# Run analysis locally using SFDX
This article will guide you through how to run the code analysis manually using our **CodeScan Plugin** and **Salesforce CLI**.
## Prerequisites
To run the code analysis manually using our CodeScan Plugin and Salesforce CLI, first make sure you have:
* **Salesforce CLI** installed. Click [HERE](https://developer.salesforce.com/docs/atlas.en-us.sfdx_setup.meta/sfdx_setup/sfdx_setup_install_cli.htm) to download the **Salesforce CLI** and its dependencies.
* **Java 17**
* **Node.js 20**
1. To install the **CodeScan SFDX plugin, follow these steps**:
* Use **`sfdx plugins:install sfdx-codescan-plugin`**.
* You'll be prompted that Salesforce does not sign this plugin; type **Y** to continue.
* Check the installation using sfdx plugins.
2. You're ready to run a scan once the installation is completed. To run this scan, follow these steps:
* Open **Bash CLI** like **Git Bash**, etc.
* Now, go to the folder with the project sources you want to run a scan on and enter the command as shown below:
sfdx codescan:run --token <token> --projectkey <project key>> --organization <organization key>
{% hint style="info" %}
**Note:** To find your **Project Key** and the **Organization Key**, click on the respective links below:
* [Project Key](https://knowledgebase.autorabit.com/codescan/docs/finding-your-project-key)
* [Organization Key](https://knowledgebase.autorabit.com/codescan/docs/finding-your-organization-keys)
Project keys differ from project to project as the **organization** and **project keys** are unique.
{% endhint %}
3. This will start the analysis directly on the [CodeScan cloud](https://www.codescan.io/products/cloud/).
4. To learn how to generate a **Security Token**, click [HERE](https://knowledgebase.autorabit.com/codescan/docs/generate-a-security-token).
5. If you want to run the analysis in [CodeScan Self-Hosted](https://www.codescan.io/products/self-hosted/), [CodeScan Cloud EU](https://app-eu.codescan.io/), or [CodeScan Cloud AUS](https://app-aus.codescan.io/), then make the following changes in the command:
* Add ***--server <**Server Name**>***
* Replace **Project key**
* Replace **Organization key**
* Replace **Token**
* Replace your **server name** (if applicable).
sfdx codescan:run --token <token> --projectkey <project key>> --organization <organization key> --server <Server Name>
6. To view a list of **parameters** and **flags** which you can use, run the following command: **`sfdx help codescan:run`**
USAGE:
$ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p
<string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-k, --projectkey=projectkey sonar.projectKey - the project key
to create.
-o, --organization=organization CodeScan Organization Id. Only
required when connecting to CodeScan Cloud
-p, --password=password SonarQube password (token is preferred)
-s, --server=server SonarQube server. Defaults to CodeScan Cloud
(https://app.codescan.io)
-t, --token=token SonarQube token (preferred)
-u, --username=username SonarQube username (token is preferred)
--javahome=javahome JAVA_HOME to use
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL)
[default: warn] logging level for this
command invocation
--nofail Don't fail if sonar-scanner fails
--noqualitygate Don't wait until the SonarQube background
task is finished and return the build
Quality Gate
--qgtimeout=qgtimeout Timeout in seconds to wait for
Quality Gate to complete (default 300)