Quantcast
Viewing all articles
Browse latest Browse all 188

Salesforce Code Analyzer 5 Beta Now Available: Here’s What’s New

Salesforce has announced the Beta version of Salesforce Code Analyzer 5 is now available to install. 

John Belo, Product Management Leader at the cloud giant, revealed the news in a LinkedIn post on January 14.

How to Install Code Analyzer 5 Beta 

The Code Analyzer 5 Beta is now available for installation via the command-line interface (CLI) by running ‘sf plugins install code-analyzer’. 

It helps you identify problems in Apex, Lightning Web Components (LWC), JavaScript (JS), Visualforce (VF), Extensible Markup Language (XML) code and Flows thanks to a default set of rules selected by Salesforce, John Belo wrote. He added that the company has revamped default severity levels and categories for these rules.

John also announced several new capabilities in the beta, including: 

  • Flowtest, a new data flow engine to scan Flows for security problems
  • Copy-Paste Detection (CPD) to detect duplicate code
  • An expanded PMD (source-code analyzer) ruleset made in collaboration with the AppExchange Security Review team
  • An expanded Regex (regular expression) ruleset, with new rules for Apex
  • SARIF (Static Analysis Results Interchange Format) support

Salesforce has also published v2 of their Run Code Analyzer GitHub Action, now fully supporting Code Analyzer 5.

Differences Between Salesforce Code Analyzer Versions 4 and 5 (Beta)

Salesforce says that Version 5 of Code Analyzer maintains its “essential mandate”, making sure code adheres to best practices and helping people identify problems earlier in the development process. 

The company writes in its online guide: “We’ve rearchitected the product to make it even easier for you to use. We’ve also made it progressively more powerful, helping new users get started while providing advanced customization capabilities for more experienced users. This Beta release gives you a taste of the changes.”

Salesforce Code Analyzer Version 5 introduces a new Salesforce CLI plugin – @salesforce/plugin-code-analyzer – which brings a series of new CLI commands in the code-analyzer topic. 

The commands provide the same functionality as before like listing available rules and running them on your code base, but Salesforce says it has “improved the overall experience”, making the commands more “intuitive and powerful”. 

Unlike with v4, the new command line interface (CLI) features a single, versatile run command with a “powerful rule selection mechanism” which lets you precisely choose the exact set of rules you want to run, Salesforce says. You can even run a single rule if you want.

The cloud giant says that configuring Code Analyzer v5 is now “more straightforward and flexible than ever”. 

Salesforce says it has provided a default configuration that works well for most users without needing any customizations. But for those who want to modify existing rule properties, add new rules, customize engine behavior, or adjust other aspects of Code Analyzer, it is possible to create a custom configuration file. 

This file – code-analyzer.yml – is a single, easily updated YAML-based file, which can be stored within a Salesforce project workspace, making it simple to apply in continuous integration and continuous delivery (CI/CD) pipelines, the company says. 

Salesforce claims they are “particularly proud” of a new feature that lets you assign individual tags to each rule. This feature allows you to more easily select the rules that meet your specific needs, the company says. 

Salesforce also introduced two new engines. The first of which, the Regex engine, lets you run and create simple regular expression-based rules inside of your Code Analyzer configuration file. The second, the Flowtest engine, audits Salesforce Flows and reports detailed information about security issues.

Salesforce says the output has “dramatically improved” with Code Analyzer v5. The terminal now displays more responsive real-time progress updates, and you can also write results to multiple output types, the company said. 

Salesforce also improved the format of these outputs, including csv, xml, json, and html, they said. 

The company’s new HTML report also allows you to navigate violations more easily with search, grouping, and “more”, they said.

Finally, in v5, you now execute the AppExchange Security rules using syntax similar to any other rule: by running – code-analyzer run –rule-selector AppExchange. 

In v4 the company had provided a separate pmd-appexchange engine.

Summary

Salesforce has launched the Beta version of Code Analyzer 5. You can install it via the command-line interface (CLI) by running ‘sf plugins install code-analyzer’.

A number of new capabilities have been launched in the beta, including Flowtest; Copy-Paste Detection (CPD); an expanded PMD (source-code analyzer) ruleset; an expanded Regex (regular expression) ruleset and SARIF (Static Analysis Results Interchange Format) support.

The post Salesforce Code Analyzer 5 Beta Now Available: Here’s What’s New appeared first on Salesforce Ben.


Viewing all articles
Browse latest Browse all 188

Trending Articles