Release Notes 22.4
Last updated
Was this helpful?
Last updated
Was this helpful?
May 2022 - New Features, Enhancements, and Improvements
The following are the "ncino-goldstandard" nCino-related rules that have been added to the current Apex/Salesforce Metadata rule sets.
Avoid Excess Workflow Rules per Object
This rule is required as the objects which contain too many decisions, are complex and difficult to maintain
Flow Decision Limits
Flows which contain too many decisions are complex and difficult to maintain. This rule will consider reducing the number of decisions or utilizing Apex.
Potential Overuse - Cross-Object Formulas
This rule is required as Salesforce does not allow more than 15 cross-object formulas per object
Potential Overuse - Object Lookups
This rule is required as Salesforce does not allow more than 25 lookup relationships on a single custom object
Potential Overuse - Relationship Objects
This rule is required as Salesforce does not allow more than 40 relationships per object
Potential Overuse - External IDs
This rule is required as Salesforce does not allow more than 5 External IDs per object
Test Class Names Should Include 'Test'
This rule is required as Test classes should include the word 'Test' in their class names
Hard Coded Email Address
This rule is required as to avoid hardcoded email addresses
CodeScan self-hosted is compatible with SonarQubeâĸ 8.9 and SonarJS 6.2+. For more information, see
Below are the exisitng CodeScan rules key that are tagged as âncino-goldstandard.â
sf:AvoidUsingHardCodedId
sf:MultipleTriggersOnObject
sf:LongMethodName
sf:LongClassName
sf:LongTriggerName
sf:VariableNamingConventions
vf:HeaderCheck
sf:UncommentedEmptyMethod
sf:UncommentedEmptyConstructor
sf:CommentRequired
sf:UnitTestContainsTooManyAsserts
sf:AvoidUsingTestIsRunningTest
sf:OnlyOneReturn
sf:UnusedLocalVariable
sf:EmptyTryBlock
sf:EmptyFinallyBlock
sf:AvoidSoqlInLoops
sfmeta:ExcessiveWorkflowsOrgWide
sfmeta:RequireDescriptionComponent
sfmeta:LimitCustomFields
Updated all third-party libraries to the most recent versions to address security, stability, and reliability issues.
The CodeScan portal has been updated to include minor speed, bug fixes, and security enhancements.
(12 July 2022) This is a maintenance release. The following items were fixed and/or added:
(23 June 2022) This is a maintenance release. The following items were fixed and/or added:
Fixed an issue that prevented SonarQube 9.4.0 from functioning properly with Java 11 version.
The sonar-java-plugin has been updated to version 7.6.0.28201.
Fixed an issue for all child rule violations that happen when files are crossed (rule violation location in two different files).. This was fixed by setting the correct file location for child rule violations.
(13 June 2022) This is a maintenance release. The following items were fixed and/or added:
Fixed an issue that prevented the CodeScan and Azure DevOps integration from functioning as expected. The Azure DevOps plugin was updated to version 1.6.8 to overcome these issues.
Fixed an issue where the Field Level Security Rule displayed a false negative for the code below:
update Security.stripInaccessible(AccessType.UPDATABLE, new List<vlocity_ins__ContactEmployment__c> { ceLst.get(0) }).getRecords();
(30 May 2022) This is a maintenance release. The following items were fixed and/or added:
Fixed an issue that prevented the user from logging into the CodeScan instance.
Fixed an issue that prevented the user from creating the Salesforce project in their CodeScan instance.
The issue where the user were not able to create a CodeScan project using the Gitlab plugin has been resolved.
Fixed an issue where the codeScan rules which were not a part of active Quality Profiles were getting applied.
Fixed a bug where, after logging out from the CodeScan application, the user was directed to the CodeScan's Project screen rather than being asked for their login information (username and password) when they selected the Login with AuthO button.
Fixed an issue where the Field Level Security Rule shows false negative for the below cases:
Vulnerability detection in For-each loop. for eg., for(Contact c : [SELECT Name FROM Contact])
Vulnerability detection in Database method calls. for eg., Database.insert([SELECT Name FROM Contact]);
Migrated IntelliJPluginErrorAction web servlet to Spring MVC.
Fixed an issue where Codescan and Visual Studio Code's rule and file-type issue counts were out of sync. We have updated Codescan Visual Studio Code extension to version 1.6.9, which fixes the issue with analysing metadata files ()
Writing XPath rules based on filename on SFMeta is now supported ().
There was an issue that prevented users from editing the settings for Branches and caused an error message that said, Cannot read properties of undefined (reading "config") ().
Resolved an issue where the Project Analysis jobs were stuck in the queue and were not triggered at the scheduled time ().
Fixed an issue where the CodeScan-Visual Studio Code plugin failed to detect javascript errors even though SonarQube have identified it at the Salesforce Lightning web component ().
The sf:UnusedFormalParameter rule's false positive issue has been resolved ()
Fixed an issue where users were experiencing an expired token error that appeared on the master branch every time a comparison branch was analysed before it ().