AutoRABIT Knowledge Base
  • 👋Welcome to the Knowledge Base
  • Fundamentals
    • ⚡AutoRABIT Solutions
    • LearningHub
    • ℹ️FAQs
      • General User Definitions
        • ARM User Definitions
      • ARM-FAQs
        • Connection & Authentication
        • Common Errors and Resolutions
        • Deployment
        • Data Loader
        • CI Jobs
        • Retention Policy
        • nCino
      • CodeScan-FAQs
        • General
          • CodeScan Static IP Ranges
          • Difference b/w CodeScan Self-Hosted and CodeScan Cloud
          • Single Sign-On (SSO)
          • What is a Subscription Code?
          • What is a CodeScan License Key?
          • Can I use CodeScan with a proxy?
          • Not receiving email notifications
          • CodeScan Blocks, Lines, and Field Inquiries
          • How are Metric Definitions Defined?
          • What Is Cyclomatic Complexity?
          • Can I export my test results?
          • CodeScan requests read and update permissions while connecting to Bitbucket
          • SSL Certificates
          • Does SonarQube support test execution reports for pull requests?
        • CodeScan Self-Hosted Issues
          • Self-Hosted Errors and Solutions
          • Self-Hosted FAQs
          • License Errors
          • License Issues (IDE)
          • Setting the System Environment Variable
          • Setting Up CodeScan for Use with a Proxy
        • CodeScan Cloud Issues
          • Cloud Errors and Solutions
        • Common Issues and Solutions
      • Vault-FAQs
        • Vault-FAQs
        • Common Error Messages
        • Limitations
        • Unsupported Metadata Types
  • Release Notes
    • 🔁Release Notes
      • ARM Release Notes
      • CodeScan Release Notes
        • Cloud Releases
          • Release Notes 25.1
          • Release Notes 25.0
          • Release Notes 24.0
          • Prior Versions
            • Release Notes 23
              • Release Notes 23.2
              • Release Notes 23.1
            • Release Notes 22
              • Release Notes 22.8
              • Release Notes 22.7
              • Release Notes 22.4
              • Release Notes 22.3
              • Release Notes 22.2
              • Release Notes 22.1
            • Release Notes 21
              • Release Notes 21.5
              • Release Notes 21.4
            • Release Notes 4
              • Release Notes 4.5
              • Release Notes 4.4
              • Release Notes 4.3
              • Release Notes 4.2
        • Self Hosted Releases
          • Eagle Edition
            • Release Notes 25.1.0 Eagle 3.0
            • Release Notes 24.1.1 Eagle 2.0
            • Release Notes 24.1.0 Eagle
          • Tiger Edition
            • Release Notes 25.0.1 Tiger 3.0
            • Release Notes 24.0.13 Tiger 2.0
            • Release Notes 24.0.9 Tiger
          • Prior Editions
            • Release Notes 24
              • Release Notes 24.0.8
              • Release Notes 24.0.5
              • Release Notes 24.0.4
              • Release Notes 24.0.1
            • Release Notes 23.1
        • CodeScan for Government
      • nCino Release Notes
        • Release Notes 25.2
        • Release Notes 25.1
        • Release Notes 24.4
        • Release Notes 24.3
        • Release Notes 24.2
        • Release Notes 24.1
        • Release Notes 23.1
        • Release Notes 22.3
      • Vault Release Notes
        • Release Notes 25.0
        • Release Notes 24.0
        • Release Notes 23.0
        • Release Notes 22.0
        • Release Notes 21.0
      • Guard Release Notes
        • Release Notes 25.1
  • Product Guides
    • ARM
      • Getting Started
        • Signing Up with ARM
          • User Profile
        • Understanding ARM
          • What is ARM?
          • What can I do with ARM?
          • Who can use ARM?
          • ARM Supported Metadata Types
        • Navigating ARM
      • ARM Administration
        • User Management
          • User Types
          • Predefined Roles
          • Users, Roles & Permissions
          • Adding New Users
          • Assigning User Roles
          • Removing or Suspending Users
          • Exporting User Details
          • Managing User Account Settings
          • Resetting Account Passwords
          • Profiles
          • Permissions
          • Credential Manager
          • Delegating Approvals to Another User
          • Enforcing Single Sign-On (SSO)
          • Salesforce API Version
          • Changing Super Admin in ARM
        • Registration
          • Version Control Repository
            • GIT Integration
              • GIT Tag
            • SVN
            • TFS
            • Bitbucket
          • Version Control Branch
            • GIT Branch Creation
            • Creation of a TFS Branch
            • Creation of SVN Branch
          • Salesforce Org
            • Salesforce Authentication using OAuth
            • Salesforce Org Re-Authentication
          • Static Code Analysis in CI-CD
        • Subscription Management
        • Workspaces
        • Search and Substitute
        • ALM Management
      • Getting Set Up
        • Version Control Repository
          • GIT Integration
