The Force.com Source Scanner was upgraded recently with some new goodies. Here's what you'll find:
- New "Beta" rules. There's a number of rules we haven't yet exposed due to quality or performance issues. They work pretty well, just not up to our standards completely. Select "Beta" from the scan type dropdown and you'll get feedback on areas such as CRUD/FLS violations, open redirects, and a few others. You can find some more documentation on our help page.
- Stored XSS identification should be improved dramatically. We are now analyzing the data types, so you shouldn't see false positives where the data retrieved won't allow arbitrary strings (eg: Numbers, Lookups, etc).
- Various other quality and reliability fixes.
As always, please feel free to comment below or shoot us an email at securecloud @ salesforce [dot] com.