- DarkLight
- PDF
CodeScan: Overview
CodeScan is a static code analysis tool that seamlessly integrates with the development and deployment processes of Salesforce and scans for code vulnerabilities and quality checks along the process. Besides that, to improve and enforce code standardization, it also allows you to define the quality profiles and the quality gates, which gives you the ability to enforce standards and use this tool to educate your developers.
CodeScan offers more than 700 built-in rules for security and quality along with the provision to define your own rules.
Setting Up CodeScan in AutoRABIT
If you want to integrate all the functionality included in your CodeScan license with AutoRABIT, you need to integrate CodeScan as a plugin with your AutoRABIT account. However, it does require some steps in CodeScan as well as in your AutoRABIT account to get it configured.
Step 1: Create a CodeScan Token
- Go to https://app.codescan.io.
- Click on Log In and enter your username and password.
- In the top right corner click on My Account > Security.
- Enter a token name and generate it.
- Copy the token. This token will be used while storing your credential with AutoRABIT.
Step 2: Store your CodeScan's credential in AutoRABIT
This is an initial step where your CodeScan credential such as username and password is stored in AutoRABIT.
- Log in to your AutoRABIT account.
- Hover your mouse over the Admin module and click on the Credentials tab.
- Next, click on Create Credential from the right navigation bar.
- On the next pop-up screen, give a Credential name.
- Choose the Credential Type as 'User name with Password'.
- Choose your Credential Scope
- Global: Credential can be accessed within the team
- Private: Credential for private usage
- Enter your CodeScan account's username. For password, use the copied token as mentioned in Step 1: Create a CodeScan Token
- CodeScan username instead of the email address that you use to log in to CodeScan.
- Click Save.
Step 3: Integrate CodeScan with AutoRABIT
If you're logged out from your account, log in again into AutoRABIT with your credentials.
- Go to Admin > My Account section.
- Go to the Plugins section.
- Check the CodeScan checkbox under Static Code Analysis.
- Fill in the below details:
- Enter the CodeScan hosted URL. For the CodeScan cloud version use https://app.codescan.io.
- Choose the Host Type i.e., Cloud or On-premise. For CodeScan hosted on the Cloud, you need to add the Organization Key. Your Organization key is provided at the top left of your Organization home page as circled in red below.
- Select your Credential from the dropdown.
- Click Test Connection to check if the connection has been authenticated. A success message is displayed after the authentication is completed.
- Click Save.
- Click on Save once again and you are all set with CodeScan integration.
Step 4: Setting CodeScan Global Criteria Settings
You can now set the global Quality Gate criteria to enforce the CodeScan Static code analysis tool across CI Jobs, Deployment, and gated Commits. The Quality Gate gives you a Pass or Fail rating for your project in the CodeScan tool depending on the metrics you have provided. Based on the criteria configured in AutoRABIT and matched in your CodeScan account, the process gets aborted.
- Go to Admin > My Account section.
- Next, navigate to the Validation Criteria-Static Code Analysis section.
- Select the Enable checkbox.
- Enable the CodeScan checkbox and assign the Quality Gate status for all your projects. By default, it is set to ERROR; however, you can choose the criteria of your own. If the Quality Gate matches with the status assigned to the projects on your CodeScan tool, the validation process fails and the build aborts.
- Click Save.
- Next, go to the next section i.e., Commit Validation - Approval Settings. In this section, you can allow the CodeScan tool to identify potential software quality issues before the code moves to production and abort the commit process if the Quality Gate set earlier matches the status in the CodeScan application.
- Select the checkbox: Enable criteria based Review Process
- Enable the Should pass validation criteria for Static Code Analysis checkbox, select the checkboxes below:
- CodeScan
- Auto reject commit process if the criteria are not met
- Click Save.
- Similar to CodeScan criteria globally configured in AutoRABIT for Commit operations, you can even set the same for Merge Process. Go to the next section: Merge Settings
- Select the Enable criteria-based Review Process checkbox.
- Under Should pass validation criteria for Static Code Analysis, select the CodeScan checkbox.
- Finally, click on Save.