AutoRABIT delivers comprehensive Salesforce DevSecOps solutions tailored for regulated industries, ensuring security, quality, and productivity in Salesforce development. Since Salesforce was built as a Customer Resource Module (CRM) rather than a development platform, AutoRABIT simplifies complex processes through automation—enabling teams to achieve more with fewer resources.

Who We Are

Founded in 2015, AutoRABIT is a global company dedicated to helping organizations regain control of their Salesforce development and implement continuous delivery of value to customers and employees.

What We Offer

AutoRABIT provides an integrated suite of DevSecOps tools to automate, secure, and optimize Salesforce development:

• Automated Release Management (ARM): Reducing the complexity of Salesforce development, deployment, and management enables teams to meet quality, security, and compliance standards with strategic automation.

• CodeScan: Performing static code analysis and applying policy management tools gives you total visibility into the health of your Salesforce environment, reduces costs, finds vulnerabilities, and decreases time to market.

• Vault: Implementing automated backup and recovery of Salesforce data, sophisticated data comparison tools, easy sandbox seeding, archiving, and comprehensive data management features ensures IT security, risk, and compliance needs are met.

Why It Matters

• Version Control: We provide seamless integration with popular version control systems, enabling efficient tracking and management of changes to your codebase.

• Automated Metadata Deployment: Our platform automates the deployment process, ensuring quick, reliable, and error-free releases.

• Data Deployment and Backup: AutoRABIT ensures the integrity and security of your data through automated data deployment, backup, and recovery solutions.

• Test Automation: We enable teams to automate their testing processes, ensuring high-quality output and faster release cycles.

• CodeScan Integration: We integrate with CodeScan for enhanced static code analysis. This allows us to conduct thorough code quality checks, detect vulnerabilities early, and ensure your code adheres to the highest standards of performance and security.

• Governance and Compliance: Our platform facilitates adherence to regulatory standards and corporate policies, ensuring smooth audits and compliance checks.

Our mission is to simplify Salesforce DevOps and enhance productivity, letting businesses focus on what they do best: deliver value to their customers. By taking the complexities out of the DevOps process, AutoRABIT helps teams accelerate their development cycles, improve quality, and drive business growth.

What is AutoRABIT?

AutoRABIT is a leading cloud-based CI/CD suite specifically tailored for Salesforce, optimizing the development lifecycle from version control and deployment to testing and sandbox management. By facilitating enhanced collaboration between Salesforce developers, admins, analysts, and release managers, AutoRABIT ensures efficient operations across multiple Salesforce orgs. In tandem with AutoRABIT, CodeScan champions Salesforce code quality by conducting thorough scans for vulnerabilities and code inconsistencies, all customizable to fit organizational standards. On the other hand, Vault revolutionizes Salesforce data management, offering robust storage solutions for vital metadata, integrating automated version control, and providing adept conflict resolution mechanisms. Together, AutoRABIT, CodeScan, and Vault form a holistic ecosystem that supercharges Salesforce development, ensuring precision, security, and excellence throughout the process.

What You'll Find

In our Knowledge Base, you will find:

• AI Search: Our AI-driven search tool helps you extract precise steps and details from our documentation. (Try it out!)

• Detailed User Guides: Step-by-step instructions to help you understand our product suite and navigate it with ease.

• How-To Tutorials: Practical guides to resolve common issues, configure settings, and maximize your productivity.

• Frequently Asked Questions (FAQs): Quick solutions and information on common queries about our products and services.

• Troubleshooting Guides: Handy resources to identify and resolve technical issues.

Looking for Something That Isn’t Here?

Want to see additional content or features on this site? Reach out to our Documentation Team with your suggestion (and a helpful link, if possible), and we’ll do our best to get it added!

Quick Links

Standard User

A Standard User is an individual authorized by the Customer to log in to and directly use AutoRABIT’s subscribed products.

Additional Notes:

• Platform Owners/Admins are included in the Standard User class, allowing customers to manage admin rights without affecting licensing terms.

• The number of licensed users represents the total unique users of the products, calculated throughout the entire course of the Subscription Term.

Platform Integration User

A Platform Integration User is an individual authorized by the Customer to commit to a Source Code Management (SCM) system, where that external commit is then used in any ARM process. This is primarily intended to represent users who interact with ARM through Git and do not have a Standard User license.

Tracking Platform Integration Users in ARM:

AutoRABIT tracks the usage of ARM as an orchestration engine through version control systems. The unique identifier used is the associated email address. Therefore, it is important that activity be linked to official customer email addresses to avoid double-counting users who may use personal email addresses.

Key Points:

• Code Commits and Licensing: Any person who commits code to an SCM system, where that commit is later used in an AutoRABIT function, requires a Platform Integration License (unless the person committing has a active AutoRABIT ARM License). This would include external commits to the SCM System.

