Run analysis locally using SFDX
  • 20 Jan 2023
  • 1 Minute to read
  • Contributors
  • Dark
  • PDF

Run analysis locally using SFDX

  • Dark
  • PDF

Article Summary

This article will guide you through how to run the code analysis manually using our CodeScan Plugin and Salesforce CLI.

To run the code analysis manually using our CodeScan Plugin and Salesforce CLI, first make sure you have Salesforce CLI installed. Click HERE to download the Salesforce CLI and its dependencies.

  1. To install the CodeScan SFDX plugin, follow these steps:
    1. Use sfdx plugins:install sfdx-codescan-plugin.
    2. You'll be prompted that Salesforce does not sign this plugin; type Y to continue.
    3. Check the installation using sfdx plugins.
  2. You're ready to run a scan once the installation is completed. To run this scan, follow these steps:
    1. Open Bash CLI like Git Bash, etc.
    2. Now, go to the folder with the project sources you want to run a scan on and enter the command as shown below:
      sfdx codescan:run --token <token> --projectkey <project key>> --organization <organization key>
      To find your Project Key and the Organization Key, click on the respective links below:

      Project keys differ from project to project as the organization and project keys are unique.

  1. This will start the analysis directly on the CodeScan cloud.
  2. To learn how to generate a Security Token, click HERE.
  3. If you want to run the analysis in the CodeScan Self-Hosted, then make the below changes in the command:
    • Add --server <Server Name> 
    • Replace Project key
    • Replace Organization key
    • Replace Token
    • Replace your server name (if applicable).
      sfdx codescan:run --token <token> --projectkey <project key>> --organization <organization key>
  4. To view a list of parameters and flags which you can use, run the following command:  sfdx help codescan:run
    $ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p 
      <string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel 
      -k, --projectkey=projectkey                                                       sonar.projectKey - the project key
                                                                                        to create.
      -o, --organization=organization                                                   CodeScan Organization Id. Only
                                                                                        required when connecting to CodeScan
      -p, --password=password                                                           SonarQube password (token is
      -s, --server=server                                                               SonarQube server. Defaults to
                                                                                        CodeScan Cloud
      -t, --token=token                                                                 SonarQube token (preferred)
      -u, --username=username                                                           SonarQube username (token is
      --javahome=javahome                                                               JAVA_HOME to use
      --json                                                                            format output as json
      --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)  [default: warn] logging level for
                                                                                        this command invocation
      --nofail                                                                          Don't fail if sonar-scanner fails
      --noqualitygate                                                                   Don't wait until the SonarQube
                                                                                        background task is finished and
                                                                                        return the build Quality Gate
      --qgtimeout=qgtimeout                                                             Timeout in seconds to wait for
                                                                                        Quality Gate to complete (default

Was this article helpful?