Run analysis locally using SFDX
This article will guide you through how to run the code analysis manually using our CodeScan Plugin and Salesforce CLI.
Prerequisites
To run the code analysis manually using our CodeScan Plugin and Salesforce CLI, first make sure you have:
Salesforce CLI installed. Click HERE to download the Salesforce CLI and its dependencies.
Java 17
Node.js 20
To install the CodeScan SFDX plugin, follow these steps:
Use
sfdx plugins:install sfdx-codescan-plugin
.You'll be prompted that Salesforce does not sign this plugin; type Y to continue.
Check the installation using sfdx plugins.
You're ready to run a scan once the installation is completed. To run this scan, follow these steps:
Open Bash CLI like Git Bash, etc.
Now, go to the folder with the project sources you want to run a scan on and enter the command as shown below:
sfdx codescan:run --token <token> --projectkey <project key>> --organization <organization key>
This will start the analysis directly on the CodeScan cloud.
To learn how to generate a Security Token, click HERE.
If you want to run the analysis in CodeScan Self-Hosted, CodeScan Cloud EU, or CodeScan Cloud AUS, then make the following changes in the command:
Add --server <Server Name>
Replace Project key
Replace Organization key
Replace Token
Replace your server name (if applicable).
sfdx codescan:run --token <token> --project key <project key>> --organization <organization key> --server <Server Name>
To view a list of parameters and flags which you can use, run the following command:
sfdx help codescan:run
USAGE: $ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p <string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL] OPTIONS -k, --projectkey=projectkey sonar.projectKey - the project key to create. -o, --organization=organization CodeScan Organization Id. Only required when connecting to CodeScan Cloud -p, --password=password SonarQube password (token is preferred) -s, --server=server SonarQube server. Defaults to CodeScan Cloud (https://app.codescan.io) -t, --token=token SonarQube token (preferred) -u, --username=username SonarQube username (token is preferred) --javahome=javahome JAVA_HOME to use --json format output as json --loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for this command invocation --nofail Don't fail if sonar-scanner fails --noqualitygate Don't wait until the SonarQube background task is finished and return the build Quality Gate --qgtimeout=qgtimeout Timeout in seconds to wait for Quality Gate to complete (default 300)
Last updated
Was this helpful?