You are currently viewing Code Scanning Tool For Salesforce Developers

Code Scanning Tool For Salesforce Developers

Sharing is caring!

In today’s era, developers are under pressure to deliver timely and efficient project results while meeting quality and compliance standards. On the other hand, the development process needs to be streamlined to achieve greater efficiency. There is no denying the absolute fact that coding is an effort-intensive task, either it is for Salesforce or any other development platform. But do you want to know you can ensure development agility and release security in your development processes? This is where Code Scanning Tool comes into the fray.

Code Scanning Tool is an ideal tool for identifying code bugs and errors within Apex classes, Components, and Triggers. A wide range of code scanning techniques is available to help discover vulnerabilities within software before reaching the production stage. Code scanning reduces the risks and costs associated with bugs present in an application. 

What Are The Benefits Of Using a Code Scanning Tool?

  • Instantly detect bugs in your project.
  • Remove unwanted memory allocation.
  • Recognize common mistakes or tricky bugs, known as vulnerabilities.
  • Accurately finds the location where the problem is and gives you recommendations on how to fix it.

How To Setup Code Scanning Tool For Salesforce Developers?

Step 1: Manual Setup

Depending on the installers of various tools, there are many installers whose

destination folder is already set by default. However, if you leave each installer installed in different destinations, you may not find the right one. This will consequently upgrade or delay the uninstallation process. To avoid that kind of situation, create a new folder for tools under the C drive, and install various tools under that folder. In addition, each downloaded installer should be moved to a specific location before the installation is performed.

1.1 Install VS Code:

● Go to this URL

● Move the downloaded “.exe” file to the “_installer” folder.

● Specify the installation destination as written below and click “Next.”

C:\tools\Microsoft VS Code

● Install it and check all the checkboxes under the “other” option.

1.2 Install VS Code Extensions:

● Git History

● GitLens

● Output Colorizer

● Prettier

● Rainbow CSV

● ToDo Tree

● Trailing Spaces

● Live Share

● Zenkaku

● Bracket pair Colorizer

● Salesforce Extension Pack

● Codey Midnight

● Live HTML Previewer

● Path Autocomplete

1.3 Update setting.json

● Press “Ctrl +” to open the settings screen and click the JSON icon and

paste the file.

Here is Code :


“[json]”: {

“editor.defaultFormatter”: “esbenp.prettier-vscode”


“[jsonc]”: {

“editor.defaultFormatter”: “esbenp.prettier-vscode”


“[html]”: {

“editor.defaultFormatter”: “esbenp.prettier-vscode”


“[Javascript]”: {

“editor.defaultFormatter”: “esbenp.prettier-vscode”


“editor.formatOnSave”: true,

“editor.minimap.enabled”: false,

“editor.mouseWheelZoom”: true,

“editor.renderWhitespace”: “all”,

“editor.tabSize”: 2,

“editor.wordWrap”: “on”,

“explorer.confirmDelete”: false,

“extensions.ignoreRecommendations”: true,

“files.eol”: “\n”,

“files.trimTrailingMillespace”: true,

“git.autofetch”: true,

“git.confirmSync”: false,

“javascript.updateImportsOnFileMove.enabled”: “always”,

“salesforcedx-vscode-Apex.enable-semantic-errors”: false,

“salesforcedx-vscode-Apex.enable-sobject-refresh-on-startup”: false,

“”: “C:\\tools\\Zulu\\zulu-11”,

“salesforcedx-vscode-core.detectConflectsAtSync”: true,

“salesforcedx-vscode-core.push-or-deploy-on-save.enabled”: false,

“salesforcedx-vscode-core.retrieve-test-code-cover”: true,

“”: false,

“salesforcedx-vscode-core.telemetry.enabled”: false,

“salesforcedx-vscode-lightning.activationMode”: “autodetect”,

“salesforcedx-vscode-Lightning.showLightningExplorer”: true,

“terminal.integrated.rendererType”: “dom”,

“”: “C:\\windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe”,

“todo-tree.highlights.enabled”: true,

“todo-tree.tree.showScanModeButton”: false,

“todo-tree.filtering.exclusiveWorkspaces”: [“node_modules”],

“update.showReleaseNotes”: false,

“workbench.colorTheme”: “Codey Midnight”,

“workbench.startupeditor”: “newUntitledFile”


1.4 Powershell

● Start “PowerShell” from the Windows Start menu.

● Right-click on the “Windows PowerShell” and click “Run as administrator.”

● Run the following commands.

Set-ExecutionPolicy -Scope CurrentUser RemoteSigned

●[Y] to enter.

●Continue with the below command

New-Item -path $profile -type file -force

code $profile

●VS Code will open a new window, copy and paste the below code. And restart the PowerShell.