            • GIT Tag
          • SVN
          • TFS
          • Bitbucket
        • Version Control Branch
          • GIT Branch Creation
          • Creation of a TFS Branch
          • Creation of SVN Branch
        • Salesforce Org
          • Salesforce Org Management
          • Salesforce Authentication using OAuth
          • Salesforce Org Reauthentication
        • Branching Baseline
        • Static Code Analysis in CI/CD
        • Browser Support
      • ARM Features
        • Dashboard & Pipelines
          • Dashboards & Widgets
          • Pipelines
        • Webhooks
          • Configure a Webhook in Bitbucket
          • Configure a Webhook in Bitbucket Enterprise
          • Configure a Webhook in GitHub
          • Configure a Webhook in GitHub Enterprise
          • Configure a Webhook in GitLab
          • Configure a Webhook in Microsoft Azure
          • Configure a Webhook in Slack
          • Configure a Webhook in Teams
          • Configure a Webhook in Visual Studio GIT
          • Configure a webhook in Visual Studio GIT Enterprise
        • Version Control
          • Introduction to Version Control
            • Version Control Repositories Summary
            • Version Control Branch Workflow
          • Version Control Repository
          • EZ-Commits
            • How Do I Commit?
            • Commits Summary
            • Committing Individual Forms from Form Manager (RBC Metadata)
          • EZ-Merge
            • Merge Conflicts
            • Merge Requests
            • Squash and Merge
            • Git Commit History and Merge Operations Basics
          • Change Labels
            • Commit Labels
            • Release Labels
              • Selective Deployments Using Pre-Prepared Artifacts
              • Artifact Preparation and Deployment Process
            • ALM Labels
          • External Pull Request
            • Azure Cloud Authentication
            • Pull Request Support for Azure Cloud
            • External Pull Request Summary Page
          • Commit Templates
          • GIT Revert
          • Understanding Duplicate File Change Commits in Git
          • Merge Approvals
        • Data Loader
          • Single Data Loader
            • Extract Salesforce Data
            • Insert Salesforce Data
            • Update Salesforce Data
            • Upsert Salesforce Data
            • Delete Salesforce Data
            • Using Data Loader with Lookups
          • Data Loader Pro
          • Data Loader Configuration
          • Test Environment Setup
          • Validation / Workflow Rules
          • Preparing the CSV file for ARM Data Loader
        • Automation and CI
          • Create a New CI Job
            • Build a Package from Salesforce
            • Backup your project to Version Control
            • Build a package from Version Control
            • Deploy a package from a Salesforce Org
            • Deploy from Salesforce with VC backup
            • Deploy from Version Control to a Salesforce Org
            • Deploy from SFDX branch to a Salesforce Org
            • Run Test Automation Scripts
            • Install an Unlocked Package from Version Control Branch
          • Triggering Builds for your CI Job
          • CI Job History
          • CI Job List
          • Configure Callout URL
          • CI Job Rollback
          • Parallel Processor
          • Enabling GitHub Checks
          • Automate Merge When CI Builds Pass
        • Deployment
          • Monitor Deployments
          • Apex Unit Tests
          • Connecting and Syncing Salesforce Orgs
          • Creating and Deploying Changes
          • Deploying Profile and Permission Sets
          • Deployment Rollback
          • Destructive Changes
        • nCino
          • Feature Migration
            • Create a Feature Migration Template
            • Create a Feature Migration Template with Predefined nCino Objects
            • Feature Migration Summary Page
          • Feature Deployment
            • Deployment Using Feature Migration Template
            • Deployment via Template using Salesforce Org
            • Deployment Using Version Control
            • Deployment via Version Control using Salesforce Org
            • Feature Deployment Summary
          • Feature Commits
          • Feature CI Jobs
            • Running a CI Job
              • Selecting a Range of Revisions
              • Specify Baseline Revision in Continuous Integration for Version Control
              • Post Deployment Activities
              • nCino RBC Deployment Rollback
              • Exclude the OwnerID from Automapping in nCino CI jobs
              • External Unique ID Validation
              • Select External Unique ID
            • CI Job Results
            • CI Job List screen
            • nCino Webhooks
          • nCino Developer APIs
            • nCino API References
          • nCino Compare
        • Salesforce DX
          • Salesforce DX Metadata Format
          • Registering a DevHub
          • Create a Scratch Org
          • Create a Module
          • Create an Unlocked/Managed Package
          • Import an Unlocked/Managed Package
