Use the VS Code Extension to Analyze Your Code

The Salesforce Code Analyzer Visual Studio Code (VS Code) extension integrates many of Code Analyzer’s most useful features into VS Code, so you can run them easily with clicks instead of terminal CLI commands.

The Code Analyzer VS Code extension is available for installation in the VS Code desktop application. It comes pre-installed in Code Builder as a part of the Salesforce Extensions for VS Code Expanded pack.

You can use the Code Analyzer VS Code Extension in the VS Code desktop application on your local computer or in Code Builder.

Before you begin, be sure these minimum system requirements are installed on your computer.

• VS Code: Version 1.90.0 or higher.
• Java: Version 11 or higher. (Required for the PMD, CPD, and Salesforce Graph engines.)
• Python: Version 3.10 or higher. (Required for the Flowtest engine.)

Then follow these steps to update your VS Code desktop application with the Code Analyzer extension and its dependencies.

1. Install Salesforce CLI on your computer.

2. Install the required Salesforce Code Analyzer CLI plugin by running this command in the VS Code terminal:

3. Install the Salesforce Extensions for VS Code (Expanded) extension pack.

   The expanded extension pack installs tools for developing on Salesforce Platform, including the Code Analyzer VS Code extension.

   You can also install the Code Analyzer VS Code extension on its own if you prefer not to install the full Salesforce expanded pack.

4. Open VS Code and go to the Settings tab (Code > Settings > Settings) and search for Code Analyzer.

5. Click the User tab to change the setting globally or click Workspace to change it for just your workspace.

6. Click Code Analyzer: Enable V5 to use Code Analyzer v5 rather than the default v4.

7. Optionally customize your Code Analyzer configuration by creating a YAML configuration file and putting it in your project root.

   The default Code Analyzer configuration is designed to meet the needs of most users, which is why this step is optional. See Customize the v5 Configuration for details.

Before you begin, be sure you set up Code Builder. Code Builder comes with almost everything you need, such as VS Code, Salesforce extensions (including the Code Analyzer VS Code extenion), Salesforce CLI, Java, and Python. Then follow these steps to finish the install and configuration.

1. Install the required Salesforce Code Analyzer CLI plugin by running this command in the Code Builder terminal:

2. Go to the Settings tab (Code > Settings > Settings) and search for Code Analyzer.

3. Click the User tab to change the setting globally or click Workspace to change it for just your workspace.

4. Click Code Analyzer: Enable V5 to use Code Analyzer v5 rather than the default v4.

5. Optionally customize your Code Analyzer configuration by creating a YAML configuration file and putting it in your project root.

   The default Code Analyzer configuration is designed to meet the needs of most users, which is why this step is optional. See Customize the v5 Configuration for details.

The Code Analyzer VS Code extension supports both v4 and v5 of Code Analyzer. When you install the extension, the default supported version is v4. The Code Analyzer settings are group into general ones that apply to both versions, and then settings that apply to only v4 or v5. Individual settings that apply to only Code Analyzer v4 are labeled (v4 only).

After you perform a scan, the Output panel displays which version of Code Analyzer you used:

Follow these general steps to scan your code; see subsections for details about specific steps.

1. Open your project in VS Code.
2. Scan your code with Code Analyzer.
3. Update your code based on the findings.
4. Rescan your code to ensure you addressed all the issues; iterate as needed.
5. If you’re listing a managed package on AppExchange, see Produce Code Analyzer Reports for AppExchange Security Review.

To perform a Code Analyzer scan of selected files or folders, complete these steps.

To scan selected files or folders:

1. Select a group of files or folders in the VS Code Explorer.
2. Right-click the files or folders and select SFDX: Scan Selected Files or Folders with Code Analyzer.

To scan a single code file:

1. Open a code file in the VS Code editor.
2. From the VS Code Command Palette, select SFDX: Scan Current File with Code Analyzer.
3. Alternatively, right-click in the VS Code editor and select SFDX: Scan Current File with Code Analyzer.

The progress bar notifies you that the scan of your current file is active.

After your scan is complete, note how many files were scanned and how many violations were produced.

When your scan is complete, click the scan summary in the progress bar (1). You see a scrollable list of violations in the Problems tab that Code Analyzer found (2).