Function Prompt () {

Write-Host “”

Write-Host (Get-Date -Format “yyy. MM.dd HH:mm”) $ (Split-Path (Get-Location) -Leaf) -NoNewLine

$branch = “”

if (git branch) {

(git branch | select-string “^\*”).Tostring() | set-variable -name branch

$branch = $branch.trim() -replace “^\* \*”, “”

Write-Host “[$branch]” -ForegroundColor “Green” -NoNewLine


Write-Host “”

return “> “


Scoop: It will allow you to install various tools from CLI. We will be using for Yarn

and Git.

1. Start PowerShell and run the following command.

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force

iwr -useb | iex

2. Run the following command. If you can see the Scoop Help information, then your

installation is successful.

scoop help

3. Start PowerShell and run the following command.

scoop install git

4. Run the following command. If you can confirm the Git version, then your installation

is successful.

git –versionGIT Setup

1. Start the PowerShell, and then run the following command: (Change red

marked as per User):

git config –global [Windows User account name / Enterprise ID*1]

git config –global [Email*2]

git config –global core.quotepath False

git config –global merge.tool code

git config –global diff.tool code

git config –global core.autocrf input

git config –global core.editor code

code .gitconfig

2. VS Code opens and confirms if you can see the Git settings. Close the file

once it’s confirmed.Zulu Setup

1. Access the website of the URL below

2.Scroll down the screen, select below condition, and click “.msi”.

3. Move the downloaded “.msi” to the “_installer” folder and double-click it.

4. Right click on the “.msi” file and run it.

5. Specify the installation destination and click “Next”.


6. Click “Install” .Wait until the installation completes and Finish it.

7. Set “Environment Variables” first entry as “C:\tools\Zulu\zulu-11\bin\” in “Path”.

8. Open PowerShell, run the “java -version” command to check Zulu version.Salesforce CLI

1.Access to the following URL. When you access the URL, the download process will initiate

automatically. Please hold until the download ends.

2.Move the downloaded “.exe file” to the “_installer” folder and Right click on the

“.exe” file and select “Run as Administrator”.

3. Specify the installation destination and click “Install”.

C:\tools\Salesforce CLI

4. Wait until the installation is complete. And click “Close”.

5. Open PowerShell and run the following command. If you can confirm the

version of the Salesforce CLI, then installation is successful.

sfdx update

echo y | sfdx plugins:install sfpowerkit@2.4.13

sfdx -v

sfdx plugins –coreNode.js

1. Access the following URL and download “” in the “Latest Release”.

2.Move the downloaded “.zip file” to the “_installer” folder and unzip it.

3.Right click on the “nvm-setup.exe” file and select “Run as Administrator”.

4.Specify the installation destination as written below and click “Next>”.


5. Specify the installation destination as written below and click “Next>”.


6.Click “Install” and then “Finish”.

7.Newly start Powershell and run the below command to confirm the version:

nvm -v

nvm list available

8.Select the “LTS” value where “OLD UNSTABLE” is 0.11.15. For example “12.18.2” and note it down.

9.In this case, 12.18.2 is the target LTS version for installation. Run the following

command to install the LTS version. [User needs to change it as per their own]

nvm install 12.18.2

nvm list

nvm use 12.18.2

10.Run the following commands, and if you can confirm the version of Node.js and

npm, the installation is successful.

node -v

npm -vYarn Setup

1. Start PowerShell(*1) and run the following command.

scoop install yarn

2.Run the following command, and if you can confirm the version of Yarn, the

installation is successful.

yarn -v

Create a Working Project

1.Start new VS Code and expand the command palette “ctrl + Shift + P”.

2. Type “Create Project” in the text box and select “SFDX: Create Project with


3.Select “Standard Project templates(default)”.

4. Type the project name and press ‘Enter’.For Ex: “SampleProject”.

5. A dialog box will be displayed, which allows you to select the destination folder for


Click “Create Project”.

7. The project creation process will be executed. After the creation process, the

the structure of the folder looks like the following.

8.Open “sfdx-project.json” from your project folder and update the login URL. If it’s

Sandbox, “”.

9.Expand the Command Palette (Ctrl + Shift + P), Type “Auth” in the text box, and

select “SFDX: Authorize an Org”.10. Type alias name and press ‘Enter’. “SampleProject” is typed as an example.

11. Authentication will be initiated and The login screen of SFDC will be displayed in

the browser. Enter your Username/Password and login(authentication).

12.NOTE: When your default web browser is “Chrome”, sometimes your browser may

not start. In that case Click the “Web browser” in the Default apps list and Select

“Microsoft Edge”.

13.One can use “@SuppressWarnings in specific scenario to bypass PMD warning in

Apex Class methods. 

