Configuration for Salesforce Metadata Rules

Learning Objectives:

After reading this guide, you'll be able to:

  • Create a custom Salesforce metadata Quality Profile

  • Add Salesforce metadata types for a Salesforce Org analysis

  • Add Salesforce metadata suffixes/extension for the analysis

Create a Custom Salesforce Quality Profile

This article explains how to enable the Salesforce Metadata rules in the CodeScan Cloud environment.

  1. Login to your CodeScan account.

  2. Click on the Quality Profiles on your main organization page and then click on Create button.

    Create Quality Profiles

  3. Create a new rule by selecting the language as Salesforce Metadata and name your new profile. You can choose the Parent rule as an optional.

    Create New Quality Profile

  4. Once you create the new quality profile, you will be navigated to a new page where you need to click on Activate More button on the left.

    Activate More

  5. Now, make sure on your left side of the page where you see the name of the rule you created; it is marked as inactive.

    Inactive

  6. Make sure that you activate the four rules referenced below by clicking on the Activate button beside the rule.

    • Record Type ID is Missing

    • Object Permissions should not be permissive

    • Enforce Org Security Settings

    • Custom fields must have a description field

  7. Once activated, select the Active button under filters (beside the rule’s name).

    Active Rule

Adding Salesforce metadata types for Salesforce Org analysis

To enable downloading metadata for your Salesforce project, you will need to change some project settings. Remember that the following will only work with code being pulled from Salesforce.

If you are using a git repository or any other method of scanning, please skip to the next step.

  1. Once you are done with the activation of the custom rule, go to the project with the rules you wish to run the analysis, and click on Project Settings > General settings.

    General Settings

  2. Click the CodeScan tab on the left to open the CodeScan specific settings and access the CodeScan Cloud Download Types.

Download Types

  1. The default values are ApexClass, ApexComponent, ApexPage, ApexTrigger, AuraDefinitionBundle, and LightningComponentBundle.

  2. CodeScan is capable to analyze all metadata types supported by Metadata API of Salesforce. Refer to the Salesforce Developer API documentation to find the supported metadata types.

  3. Under CodeScan Cloud Download Types, enter the Salesforce metadata types needed for the analysis, then select the Save button.

Save

Adding Salesforce metadata suffixes/extensions for the analysis

  1. On the CodeScan section, scroll down to Scope, where you see Metadata File Suffixes.

  2. Add the suffixes for the files to analyze.

Point to Note:

Include your Salesforce metadata types for analysis under the Project Settings > General Settings > CodeScan > CodeScan Cloud Download Types section for your specific project. Later, add the relevant metadata types' suffixes/extension under the Metadata File Suffixes section.

Refer to the Salesforce Developer API documentation to find the supported metadata types and their relevant suffixes/extension.

Metadata File Suffixes

  1. Click Save.

  2. Run the analysis again by navigating to the Project Settings > Project Analysis menu and selecting the Run Manual Analysis button. If your metadata files contain issues, you will see that reflected in the issues list.

    Run Manual Analysis

Note: Make sure the line count will not show up on the line count breakdown as it is not a language. However, the issues will show up in the issues list as seen in the above figure.

Additional Support

If you are still having trouble setting up metadata rules after reading the complete documentation, please contact the support team, and we'll be happy to help.

PreviousConfiguration for Polyfill.io Vulnerability RulesNextMetadata Rules on CodeScan Self-Hosted

Last updated

Was this helpful?