Release Notes 25.0
Newest CodeScan Releases
Last updated
Was this helpful?
Newest CodeScan Releases
Last updated
Was this helpful?
Release Date: 5 February 2025
CodeScan 25.0.2 is comprised of the following 4 components:
2 Fixes
Component details are listed in their corresponding sections within this document.
Added “Security Hotspots” in CSV Export
We have had a long-standing capability to export issues directly from the CodeScan user interface. However, there was not the ability to export Hotspots.
With this new feature, we have added a new page in the CodeScan UI that allows users to directly export Hotspots. And, similar to exporting issues, this can be done at the branch or PR level.
Please note that if the Status selected is Reviewed, then the Resolution field is also added as a selectable input.
Further, to make navigation clearer and easier for users, we have renamed the existing CSV export page to “CSV Issues Export”, which is separate from the new “CSV Security Hotspots Export” page. Both pages can be opened under the “More” tab (as long as the user has the proper permissions).
Finally, we verified the following scenarios:
Verified that we are able to export security hotspot issues of a selected project
Verified that all the required fields were included in the exported CSV with correct data
Verified that the resolutions are visible only when the status Reviewed is selected
Enhanced rule “Avoid Classes Without Explicit Sharing" to account for interfaces
Previously, CodeScan did not consider interfaces when flagging violations. As such, the rule "sf:ClassExplicitSharing" was generating a false positive when applied to interfaces, as the Sharing keyword is not allowed on interfaces in Salesforce.
This issue has been remediated. We have updated the rule to exclude interfaces from its check for the Sharing keyword, ensuring accurate validation and preventing incorrect flags.
We have verified the rule: "sf:ClassExplicitSharing" for the following scenarios:
Violation is not thrown if we use with/without sharing for classes
Violation is thrown if we don’t use with/without sharing for classes
Violation is not thrown for an interface class, not even when used with/without sharing
Violation is thrown if we only use sharing for classes.
There are no new rules associated with this release.
Fixed issue with “Project Search” in CSV Export (within the CodeScan UI)
Recently, we added a search function to the dropdown on the CSV export page to allow users to search for the name of the project they wish to export.
Several customers reported an issue when selecting a project in the new Project Search Window.
This updated fully remediates this reported issue.
Further, we have validated the CodeScan export issue is resolved via the following scenario:
Users are able to select the projects in the Project Search Window (on the CSV export page) as expected.
Fixed an issue with some users being unable to be converted to SAML when not assigned to a SAML org.
Some users were receiving the following error:
This was occurring when a user who had previously been either an Auth0 user or an SQ native user was attempting to log in via SAML, but the user is not part of the SAML org. This was occurring because CodeScan had been operating under the assumption that the user had previously logged in to CodeScan at least one time previously.
This assumption, which triggered the issue, has been fully corrected with this fix.