        • Reports
          • Reports Overview
          • Code Coverage Reports
          • Deployment Reports
          • Static Code Analysis
          • Audit Report
        • Environment Provisioning
          • Migration Template
            • Enable History Tracking on Objects
            • Disable History Tracking on Objects
            • Enable History Tracking on Custom Fields
            • Disable History Tracking on Custom Fields
            • Run Destructive Changes
            • Execute Anonymous Apex
            • Enable Validation Rules
            • Disable Validation Rules
            • Enable Workflow Rules
            • Disable Workflow Rules
            • Enable Flows
            • Disable Flows
            • Enable Apex Triggers
            • Disable Apex Triggers
            • Migrate Custom Settings Data
          • Unsupported Metadata Templates
            • Account Teams
              • EnableAccountTeams
              • DeleteAccount
              • DisableAccountTeams
              • NewRoleAccount
              • Reorder
              • Replace
              • SortAlphabetically
            • AddTabsinAppManager
            • ActivityButtonOverrides
            • ApexExceptionEmail
            • ComplianceBCCEmail
            • AutoNumberFields
            • Campaign Influences
              • CampaignInfluencesEnable
              • CampaignInfluencesDisable
            • Case Contact Roles
              • NewContactRoles
              • DeleteContactRoles
              • ReorderContactRoles
              • ReplaceContactRoles
            • Contact Role Templates
              • EditTeamRole
              • NewTeamRole
              • ReplaceTeamRole
            • Console Layout Assignment
              • ConsoleLayoutsAssignments
              • DeleteConsoleLayout
              • NewConsoleLayouts
            • Create Lead Mapping Rules
              • LeadMapping
            • Create Organization-Wide Email Footers
              • DeleteEmailFooters
              • EditEmailFooters
              • EmailFooters
            • Case Feed Layout
            • Create Public Groups
              • Assign Roles and Profiles to Public Groups
              • PublicGroups
            • Web to Case
            • Data Category Visibility Settings
            • Delegated Administration
              • DelegatedAdministrationNew
              • DelegatedAdministrationEdit
            • Delete Outbound Messages
            • Delete Scheduled Jobs
            • Delete Time Based Workflow
            • Disable Scheduled Reports
            • Edit Queue
            • Email to Case Settings
              • Email to Case
              • Update Email to Case
            • File Upload and Download Security
            • Fiscal Year
            • Edit Lead
            • Email Admin Settings
            • Email Relay Activation
            • Manage Email Services
              • DeleteEmailServices
              • EditEmailServices
              • NewEmailServices
            • Manage Libraries
            • Page Layout Assignment
            • Manage User Records
            • Mobile Administration
              • Mobile Dashboard Settings
              • Mobile Notifications
              • Mobile Salesforce Settings
              • Salesforce Navigation
              • Salesforce Offline
            • Multiline Layout Fields For Contract Line Items
            • Multi Line Layout Fields for Opportunity Teams
            • Territory Model Options
              • New Territory Model
              • Edit Territory Model
              • Delete Territory Model
            • Offline Briefcase Configuration
              • Offline Briefcase Configuration New
              • Offline Briefcase Configuration Edit
              • Offline Briefcase Configuration Delete
            • Opportunity Deal Alerts
              • Edit Deal Alert
              • New Deal Alert
            • Opportunity Update Reminders
              • EditReminder
            • Organization Wide Email Addresses
              • Delete
              • Edit All
              • Organization All Profile
            • Predefined Case Teams
              • DelPredefined
              • NewPredefined
              • EditAdd
              • EditRemove
              • EditName
            • Product Schedule Settings
            • Public Calendar
              • Public Calendar Delete
              • Public Calendar Edit
              • Public Calendar New
            • Public Calendars and Resources Sharing
              • Public Calendar and Resources Sharing Add
              • Public Calender and Resources Sharing Edit
              • Public Calendar and Resources Sharing Delete
            • Publish Communities
            • Quote Templates
              • Active Quote
              • Deactive Quote
              • Delete Quote
              • New Quote
            • Report Dashboards Create Manage Folders
              • Create New Dashboard Folder
              • Create New Report Folder
              • Delete Folder
              • Share Settings
            • Resource Calendar
              • Resources Calendar Delete