• Service Accounts: If a service account triggers automation or integrates with AutoRABIT, the individual or team responsible for the actual code commit must still hold a Platform Integration License. This ensures that all contributors whose actions trigger AutoRABIT processes are appropriately licensed.

• Commit Count in SCM Systems: For SCM systems such as Git, multiple commits pushed simultaneously are counted separately toward the user license.

• No Web UI Login Required: A Platform Integration User does not need to log in to the AutoRABIT Web UI to be counted as a user.

• Remote Access for Standard Users: Active Standard Users can use ARM remotely without additional license requirements.

Determining the Count of Platform Integration Users

Platform Integration Users are sold in blocks of 10. This means any user meeting the criteria above who is not also a licensed Standard User will be counted. These are not “named” users; instead, users are defined by their activity within the quarter. The count is recalculated each quarter.

Calculation:

• The average high-water mark of the two highest quarters is used, rounded up to the nearest block of 10, to determine the total Platform Integration User count for the term.

• Counts reset each quarter and include both new and recurring users.

Example:

ACME Corp purchases 10 Platform Integration User licenses.

• Quarter 1: 15 users

• Quarter 2: 8 users

• Quarter 3: 17 users

• Quarter 4: 5 users

The average of the two highest quarters (15 and 17) is 16. Since licenses are sold in blocks of 10, ACME oversubscribed by 6 users and would need to purchase an additional 10 licenses.

Notes:

• The subscription model aligns with the contract start date, not the fiscal year. For example, if the contract starts in May 2025, the quarterly data points would include: Q1 (May, June, July)2025, Q2 (August, September, October) 2025, Q3 (November, December 2025, January 2026) and Q4 (February, March, April) 2026.

• Licenses are sold in blocks of 10 and always round up. If oversubscribed by 6 licenses, purchase an additional 10. If oversubscribed by 11, purchase an additional 20.

• Unique Email IDs: ARM counts users via unique email IDs retrieved from Git. If an individual uses multiple email addresses for commits, they will be counted as separate users. To prevent this, ensure best practices when using Git.

Standard User

A Standard User is an individual authorized by the Customer to log in to and fully utilize AutoRABIT’s subscribed products. Standard Users have access to all product functionalities, including the Web UI, IDE plugins, APIs, and other interfaces.

Platform Owners/Admins are included in the Standard User class, ensuring administrative rights without affecting licensing terms.

Platform Integration User

A Platform Integration User is an individual authorized by the Customer to perform actions that trigger the execution of AutoRABIT products (directly or indirectly).

This includes, but is not limited to:

• Analyzing reports or data from AutoRABIT to identify and resolve code quality, security, compliance, or system performance issues.

• Agents, bots, or systems executing actions via AutoRABIT to automate testing, deployments, or compliance checks.

• Using AutoRABIT IDE plugins

• Triggering AutoRABIT APIs

• Directly changing Salesforce org configurations

• Committing changes to a source code repository

Key Points:

• Automation (e.g., bots, agents) utilizing AutoRABIT for testing, deployment, or monitoring must be licensed appropriately.

• Any person who commits code to a Source Code Management (SCM) system, where the commit directly or indirectly triggers a job in AutoRABIT, requires a Platform Integration License.

• If a service account is used to trigger automation or integrate with AutoRABIT, the person or team responsible for the actual code commit must still hold a Platform Integration License. This ensures that each individual whose actions contribute to triggering AutoRABIT processes is appropriately licensed.

• Any code commits triggering AutoRABIT jobs, directly or indirectly, manual or automated, count toward Platform Integration Licenses.

Example: In Git, multiple commits pushed simultaneously are counted individually toward user licensing.

Platform Integration Users are included in licensing with view-only permissions.

Additional Notes:

• The number of licensed users represents the total unique users of the products throughout the Subscription Term.

How do I register GitHub repositories with two-factor authentication?

To use two-factor authentication in GitHub, create a personal access token first.

2. Register your GitHub Repository in ARM using the same token.

How do I rectify the GOLDENDOODLE vulnerability?

1. Short-term solution: Disable support for CBC encryption ciphers. Follow the procedures below to disable weak ciphers:

   • Run the following command to list the ciphers: - sshd -T | grep ciphers | perl -pe 's/,/\n/g' | sort -u

   • Edit the file - /etc/ssh/sshd_config and add what strong ciphers you want to have or place in this file as shown in the example below- Ciphers aes128-ctr,aes192-ctr,aes256-ctr

   • Now, restart your sshd service using the command:  service sshd restart

2. Long-term solution: Enable the TLS 1.3 protocol.

Why am I not able to authenticate JIRA with my account?

Make sure you are entering the JIRA API token in the Password field while registering your JIRA plugin for the first time in the ARM application.

