A year back we began supporting source code analysis on Force.com through http://security.force.com/sourcescanner.  We've had great success with it, but the number one piece of feedback we've gotten from all of you was why there wasn't any integration with the Force.com IDE.

Checkmarx, the company we partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of you.  For 90 days, for the first 1000 developers, they'll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC).  The great thing about this is that you get actionable results, directly in your IDE, without having to cross reference line numbers in a report like you have to do today.  I hope this is a great resource for all of you!

Download a copy at http://www.apexscanner.com

Some things to keep in mind:

  • This service is not offered by salesforce.com, but we engaged with Checkmarx to help ensure quality.
  • Support questions should be directed at support@checkmarx.com

All that said, we're very interested in getting feedback from our community on what they like, what they don't and if this is something they'd like to see more of.

Check it out!



tagged , Bookmark the permalink. Trackbacks are closed, but you can post a comment.
  • http://www.d3developer.com Joel Dietz / d3developer

    Doesn’t work on OS X (it looks like)

  • Robert

    We have tested it on OS X and it worked. It may be something specific with your environment. I would suggest reaching out to support@checkmarx.com for any issues. thanks!

  • http://www.innoexcel.com/erpsoftwarecompany.htm ERP Companies India

    You have a good overview of the 3 source code scanners, are these the commonly used one’s, are there any other.
    I had a quick question on source code scanners, Can this scanners be used to scan code written for different platforms?

  • http://profile.typepad.com/force201wordpresscom Force201.wordpress.com

    Worked fine for me on OS X.
    Also see http://force201.wordpress.com/2011/03/15/free-force-com-security-source-code-scanner-revisited/ for a couple of comments on false positives.

  • http://profile.typepad.com/finditez FinditEZ

    In response to the post from ERP Companies India on Feb 8 2011, we have a source code scanner that supports multiple languages, has plugins for Google Code Search ( open source ) and Visual Studio IDE with an Eclipse plugin coming soon.
    It also connects directly to major relational databases ( SQL Server, MySQL, Oracle, DB2 ) to scan table data, SQL code and schema … as well as binary files such as Crystal Reports to give you a full 360-degree scan of your entire application codebase. Check our http://www.finditez.com