Salesforce Code Analyzer v5 (Developer Preview)

Version 5 of Code Analyzer maintains its essential mandate: ensuring that your code adheres to best practices, allowing you to identify problems earlier in the development process. Code Analyzer continues to bring together multiple code scanners under a single, unified experience.

This feature is available as a developer preview. The feature isn’t generally available unless or until Salesforce announces its general availability in documentation or in press releases or public statements. All commands, parameters, and other features are subject to change or deprecation at any time, with or without notice. Don't implement functionality developed with these commands or tools.

We’ve rearchitected the product to make it even easier for you to use. We’ve also made it progressively more powerful, helping new users get started while providing advanced customization capabilities for more experienced users. This Dev Preview gives you a taste of the changes.

Version 5 introduces a new Salesforce CLI plugin, @salesforce/plugin-code-analyzer, which brings a set of new CLI commands in the code-analyzer topic. These commands provide the same functionality as before, such as listing available rules and running them on your code base. However, we've improved the overall experience, making the commands more intuitive and powerful. Unlike v4, the new CLI now features a single, versatile run command with a powerful rule selection mechanism that allows you to precisely choose the exact set of rules you want to run. You can even run a single rule if you want.

Configuring Code Analyzer v5 is now more straightforward and flexible than ever. We’ve provided a default configuration that works well for most users without requiring any customizations. However, if you want to modify existing rule properties, add new rules, customize engine behavior, or adjust other aspects of Code Analyzer, you can create a custom configuration file. This configuration file, code-analyzer.yml, is a single YAML-based file that’s easy to update. You can store it within your Salesforce project workspace, making it simple to apply in continuous integration and continuous delivery (CI/CD) pipelines. We're particularly proud of the new feature that allows you to assign individual tags to each rule. This feature allows you to more easily select the rules that meet your specific needs.

We've also introduced a new Regex engine that allows you to create simple regular expression-based rules inside of your Code Analyzer configuration file.

The output has dramatically improved with Code Analyzer v5. The terminal now displays more responsive real-time progress updates. You can now write results to multiple output types, and we improved the format of these outputs, including csv, xml, json, and html. Our new HTML report allows you to navigate violations more easily with search, grouping, and more.

This Developer Preview of Code Analyzer v5 comes pre-bundled with these engines:

  • PMD. This release supports only the built-in PMD rules for analyzing Apex and Visualforce code; you can't customize the rules or add new languages. The release also doesn't support the pmd-appexchange custom PMD variant.
  • ESLint
  • RetireJS
  • Regex (new for v5!)

The Regex engine is new in Code Analyzer v5. The engine uses regular expressions (regex) to search your code base for patterns. This engine is perfect for a quick initial check of your code base to search for specific text or strings. It’s also useful to search for patterns in your code comments; some engines, such as PMD, ignore comments. But it’s a blunt tool: if you need more nuance, such as finding actual coding violations, use a different engine.

The regex engine comes with built-in rules that can search your code for:

  • Trailing white space and lines that are only white space. (Rule name: NoTrailingWhitespace)
  • Minimum Salesforce API version in your Apex source files. (Rule name: AvoidOldSalesforceApiVersions)
  • Non-inclusive and biased terms, such as blacklist and master. (Rule name: AvoidTermsWithImplicitBias)

The true power of this engine comes with the ease of adding new rules of your own. If you have regular expression patterns that you want to test against your code, you can easily provide these patterns to your Code Analyzer configuration file to be automatically included as rules. You can then run these rules alongside all of the other rules that Code Analyzer offers.

See the Salesforce CLI Command Reference for online reference about the new code-analyzer commands. The online guide contains the same content as running the commands with the --help flag.