              • Resources Calendar Edit
              • Resources Calendar New
            • Sandbox Refresh
            • Enable Salesforce to Salesforce
            • Schedule Apex Classes Monthly
            • Schedule Apex Classes Weekly
            • Search Settings
            • Self Service Public Solutions Edit
            • Site
            • Social Accounts Contacts and Lead Settings
            • SoftPhone Layouts
              • Softphone Layout New
              • SoftPhone Layout Edit
              • SoftPhone Layout Delete
            • Solution Categories
              • Solution Category Add
              • Solution Category Edit
            • Solution Settings Edit
            • Tag Settings
            • Territory View Rules
              • Delete Territory View Rules
              • Edit Territory View Rules
              • New Territory View Rules
            • User Interface Settings
            • Update Custom Label
            • Update Url for Remote Site Settings
            • Web to Lead
              • Edit Web Lead
              • Web To Lead
      • Integration and Plugins
        • SSO
          • SSO With Microsoft Entra ID
          • SSO for OKTA
          • SSO For PingFederate
          • SSO For ADFS
          • SAML SSO (Generic IdP)
        • Active Directory
        • JIRA
        • Azure DevOps
        • OmniStudio
          • Deploying OmniStudio Components
          • OmniStudio Configuration Settings
          • Committing OmniStudio Components to a Branch
        • AccelQ
        • HashiCorp Vault
        • Provar
        • SCA for Checkmarx
          • Checkmarx One Integration
        • Apex PMD
        • CodeScan Overview
        • SonarQube
        • Jenkins
        • Visual Code Extension
          • Installing VS Code Extension
          • Configuring VS Code Extension
          • Working with VS Code Extension
        • Integrate ServiceNow with ARM
        • URL Callout Integration with Tricentis
        • ARM for Salesforce Data Cloud
      • Security Information and Event Management
        • Common Event Format (CEF) Data
        • ARM Event Type
        • Retrieval APIs
      • Developer APIs
        • Authentication
        • API Access
        • Errors
        • API References
      • On-Premises / Dedicated Instances
        • Upgrade Guides
      • Troubleshooting
        • Best Practices
          • Salesforce Deployment Best Practices
          • Version Control Best Practices
          • CI Job Configurations
          • Vlocity
          • IP Whitelist
          • How to Include Network Settings in Commit or Deployment
          • Branching Strategy & CI/CD Pipeline
          • Metadata comparison between two Salesforce Orgs
          • Working with Translations in ARM
          • Revision Range & Release Label Deployment
          • Salesforce API Version Mismatch for the CI Build and Custom Deployment
          • Prerequisite while performing a commit using AutoRABIT
          • Flows in Salesforce
        • Known Issues / Limitations
          • ARM Known Issues
          • ARM Known Limitations
          • Salesforce Known Limitations
        • How-To's
          • Configure Merge Approval
          • Check Time Stamp for Commit/Merge
          • Enable SCA Apex PMD validation criteria.
          • Create API Token
          • Create Users' Credentials
          • Configure Record Types Picklist Values
          • Configure Multi-Proxy
          • Configure Mail Server Settings
          • Notifications (Mail Server Settings)
          • Enable Delta on PermissionSets
          • Default Apex Class Configuration
          • Enable Enhanced Domains
          • Provide branch access to users
        • FAQs
    • CodeScan
      • CodeScan Overview
      • System Requirements and Installation Self-Hosted
        • Installing CodeScan Self-Hosted
      • Getting Started
        • Users, Roles and Permissions
          • User Account
          • Reset the Password
          • Adding Users to a CodeScan Cloud Organization
            • Accepting invitations to add a user to a CodeScan Organization
          • Deleting User from a CodeScan Organization
          • Member Permissions
          • IDP Group Mapping
        • Setting up a CodeScan Cloud Organization
          • About CodeScan Cloud Organizations
          • Deleting Projects and Organizations
          • Generate a Security Token
          • Finding your Organization Key
          • Finding your Project Key
          • Setting up Payment
          • Understanding branches in CodeScan Cloud
          • Understanding branches for Salesforce project
          • Understanding the New Code Tab
        • Adding Projects to CodeScan
          • Add a project to CodeScan from Salesforce
          • Add a project to CodeScan from GitHub
          • Add a Project to CodeScan from Bitbucket
          • Add a Project to CodeScan from Git
          • Add a project to CodeScan from GitLab
      • Quality Profiles
        • Setting a Default Quality Profile
        • Customizing Quality Profiles
        • Exporting CodeScan Quality Profiles
      • Quality Gates
        • Understanding Quality Gates