For example


14.Open “package.json” and update with below snippet:


“name”: “salesforce-app”,

“private”: true,

“version”: “1.0.0”,

“description”: “Salesforce App”,

“scripts”: {

“validate”: “yarn pmd && yarn eslint && yarn test”,

“validate:report”: “start .reports/pmd.html && start .reports/eslint.html”,

“validate:report:linux”: “open .reports/pmd.html && open .reports/eslint.html”,

“pmd”: “sfdx sfpowerkit:source:pmd -f summaryhtml -o .reports/pmd.html -r pmd-ruleset.xml –loglevel trace”,

“eslint”: “eslint force-app -f html -o .reports/eslint.html”,

“test”: “yarn test:unit:apex && yarn test:unit:lwc:coverage”,

“test:unit:apex”: “sfdx force:apex:test:run -r human -c -d .logs -l RunLocalTests –verbose”,

“test:unit:lwc”: “sfdx-lwc-jest”,

“test:unit:lwc:watch”: “sfdx-lwc-jest –watch”,

“test:unit:lwc:debug”: “sfdx-lwc-jest –debug”,

“test:unit:lwc:coverage”: “sfdx-lwc-jest –coverage”,

“prettier”: “prettier –write \”**/*.{cls,cmp,component,css,html,js,json,md,page,trigger,xml,yaml,yml}\””,

“prettier:aura”: “prettier –write ./force-app/main/default/aura/**/*.cmp”,

“prettier:check”: “prettier \”**/*.{component,css,cls,cmp,html,js,json,md,page,trigger,xml}\” –check –loglevel


“prettier:verify”: “prettier –list-different


“gulp”: “gulp”,

“gulp:upgrade:devDependencies”: “gulp upgradeDevDependencies”,

“gulp:scan:codeQuality”: “gulp scanCodeQuality”,

“gulp:exec:codeAnalisys”: “gulp execCodeAnalisys”,

“gulp:exec:Analisys”: “gulp runAnalisys”,

“gulp:test:EnvTest”: “gulp execSFDCEnvTest”,

“gulp:test:Report”: “gulp execTestJudge”,

“eslint:cicd”: “eslint force-app –format checkstyle –output-file .logs/eslint.xml || true”,

“pmd:cicd”: “sfdx sfpowerkit:source:pmd -f xml -o .logs/pmd.xml -r pmd-ruleset.xml,pmd-ruleset-acn.xml

–loglevel trace”


“devDependencies”: {

“@babel/cli”: “7.12.10”,

“@babel/core”: “7.12.10”,

“@babel/preset-env”: “7.12.11”,

“@babel/register”: “7.12.10”,

“@prettier/plugin-xml”: “0.12.0”,

“@salesforce/eslint-config-lwc”: “0.9.0”,

“@salesforce/eslint-plugin-aura”: “1.4.0”,

“@salesforce/sfdx-lwc-jest”: “0.10.2”,

“eslint”: “7.18.0”,

“eslint-config-prettier”: “6.15.0”,

“gulp”: “4.0.2”,

“gulp-babel”: “8.0.0”,

“gulp-shell”: “0.8.0”,

“husky”: “4.3.0”,

“jsonpath”: “1.1.0”,

“lint-staged”: “10.5.3”,

“prettier”: “2.2.1”,

“prettier-plugin-apex”: “1.7.0”,

“sfpowerkit”: “2.4.12”,

“xml2js”: “0.4.23”


“husky”: {

“hooks”: {

“pre-commit”: “lint-staged”



“lint-staged”: {

“**/*.{cls,cmp,component,css,html,js,json,md,page,trigger,xml,yaml,yml}”: [

“prettier –write”


“**/{aura|lwc}/**”: [





14.Go to VS Code terminal and run the following commands:

sfdx plugins –core

sfdx plugins:install sfpowerkit@2.4.13 (Optional)


15.Download the “pmd-ruleset.xml” file from LINK, and put it under the main Source Folder.

16. After updating rule.xml run the below commands in the terminal to scan your project:

yarn prettier

yarn validate



Code scanning tool is suitable for detecting simple and recurring issues within a code. Such a tool will automatically and efficiently reduce the tedious process of manually reviewing the codes. The code scanning tool will provide focussed findings to both code accessor and developer by delivering accurate and fast results. It will also help them find security bugs and fix the issue before entering the testing phase. 
Are you looking for the best Salesforce Consulting partner to add maximum value to your business by generating revenue? Get in touch with Cloud Analogy’s dedicated team of experts who can help you tackle your complex business challenges and get the most out of your Salesforce investment.


Sachin Arora

Scrum Master and Principal Solutions Architect
Sachin, a renowned Scrum Master and Principal Solutions Architect at Cloud Analogy, has rich experience when it comes to working on process improvement in a fast-paced environment maintaining high level of quality in all deliverables. Sachin's expertise lies in varied hardware and software environments including Cloud technologies such as Salesforce, AWS, Cloud Foundry & Google App Engine and Mobile.

Hire the best Salesforce Development Company. Choose certified Salesforce Developers from Cloud Analogy now.

Leave a Reply

× How can I help you?