Each violation message indicates the violation severity and details about the violation found, using this pattern: SevX: [Violation message]. For example:

Sev3. Validate CRUD permission before SOQL/DML operation or enforce user mode. (PMD via Code Analyzer)

To address the violations found and rescan your code:

1. Scroll through the results that Code Analyzer found.
2. Update and save your code directly in VS Code.
3. When your edits are complete, rescan your code, using your preferred method.

Using Code Analyzer to identify problems and violations in your code is fantastic, but you can also use Agentforce for Developers to fix them too.

Agentforce for Developers is a VS Code extension designed to assist with code generation, code completion, and other coding tasks, making the Salesforce development process much smoother. Code Analyzer seamlessly integrates with Agentforce by offering suggested code fixes for a set of PMD violations. You can then choose to accept or reject the code fixes.

1. If you installed the Code Analyzer VS Code extension on its own, rather than as part of the Salesforce expanded extension pack, install the Agentforce for Developers VS Code extension. The Salesforce expanded extension pack includes the Agentforce for Developers extension.

2. Scan your code as usual.

3. Hover over the identified PMD violation until a small window opens that displays the violation.

   

4. Click Quick Fix.

5. Click Fix <violation> using Agentforce for Developers (Beta), where <violation> is one of the PMD violations that can be fixed with Agentforce.
   The original code that had the problem is crossed out and the new suggested code is shown below it, along with buttons to accept or reject the suggestions.

   

6. Click to accept or reject the highlighted suggested deletions and additions.

Examples of some of the PMD violations that you can fix with Agentforce for Developers include ApexSharingViolations, ApexCRUDViolations, EmptyCatchBlock, EmptyTryOrFinallyBlock, EmptyWhileStmt, and more.

By default, Code Analyzer v5 selects the recommended rules for all available engines when it runs a scan. But you can use a VS Code setting to specify a customized set of rules that you want to run based on engine name, severity level, rule name, or tags.

1. Open the VS Code Settings tab (Code > Settings > Settings) and search for Code Analyzer: Rule Selectors setting.

2. Click the User tab to change the setting globally or click Workspace to change it for just your workspace.

3. Add your rule selectors to the text box. The default value is Recommended.

   

   Here are some other sample values:

   • Recommended:Security,Recommended:Performance : Selects the recommended security and performance rules for all engines.
   • pmd:Security : Selects only the security rules for the PMD engine.
   • eslint:Recommended:ErrorProne:2 : Selects the recommended ESLint rules that also have the tag ErrorProne and a high severity level (2).

   This setting is the VS Code equivalent of the --rule-selector CLI command flag; for more information and examples, see Use CLI Commands to Analyze Your Code.

4. From the Command Palette, run Developer: Reload Window.

After you scan your code with Code Analyzer, there can be situations where you want to suppress a PMD violation that was identified. You can suppress violations on a line of code or the entire class.

To use a quick fix to suppress a PMD violation, complete these steps.

1. Hover over the identified problem.
2. In the window that opens, click Quick Fix.
3. Click Suppress all PMD violations on this line or Suppress <RuleName> on this class as needed, where <RuleName> refers to the name of the rule associated with the violation, such as ApexDoc.

After you've run a scan, you sometimes want to clear the violations that appear in your file and start again.

1. In the VS Code editor while viewing the file, right-click and select SFDX: Clear Code Analyzer Violations from Current File.
2. To clear violations in multiple files or folders, select them from the Explorer view, right-click and select SFDX: Clear Code Analyzer Violations from Selected Files or Folders.

Use VS Code settings to configure Code Analyzer to automatically scan your code when you open or save a file.

1. Open the VS Code Settings tab (Code > Settings > Settings) and search for Code Analyzer.
2. Click the User tab to change the setting globally or click Workspace to change it for just your workspace.
3. Click Code Analyzer: Analyze on Open and Code Analyzer on Save as needed.
4. From the Command Palette, run Developer: Reload Window.

ApexGuru uses AI and machine learning to detect and help you fix performance-related problems in your code. ApexGuru's automated code optimization features are directly integrated into the Code Analyzer VS Code extension. See ApexGuru Insights for more information about ApexGuru.

The feature is available to customers that have Scale Center enabled in their production environments. If you want to nominate yourself to participate in this pilot, follow this link. :::