        • Assigning Specific Quality Gates to a Project
        • Customizing Quality Gates
      • CodeScan Rules
        • CodeScan Rule List
        • Security-Related Rules
        • Creating Custom Rules with XPath
        • Configuration for Polyfill.io Vulnerability Rules
        • Configuration for Salesforce Metadata Rules
        • Metadata Rules on CodeScan Self-Hosted
      • Issues
        • Filtering Issues in CodeScan
        • Export issues to CSV in CodeScan Cloud
        • Exporting Issues using CodeScan-Export Tool
        • About Issue Status
        • Security Hotspots
      • Report and Analysis
        • Scheduled Reports
        • Analysis Scope on CodeScan Cloud
        • Ignoring Violations
        • Importing Salesforce CLI Code Coverage
        • Housekeeping
      • CodeScan Support
        • Raise a Service Request
      • CodeScan Integration
        • Integration Requirements
        • Project Naming Conventions
        • Single Sign-On (SSO)
          • Single Sign-On with OKTA
          • Single Sign-On with Entra ID
          • Single Sign-On with ADFS
          • Single Sign-On with PingOne
        • ARM
          • CodeScan Integration with ARM
        • CodeScan SFDX Plugin
          • Run analysis locally using SFDX
          • Importing Code Coverage from SFDX projects
        • IDE Plugins
          • Installing CodeScan for VS Code
          • Installing CodeScan for IntelliJ
        • Copado
          • Copado SFDX Integration
          • Copado MDAPI Integration
        • Flosum
          • CodeScan and Flosum Integration
        • Azure DevOps
          • Scan CodeScan Cloud projects in Azure DevOps
        • GitLab
          • Integrating CodeScan in GitLab
        • Bitbucket Pipelines
          • Integrating CodeScan in Bitbucket Pipelines
          • Reattaching Bitbucket Projects
        • GitHub Actions
          • Integrating CodeScan with GitHub Actions
        • Jenkins
          • CodeScan with Windows Agents
          • CodeScan with Linux/Unix Agents
          • Use Jenkins with CodeScan Salesforce project
        • Webhooks
          • Slack integration with Zapier
    • Vault
      • Vault™ Overview
      • Getting Started
        • Registering for an Account
        • Signing In
        • Resetting your Password
        • Managing Users and Roles
        • Setting Up Multifactor Authentication in Vault
        • Managing User Sessions
        • User Profile and Permission Access for Salesforce Users
        • Transferring Admin Ownership
        • Controlling Access to the Salesforce Org
      • Configuring Vault
        • Configure Backup Environment
          • Amazon AWS S3 Storage Environment
            • Bring your own Key (BYOK) with Vault
            • IAM Role Support
          • Google Cloud Platform
          • Create an Azure Storage Account
          • Azure Blob Storage Environment
          • Microsoft Azure Blob Retention Policy
        • Licenses
        • SSO Configuration
          • SSO for OKTA
          • SSO with Microsoft Entra ID for Vault
        • Registering Salesforce Org
          • Setup backup configuration for Salesforce Org
          • Archival Configuration
          • Unique Identifier (UID)
        • Scheduled Backup List
        • Alerts & Notifications
        • Workflow/Validation Rules
        • TLS Supported
        • Creating and Configuring Proxy Servers
      • Vault Features
        • Archive
          • Archiving Your Salesforce Data
          • Parent-Child Record Archival
        • Backup
          • Start the Backup
          • Schedule a Vault Backup
          • Understanding Backup Behavior
          • Synthetic Backup
        • Compare
          • Comparing Two Backups
          • Enhanced Compare Capabilities: View, Change View, and Export Results
        • Compliance
          • GDPR - Secure and Comply
            • Right to Be Forgotten Request
          • PCI DSS
        • Replicate
          • Job Configuration
          • Job History
          • Masking Rules
        • Reporting
          • Archive Reports
          • Stale Jobs
        • Restore
          • Restoring the Metadata/Data to the Salesforce Org
        • SIEM Logs
        • Vault Connect
      • Vault Best Practices
      • Vault-FAQs
      • Knowledge Articles
        • Backup Support for Knowledge Articles
        • Restoring Knowledge Articles with Vault
        • nCino
          • Registering nCino configured Salesforce Org
          • Backup Configuration for your Salesforce Org
          • Archival Configuration for your Salesforce Org
          • Restoring nCino Features
    • Guard
      • Risk Assessment
      • Permissions Explorer
      • Change Monitoring
      • Policies
      • Integration User License
      • Data Classification
  • Resources
    • 🖥️AutoRABIT Support
    • 💬Community Forum
    • 📙Glossary
Powered by GitBook
On this page
  • CodeScan Cloud
  • Release Notes 25.0.3
  • Summary
  • Enhancements
  • Release Notes 25.0.2
  • Summary
  • New Feature
  • Enhancement
  • New Rules
  • Fixes
  • Release Notes 25.0.1
  • Summary
  • New Features
  • Enhancements
  • New Rule
  • Fixes

