CodeScan
  • 3 Minutes to read
  • Contributors
  • Dark
    Light

CodeScan

  • Dark
    Light

CodeScan: Overview

CodeScan is a static code analysis tool that seamlessly integrates with the development and deployment processes of Salesforce and scans for code vulnerabilities and quality checks along the process. Besides that and in order to improve and enforce code standardization, It also allows you to define the quality profiles and the quality gates and by this, it gives you the ability to enforce standards and use the tool to educate your developers.

CodeScan offers more than 500 rules for security and quality along with the provision to define your own rules.

Setting Up CodeScan in AutoRABIT

If you want to integrate all the functionality included in your CodeScan license with AutoRABIT, you need to integrate CodeScan as a plugin with your AutoRABIT account. However, it does require some steps in CodeScan as well as in your AutoRABIT account to get it configured.

Step 1: Create a CodeScan Token

  1. Go to https://app.codescan.io.
  2. Click on Log In and enter your username and password.
  3. In the top right corner click on My Account > Security.
  4. Enter a token name and generate it.
  5. Copy the token. This token will be used while storing your credential with AutoRABIT. 

Step 2: Store your CodeScan's credential in AutoRABIT

This is an initial step where your CodeScan credential such as username and password is stored in AutoRABIT.

  1. Log in to your AutoRABIT account.
  2. Hover your mouse over the Admin module and click on the Credentials tab.
  3. Next, click on Create Credential from the right navigation bar.
  4. On the next pop-up screen, give a Credential name.
  5. Choose the Credential Type as 'User name with Password'.
  6. Choose your Credential Scope
    • Global: Credential can be accessed within the team
    •  Private: Credential for private usage 
  7. Enter your CodeScan account's username. For password, use the copied token as mentioned in Step 1: Create a CodeScan Token
  8. CodeScan username instead of the email address that you use to log in to CodeScan.
  9. Click Save.

Step 3: Integrate CodeScan with AutoRABIT

If you're logged out from your account, log in again into AutoRABIT with your credentials.

  1. Go to Admin > My Account section.
  2. Go to the Plugins section.
  3. Check the CodeScan/Lint checkbox under Static Code Analysis.
  4. Fill in the below details:
    1. Enter the CodeScan hosted URL. For the CodeScan cloud version use https://app.codescan.io
    2. Choose the Host Type i.e., Cloud or On-premise. For CodeScan hosted on Cloud, you need to add the Organization Key. Your Organization key is provided at the top left of your Organization home page as circled in red below.
    3. Select your Credential from the drop-down.
    4. Click Test Connection to check if the connection has been authenticated or not. A success message is displayed after the authentication is completed.
    5. Click Save.
  5. Click on Save once again and you are all set with CodeScan integration.

Step 4: Setting CodeScan Global Criteria Settings 

You can now set the global Quality Gate criteria to enforce the CodeScan Static code analysis tool across CI Jobs, Deployment, and gated Commits. The Quality Gate gives you a Pass or Fail rating for your project in the CodeScan tool depending on the metrics you have provided. Based on the criteria configured in AutoRABIT and if it matches in your CodeScan account, the process gets aborted.

  1. Go to Admin > My Account section.
  2. Next, navigate to the Validation Criteria-Static Code Analysis section.
  3. Select the Enable checkbox.
  4. Enable the CodeScan checkbox and assign the Quality Gate status for all your projects. By default, it is set to ERROR, however, you can choose the criteria of your own. If the Quality Gate matches with the status assigned to the projects on your CodeScan tool, the validation process gets failed and the build aborts.
  5. Click Save.
  6. Next, go to the next section i.e., Commit Validation - Approval Settings. In this section, you can allow the CodeScan tool to identifying potential software quality issues before the code moves to production and abort the commit process if the Quality Gate set earlier matches with the status in the CodeScan application.
  7. Select the checkbox: Enable criteria based Review Process 
  8. Enable the Should pass validation criteria for Static Code Analysis checkbox, select the below checkboxes:
    • CodeScan
    • Auto reject commit process if the criteria are not met
  9. Click Save.
  10. Similar to CodeScan criteria globally configured in AutoRABIT for Commit operation, you can even set the same for Merge Process. Go to the next section: Merge Settings
  11. Select the Enable criteria-based Review Process checkbox.
  12. Under Should pass validation criteria for Static Code Analysis, select the CodeScan checkbox.
  13. Finally, click on Save.

What's Next