiencies & security vulnerabilities along with recommendations to fix it. Integrate it with your IDE, source control repository, and/or CI/CD pipeline to automate the analysis and raise a hand when something needs your attention. Bake quality in your code with these code scanning tools

(Tools, that I personally use or have used and recommended are marked with a heart)

1. Force.com Code Scanner Portal ()

  • Provided by Salesforce in partnership with Checkmarx
  • Submit the scanning request and get the result through email
  • Limited to 360,000 lines of code scanned in any trailing 12 month period
  • Free

2. Apex PMD ()

3. Codescan.io ()

  • Choose from self-host or cloud plan
  • 500+ security and quality rules for Apex, Visualforce, Lightning and Metadata
  • Integrates directly with Salesforce and all popular CI/CD pipelines
  • Integrates into the developer environment
  • Contact the company for paid plans

4. Checkmarx

  • Scan Apex, VisualForce, Javascript, HTML5
  • IDE & Source Repository Integration
  • Has a free plan with limited features
  • Contact the company for paid plans

5. Clayton

  • Scans Apex, Visualforce, Lightning, Process Builder, Flows, object definitions, and more
  • Catch OWASP Top 10 vulnerabilities as well as Salesforce-specific security flaws such as CRUD and FLS violations, SOQL-injections and more.
  • Has a free plan with limited features
  • Paid plans start from US$ 599/month

6. Sonarsource

  • Apex static code analysis for 56 rules
  • Integrates with CI/CD
  • Integrates with Source/Version Control Systems
  • Available on Cloud with Sonarcloud and on-premise with Sonarqube
  • Free & open source

Don’t see the tool of your choice listed here? Please feel free to mention it in the comments below for other readers’ benefit.

Want to see a list of more of such useful resources & tools under different categories? Please do take a look at the resources page.

2 thoughts on “Useful Resources: Source Code Analysis Tools”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top