Was this helpful?

Edit on GitHub
Export as PDF
  1. Release Notes
  2. Release Notes
  3. CodeScan Release Notes
  4. Cloud Releases

Release Notes 25.0

Newest CodeScan Releases

PreviousRelease Notes 25.1NextRelease Notes 24.0

Last updated 2 months ago

Was this helpful?

CodeScan Cloud

Release Notes 25.0.3

Release Date: 5 March 2025

Summary

CodeScan 25.0.3 is comprised of the following 1 component:

Component details are listed in their corresponding sections within this document.

Enhancements

  1. Enhanced rule “Use System.runAs to test user permissions” to ensure that a violation should not be thrown if the variable used is within the class scope. Historically, the CodeScan rule “Use System.runAs to test user permissions” checks for the presence of System.runAs in the test methods and that a local User variable is passed. This enhancement provides an alternative for the rule by adding a parameter to ignore checks for the variable passed to the RunAs method. The implantation of this enhancement is via a parameter which defines an execution:

    • *Parameter name*: checkRunAsOnly

    • *Parameter desc*: When true, this parameter tests only if RunAs is used in the method, not the arguments passed to it.\

    Note that the parameter default is false.

We have verified that users are now able to see the violation for the following scenarios.

public void noRunAs(){
    // No RunAs will always violate
}
public void standardRunAs(){
    User newUser = new User();
    System.runAs(newUser){
        // RunAs User will never violate
    }
}
public void otherRunAs(){
    System.runAs(userFactory.createTestUser()){
        // RunAs given a method will violate when checkRunAsOnly parameter is false
    }
}

Release Notes 25.0.2

Release Date: 5 February 2025

Summary

CodeScan 25.0.2 is comprised of the following 4 components:

Component details are listed in their corresponding sections within this document.

New Feature

  1. Added “Security Hotspots” in CSV Export We have had a long-standing capability to export issues directly from the CodeScan user interface. However, there was not the ability to export Hotspots. With this new feature, we have added a new page in the CodeScan UI that allows users to directly export Hotspots. And, similar to exporting issues, this can be done at the branch or PR level.

Please note that if the Status selected is Reviewed, then the Resolution field is also added as a selectable input.

Further, to make navigation clearer and easier for users, we have renamed the existing CSV export page to “CSV Issues Export”, which is separate from the new “CSV Security Hotspots Export” page. Both pages can be opened under the “More” tab (as long as the user has the proper permissions).

Finally, we verified the following scenarios:

  • Verified that we are able to export security hotspot issues of a selected project.

  • Verified that all the required fields were included in the exported CSV with correct data.

  • Verified that the resolutions are visible only when the status Reviewed is selected.

Enhancement

  1. Enhanced rule “Avoid Classes Without Explicit Sharing" to account for interfaces Previously, CodeScan did not consider interfaces when flagging violations. As such, the rule "sf:ClassExplicitSharing" was generating a false positive when applied to interfaces, as the Sharing keyword is not allowed on interfaces in Salesforce. This issue has been remediated. We have updated the rule to exclude interfaces from its check for the Sharing keyword, ensuring accurate validation and preventing incorrect flags. We have verified the rule: "sf:ClassExplicitSharing" for the following scenarios:

    • Violation is not thrown if we use with/without sharing for classes.

