A year back we began supporting source code analysis on Force.com through http://security.force.com/sourcescanner. We've had great success with it, but the number one piece of feedback we've gotten from all of you was why there wasn't any integration with the Force.com IDE.
Checkmarx, the company we partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of you. For 90 days, for the first 1000 developers, they'll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC). The great thing about this is that you get actionable results, directly in your IDE, without having to cross reference line numbers in a report like you have to do today. I hope this is a great resource for all of you!
Download a copy at http://www.apexscanner.com.
Some things to keep in mind:
- This service is not offered by salesforce.com, but we engaged with Checkmarx to help ensure quality.
- Support questions should be directed at [email protected]
All that said, we're very interested in getting feedback from our community on what they like, what they don't and if this is something they'd like to see more of.
Check it out!