How do I generate a new API token for JIRA?

Follow the steps below to generate a new API token for JIRA:

2. Click on Create API Token and provide the label name and click on Create.

3. Once the token is created, you will be able to see the Your new API token popup. Click on the Copy to Clipboard.

4. Use the copied token as a password for creating/updating the credential in AutoRABIT.

5. Once updated please use the same credential to authenticate the JIRA.

How can I add a repository to AutoRABIT if one already exists?

Follow the below steps to register the repository:

• Log in to your repository and click on Clone. It will give you an https and an ssh link.

• To register the repository, copy the https link and paste it into ARM.

• Make sure the repo clone you see before https isn't included in the link you paste in ARM.

• Input the URL that begins with https.

How does an SSH Key differ from an SSH Certificate?

While SSH Key-based authentication uses public key cryptography, SSH Certificate-based authentication attaches a signed certificate to each key to verify identity. By using a certificate signed by a trusted Certificate Authority, users can do away with the passwords (which are not secure, given that passwords can either be stolen or cracked via brute force) and leverage a partially automated trust-based certificate authentication process to gain access to systems.

Why am I unable to register a GitHub repository using SSH keys and getting an 'invalid private key' error?

This is because you used invalid SSH keys to register your repository. Please use the correct SSH keys and try again.

How do I validate the 'src' folder under branch settings?

When you try to create a new branch you must validate the master branch's 'src' folder path, then select the parent branch as master, and the 'src' folder path will be automatically set to the newly created branch.

Why does my account show the outdated subscription list rather than the amended count list?

Update the total subscription allotted on your account. To do so, go to the Admin > Subscriptions Management section and update the Subs. Allotted and Sub. Consumed count.

Why am I not able to assign licenses to my team member?

1. Check if your team members have additional administrator permissions. If more than one user has admin permission, this problem is more likely to occur.

2. Remove additional administrator permissions from your user's account.

Why am I not able to add more users to my account?

You're getting this because you've used up all of your membership licenses, and you won't be able to add any more users. For any discrepancies or additional licenses, please contact to your account manager or reach out to us via support.

Why am not able to assign more users to my team?

The below-highlighted Subscription button will appear only if the customer procures more than 20+ licenses to manage different Teams.

I see some plugins require keys. Is this a license issue or can we get these keys and use the Static Code Analysis feature?

You can use Apex PMD and execute SCA without having to obtain a license for it. The other plugins are third-party tools and they require the license.

What is ARM unable to initiate the auto build on commit and the GitHub pull request is failing?

1. Allow pull requests and build on commit in your VC repository.

2. To see the external pull request, switch on ARM's auto-sync option.

Why am I getting an error while registering the GitHub repository with SSH?

GitHub no longer allows new RSA keys with SHA-1 signatures. Execute the ssh-keygen -t ed25519 -C “sampath.c@autorabit.com” command in the terminal to create a new key, or contact support@autorabit.com for further assistance. Please note that you must create the new key in Linux or Unix, not in Windows. For more information, visit https://github.blog/2021-09-01-improving-git-protocol-security-github/

Why did my commit fail with errors like 'Tip of your current branch is behind' and '[rejected] Partial -> Partial (non-fast-forward)'?

To put it simply, this was caused by an expected Git behavior.

If the commit is rejected with the error message "Tip of your current branch is behind," it means that there is another commit that has already been done on top of the target branch.

Let's assume you initiated a merge, and while it is processing, someone else (another developer) performs a commit onto the target branch. This will modify the HEAD revision, and the merge that had set a HEAD revision will no longer be the latest HEAD on the target branch. After resolving the conflicts and while committing the merge, this error is displayed.

This merge process will fail, and it is not possible to Re-Push because, when compared to the latest HEAD revision, it should bring up the conflicts again, which is not possible.

You must re-perform the merge so the commit will set up the latest HEAD revision on the destination branch and process further.

How can I get rid of a malformed duplicate file in the merge?

If the Permissionset file you're trying to upload has some malformed structure, please contact our support team so we can validate using XML validator. After resolving it, you can upload the Permissionset file successfully and proceed with the merge.

I performed a commit using two fields and used that same commit to perform a merge. Why is the second field showing differently and picked up by another object?

The merge with the cherry-pick command by GIT gives you results of such Custom Fields while merging to the target branch. The same thing happened when there was a new commit. The merge process followed even before reverting the actual commit and got the same result from GIT. There is no issue with the workspaces here.

Why does my delta fail with the error 'REJECTED_NONFASTFORWARD' when trying to create a commit?

Suppose the error REJECTED_NONFASTFORWARD is thrown in your EZ-Commit; in that case, the issue is specific to your repository, and the error occurs at the GIT version control level when multiple developers try to modify a file simultaneously. If you reencounter this issue, please wait a few minutes and reattempt the commit.