    • Violation is thrown if we don’t use with/without sharing for classes.

    • Violation is not thrown for an interface class, not even when used with/without sharing.

    • Violation is thrown if we only use sharing for classes.

New Rules

There are no new rules associated with this release.

Fixes

  1. Fixed issue with “Project Search” in CSV Export (within the CodeScan UI) Recently, we added a search function to the dropdown on the CSV export page to allow users to search for the name of the project they wish to export.

Several customers reported an issue when selecting a project in the new Project Search Window.

This updated fully remediates this reported issue.

Further, we have validated the CodeScan export issue is resolved via the following scenario:

  • Users are able to select the projects in the Project Search Window (on the CSV export page) as expected.

  1. Fixed an issue with some users being unable to be converted to SAML when not assigned to a SAML org. Some users were receiving the following error:

This was occurring when a user who had previously been either an Auth0 user or an SQ native user was attempting to log in via SAML, but the user is not part of the SAML org. This was occurring because CodeScan had been operating under the assumption that the user had previously logged in to CodeScan at least one time previously.

This assumption, which triggered the issue, has been fully corrected with this fix.

Release Notes 25.0.1

Release Date: 29 January 2025

Summary

CodeScan 25.0.1 is comprised of the following 11 components:

Component details are listed in their corresponding sections within this document.

New Features

  1. Added nCino module The new nCino module contains rules that scan your metadata and directly query your Salesforce org to find issues and inconsistencies with your nCino configuration. Please note, a portion of these rules are only available for projects created with CodeScan's direct Salesforce integration due to being based on a direct query to a Salesforce Org.

  2. New nCino Specific Rules: The following nCino-related rules have been added to the existing Apex/Salesforce Metadata rule sets and are tagged as "nCino-specific."

    • Avoid Duplicates in Custom Labels: Maintaining unique labels ensures data accuracy and consistency within the nCino platform. By avoiding the creation of multiple labels with the same value, users can rely on the uniqueness of each label for categorization and analysis purposes.

    • Collateral Configuration Is Null: The Collateral Configuration Field on the Collateral Type object should not be null. This will reduce the likelihood of missing or incomplete Collateral information.

    • Duplicate LookupKeys: In the nCino Record-Based Configuration, no two records in the configuration should have duplicate LookupKeys. The LookupKey is a critical identifier for these records, and duplicates could lead to data inconsistency and errors in the system.

    • Fee Template Record Screen Section: Ensure that every Fee Template record includes a Screen Section data value. This will reduce the likelihood of missing or incomplete Fee information.

    • Field History Tracking Check: Field History Tracking is limited according to the features in your Salesforce org. By default, Field History Tracking can be used to track a maximum of 20 fields per object.

    • Null LookupKeys: In the nCino Record-Based Configuration, object records without LookupKeys will cause challenges in data management and processing.

    • Product Feature Record Does Not Exist: Ensure that for each nCino Product Object, there is a corresponding Product Feature record. Product Object records existing without an associated Product Feature record can lead to potential data inconsistencies.

    • Product Feature Sharing: Ensure each nCino Product Object record is associated with unique Product Feature records. Shared Product Feature records may lead to data inconsistencies and operational challenges.

    • nCino Custom Components with Duplicate Names: Avoid naming conflicts with existing Managed Package Components to minimize the risk of errors and conflicts within the system, ultimately enhancing system stability and reliability.

    • nCino Custom Fields with Duplicate Names: Avoid naming conflicts with existing Managed Package Fields to minimize the risk of errors and conflicts within the system, ultimately enhancing system stability and reliability.

    • nCino Data Integration User Configuration: The Data Integration user is authenticated for background jobs such as nightly batched updates of records. Configure this user’s Permission Sets correctly to ensure updates by the Data Integration User don't execute additional tasks.

    • nCino Deprecated Fields: Deprecated fields in an nCino environment are labeled with a '-D' to make the deprecation visible when configuring the environment. This rule is to identify the location when deprecated fields are used and should be addressed.

    • nCino Trigger Handler Framework: The Trigger Handler Framework removes logic from Triggers and enforces consistency across the platform. There are many ways to create a Trigger Framework/Factory; however, the nCino Managed Package can save users time and effort. By levering the nCino Trigger Framework, users can control the execution of triggers at runtime to simplify existing customizations and logic.

