Use a source code analysis tool to scan and analyze your Salesforce code (Apex, Visualforce, Lightning, JavaScript, HTML5), detect violation of best practices, inefficiencies & security vulnerabilities along with recommendations to fix it. Integrate it with your IDE, source control repository, and/or CI/CD pipeline to automate the analysis and raise a hand when something needs your attention. Bake quality in your code with these code scanning tools
(Tools, that I personally use or have used and recommended are marked with a heart)
1. Force.com Code Scanner Portal (♥)
- Provided by Salesforce in partnership with Checkmarx
- Submit the scanning request and get the result through email
- Limited to 360,000 lines of code scanned in any trailing 12 month period
- Free
2. Apex PMD (♥)
- Finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth
- Supports Salesforce Apex & Visualforce
- Also available as an Extension in Visual Studio
- Free
- Related Blog Post: Salesforce Code Scanner – How to Bake Quality in Your Code with Apex PMD
3. Codescan.io (♥)
- Choose from self-host or cloud plan
- 500+ security and quality rules for Apex, Visualforce, Lightning and Metadata
- Integrates directly with Salesforce and all popular CI/CD pipelines
- Integrates into the developer environment
- Contact the company for paid plans
4. Checkmarx
- Scan Apex, VisualForce, Javascript, HTML5
- IDE & Source Repository Integration
- Has a free plan with limited features
- Contact the company for paid plans
5. Clayton
- Scans Apex, Visualforce, Lightning, Process Builder, Flows, object definitions, and more
- Catch OWASP Top 10 vulnerabilities as well as Salesforce-specific security flaws such as CRUD and FLS violations, SOQL-injections and more.
- Has a free plan with limited features
- Paid plans start from US$ 599/month
6. Sonarsource
- Apex static code analysis for 56 rules
- Integrates with CI/CD
- Integrates with Source/Version Control Systems
- Available on Cloud with Sonarcloud and on-premise with Sonarqube
- Free & open source
Don’t see the tool of your choice listed here? Please feel free to mention it in the comments below for other readers’ benefit.
Want to see a list of more of such useful resources & tools under different categories? Please do take a look at the resources page.
You’re missing DigitSec, made for Salesforce, it’s fab!!
Panaya’s Foresight gives you exactlly that:
https://www.youtube.com/watch?v=gMYE8Kuq9kU