Valuable resources include tools for analyzing source code.
Leverage a source code analysis tool to scan and evaluate your Salesforce code, including Apex, Visualforce, Lightning, JavaScript, and HTML5. This tool will identify any violations of best practices, inefficiencies, or security vulnerabilities, along with recommendations on how to resolve them. You can integrate the tool with your IDE, source control repository, and/or CI/CD pipeline to automate the analysis and flag any issues that require your attention. By employing these code scanning tools, you can ensure that your code meets high-quality standards.
(Note: Tools that I have personally utilized and recommend are marked with a heart)
Here are some recommended tools for source code analysis:
- Force.com Code Scanner Portal: This is a free tool provided by Salesforce in collaboration with Checkmarx. You can submit a scanning request and receive the results via email. The tool can scan up to 360,000 lines of code in any trailing 12 month period.
- Apex PMD: Apex PMD identifies common programming flaws, such as unused variables, empty catch blocks, and unnecessary object creation. It supports Salesforce Apex and Visualforce and is available as an extension in Visual Studio. The tool is free and there is a related blog post on how to use it to improve code quality.
- Codescan.io: This tool offers a choice between self-hosting or a cloud plan and includes over 500 security and quality rules for Apex, Visualforce, Lightning, and Metadata. It can integrate directly with Salesforce and popular CI/CD pipelines and can also be incorporated into the developer environment. The cost is US$ 2,800/year for 40,000 lines of code.
- Checkmarx: This tool can scan Salesforce Apex, Visualforce, JavaScript, and HTML5 code. It offers IDE and source repository integration, with a free plan that has limited features. Contact the company for pricing on paid plans.
- Clayton: Clayton scans Apex, Visualforce, Lightning, Process Builder, Flows, object definitions, and more. It can catch OWASP Top 10 vulnerabilities as well as Salesforce-specific security flaws such as CRUD and FLS violations, SOQL-injections, and more. The tool has a free plan with limited features, while paid plans start at US$ 599/month.
- Sonarsource: This tool offers static code analysis for Salesforce Apex with 56 rules. It integrates with CI/CD and Source/Version Control Systems. It is available on cloud with Sonarcloud and on-premise with Sonarqube. It is free and open source.
I hope this information is helpful for you.