    • System Bypass Logic – Flows: System bypass logic is required for custom Flows. Checking for the Exclude Flows Permission Set allows the system to cease further processing of the Flow if it is found at the outset. This improves the efficiency of flow execution and reduces unnecessary processing steps.

    • System Bypass Logic – Triggers: System bypass logic is required for custom triggers. Checks for the Exclude Trigger Permission Set allow the system to cease further processing of the Trigger if it is found at the outset. This improves the efficiency of Trigger execution and reduces unnecessary processing steps.

    • System Bypass Logic - Validation Rules: System bypass logic is required for Validation Rules. Checks for the Exclude Validation Permission Set allow the system to cease further processing of the rule if it is found at the outset. This improves the efficiency of Validation Rule execution and reduces unnecessary processing steps.

Enhancements

Verified after the rule enhancement was engineered that users are able to see the violation for rule “Avoid Untrusted/Unescaped Variables in DML Query” as expected.

  1. Enhanced IDE to accept email IDs that have up to 255 characters We discovered that certain users could not use the IDE as expected. The root cause was that the CodeScan plug-in was not able to fetch their valid licenses from CodeScan because these users have an email id with more than 40 chars. This enhancement now allows the CodeScan IDE plug-in to accept email IDs with up to 255 characters.

  2. Fixed rule “Require CSRF protection on GET requests” to distinguish Visualforce page settings from Aura components Previously, this rule was flagging violations on .cmp files that are aura:component files. The guidance in the rule suggested to change the Visualforce page setting, but this is not possible on Aura components because they are not Visualforce components. This fix for the rule “Require CSRF protection on GET requests” now enables CodeScan to distinguish Visualforce page settings from Aura components.

New Rule

  1. Remote Site Settings Description Remote Site Settings should have a description of their functionality to make it easy for others to understand the purpose and functionality of the component, as it may not always be understandable from the name.

Fixes

  1. Fixed issue with CodeScan plug-ins for VS Code and IntelliJ not working after the 24.0.15 release Recently, we added a search function to the dropdown on the CSV export page to allow users to search for the name of the project they wish to export.

  2. Fixed issue with rule “Flow DML Should Not Be Called In Loops" Recently, we observed that the rule “Flow DML Should Not Be Called In Loops" throws a null pointer exception because of access of parent node without a null check. This fix corrects the issue. We verified the fix by testing and confirming that the rule now throws a violation as expected, and, additionally, we are no longer getting the null pointer exception.

  3. Fixed issue with tracking IDE usage in CodeScan UI Over the last few months, we have made several enhancements that allow admins to track IDE adoption and usage. However, we recently learned that the tokens associated with AutoRABIT ARM users were also being logged in the same report. This fix removes ARM users from the IDE user reports.

nCino Rules Activation Create a project analysis with the Salesforce Org that includes nCino objects. Select the nCino-specific built-in profile and run the project analysis. Users can choose the built-in nCino Quality Profile consisting of nCino-specific and nCino-goldstandard rules in Apex/Salesforce metadata, or Users can add nCino rules to the CodeScan Quality Profile. Users can extend existing profiles and activate more rules from Apex and Salesforce Metadata using the "nCino-specific" tag. Alternatively, they can add the rules directly to newly created Quality Profiles by selecting the "nCino-specific" tag from the Rules filter, then apply Bulk Change > Activate in > Choose a quality profile. To learn how to create a custom Quality Profile,

Enhanced rule “Avoid Untrusted/Unescaped Variables in DML Query" to account for potential SOQL injections when “queryWithBinds” is used. Historically, CodeScan has offered our “Avoid Untrusted/Unescaped Variables in DML Query” rule to inspect customer’s code and flag where there are SOQL injection possibilities. Recently, one of our customers performed a test and expected this rule to flag an issue in their code, but it did not. We determined that the rule should be enhanced for when “queryWithBinds” is used. Our engineering team utilized specifications within Salesforce documentation (specifically, ) to consider only the query for executed with queryWithBinds() for vulnerability check and violation, avoiding the other parameters such as: (Map, accessLevel) and Database.queryWithBinds (query, bindVariablesMap, accessLevel). Example:

🔁
1 Enhancement
1 New Feature
1 Enhancement
2 Fixes
3 New Features
4 Enhancements
1 New Rule
3 Fixes
see this article.
Help and Training Community
Hotspots Export
Export Dropdown
More Dropdown
CSV Export
Error Msg
List Accounts
Query Results