Release Notes 22.4
  • 24 Jun 2022
  • 3 Minutes to read
  • Contributors
  • Dark
    Light

Release Notes 22.4

  • Dark
    Light

May 2022 - New Features, Enhancements, and Improvements

New Features

Added new nCino rules

The following are the "ncino-goldstandard" nCino-related rules that have been added to the current Apex/Salesforce Metadata rule sets.

Rule Description
Avoid Excess Workflow Rules per Object This rule is required as the objects which contain too many decisions, are complex and difficult to maintain
Flow Decision Limits Flows which contain too many decisions are complex and difficult to maintain. This rule will consider reducing the number of decisions or utilizing Apex.
Potential Overuse - Cross-Object Formulas This rule is required as Salesforce does not allow more than 15 cross-object formulas per object
Potential Overuse - Object Lookups This rule is required as Salesforce does not allow more than 25 lookup relationships on a single custom object
Potential Overuse - Relationship Objects This rule is required as Salesforce does not allow more than 40 relationships per object
Potential Overuse - External IDs This rule is required as Salesforce does not allow more than 5 External IDs per object
Test Class Names Should Include 'Test' This rule is required as Test classes should include the word 'Test' in their class names
Hard Coded Email Address This rule is required as to avoid hardcoded email addresses

SonarQube compatible

CodeScan self-hosted is compatible with SonarQube™ 8.9 and SonarJS 6.2+. For more information, see CodeScan Self-Hosted Downloads

Enhancements

Updated existing nCino rules

Below are the exisitng CodeScan rules key that are tagged as “ncino-goldstandard.”

Rule Key
sf:AvoidUsingHardCodedId
sf:MultipleTriggersOnObject
sf:LongMethodName
sf:LongClassName
sf:LongTriggerName
sf:VariableNamingConventions
vf:HeaderCheck
sf:UncommentedEmptyMethod
sf:UncommentedEmptyConstructor
sf:CommentRequired
sf:UnitTestContainsTooManyAsserts
sf:AvoidUsingTestIsRunningTest
sf:OnlyOneReturn
sf:UnusedLocalVariable
sf:EmptyTryBlock
sf:EmptyFinallyBlock
sf:AvoidSoqlInLoops
sfmeta:ExcessiveWorkflowsOrgWide
sfmeta:RequireDescriptionComponent
sfmeta:LimitCustomFields

Improvements

  1. Updated all third-party libraries to the most recent versions to address security, stability, and reliability issues.
  2. The CodeScan portal has been updated to include minor speed, bug fixes, and security enhancements.

Changelog

CodeScan v22.6.1

(23 June 2022)
This is a maintenance release. The following items were fixed and/or added:

  • The sf:UnusedFormalParameter rule's false positive issue has been resolved (45282)
  • Fixed an issue that prevented SonarQube 9.4.0 from functioning properly with Java 11 version.
  • The sonar-java-plugin has been updated to version 7.6.0.28201.
  • Fixed an issue for all child rule violations that happen when files are crossed (rule violation location in two different files).. This was fixed by setting the correct file location for child rule violations.
  • Fixed an issue where users were experiencing an expired token error that appeared on the master branch every time a comparison branch was analysed before it (44492).

CodeScan v22.6

(13 June 2022)
This is a maintenance release. The following items were fixed and/or added:

  • Fixed an issue that prevented the CodeScan and Azure DevOps integration from functioning as expected. The Azure DevOps plugin was updated to version 1.6.8 to overcome these issues.
  • Fixed an issue where the Field Level Security Rule displayed a false negative for the code below:
    update Security.stripInaccessible(AccessType.UPDATABLE, new List<vlocity_ins__ContactEmployment__c> { ceLst.get(0) }).getRecords();

CodeScan v22.5

(30 May 2022)
This is a maintenance release. The following items were fixed and/or added:

  • Fixed an issue that prevented the user from logging into the CodeScan instance.
  • Fixed an issue that prevented the user from creating the Salesforce project in their CodeScan instance.
  • The issue where the user were not able to create a CodeScan project using the Gitlab plugin has been resolved.
  • Fixed an issue where the codeScan rules which were not a part of active Quality Profiles were getting applied.
  • Fixed a bug where, after logging out from the CodeScan application, the user was directed to the CodeScan's Project screen rather than being asked for their login information (username and password) when they selected the Login with AuthO button.
  • Fixed an issue where the Field Level Security Rule shows false negative for the below cases:
  1. Vulnerability detection in For-each loop. for eg., for(Contact c : [SELECT Name FROM Contact])
  2. Vulnerability detection in Database method calls. for eg., Database.insert([SELECT Name FROM Contact]);
  • Migrated IntelliJPluginErrorAction web servlet to Spring MVC.

Was this article helpful?

>