Why can’t I select the Report Type for deployment?

Please go to Admin->My account-> Salesforce Settings->Included Metadata Types, and check if the Report and Report Type are included in the Salesforce Settings. If these are not included, please include them to see them during the metadata selection for deployment.

Why is the API name change showing under Deleted Components in Commit?

When there is an API name change, Salesforce considers it a new metadata API while the retrieved call occurs.

When committing such API name change components, please select the new API name, and the older one can be deleted as a destructive commit.

Now, while deploying these changes, we recommend using the Pre-destructive option to deploy the deleted one first, and then the actual API name change components get deployed.

Why can't I see any Salesforce Orgs or Version Control repositories while performing an EZ-Commit?

Salesforce Orgs are displayed on the EZ-Commit screen if an admin selects the Skip Mappings checkbox on the Profile page. Profile > My Roles > Skip Mappings

If the admin does not enable Skip Mappings, users must map their respective Version Control repository branch to their Salesforce Org: Go to Admin > Salesforce Org Mgmt > Selected Salesforce Org > Salesforce Org- Mapping, then map the respective branches individually.

To avoid this, contact your admin to select the Skip Mappings checkbox under the My Roles section on the Profile page. More information on how to map a branch to a Salesforce org is available here.

How can I commit restricted 'Profile User Permissions'?

Due to limitations from Salesforce, User Permissions set to False cannot be retrieved via Metadata API call. Hence, those changes are not displayed under the File Diff report in EZ-Commit for Profiles. This is an expected behavior. For more information on the Profile Metadata, click here.

Why are metadata members added to or removed from the package.xml during a commit, even if they are not part of the commit?

The metadata members present in the target branch are added to the package.xml, and those absent from the target branch are removed. Verify that the deleted members no longer exist and the added members are listed in the target branch of your version control repository. If the added/deleted metadata members do not match those in the target branch, contact the AutoRABIT support team at support@autorabit.com for further assistance and troubleshooting.

Why are Wave Components missing from the component list during EZ-Commit despite being listed as 'Included Metadata Types' in the Salesforce settings?

If the user who registered the SF Org in ARM has no Einstein Analytics license, Wave Components do not appear under metadata members in EZ-Commit.

Why did the Merge/Commit Prevalidation deployment fail due to the error 'Picklist not found'?

The potential causes of Picklist not found error-related Merge/Commit Prevalidation deployment failures are listed below, along with the procedures you need to follow to fix them:

• Verify the field name: Verify the API name or the label of the picklist field you're trying to reference and the spelling and capitalization of your source.

• Check the object: Verify the object you're working with has the picklist field you're looking for. Locate the proper object by going to the Object Manager in Salesforce Setup. Look for the disputed field in the Fields & Relationships section in the target org.

• Validate field-level security: Make sure the user or profile you're using can see and access the picklist field. Ensure the user has the appropriate permissions to see and update the field by checking the field-level security settings for their profile. Check the field-level security settings to ensure the user's profile has appropriate permissions to view and edit the field.

• Consider record types: If your Salesforce org utilizes record types, check to see if the picklist field is specific to a particular record type. If it is, ensure that the user or profile you're using has access to the relevant record type.

• Consider field dependencies: If the picklist field has any field dependencies or controlling fields, ensure that the controlling field values are set correctly. If the controlling field values are incorrect or incompatible, it can lead to the "picklist field not found" error.

Why are unexpected files not part of a revision picked in the merge when the revision is cherry-picked?

This is not an ARM issue but rather an expected behavior from Git. Perform the following actions outside of ARM to determine whether the issue stems from ARM or Git:

1. Take a local clone of the repository and then checkout of that branch using the command below: git checkout <Targetbranchname>

2. Cherry-pick merge the revision by executing the command in the applying merge log which is as shown below: git cherry-pick < revision > -n --strategy recursive --strategy-option ignore-cr-at-eol

3. Check the results for the modified files by running the command below: git status

Compare the results with the changes in the ARM file. If the results match the changes in the ARM file, then we can conclude that this is Git behavior. If the results do not match, contact the AutoRABIT support team at support@autorabit.com so we can assist you further.

Why am I getting an Invalid Schema error during the Merge Prevalidation Process?

This issue will occur if there are any special characters like the one below and if the string (length=7) is considered a GIT conflict (it is a GIT behavior), it will not perform the Merge.

Special Characters: '>' ; '<' ; '|' ; '='

We recommend limiting the above four special characters to fewer than 7 to avoid such problems.

For example, in the Class file, if you observe this ">>>>>>>" character string (length=7), then update it to less than 7 in the branch itself and rerun the Merge operation.

Why is my EZ-Commit revert failing with an "Invalid ID" error?

Sometimes you need to undo or reverse a single commit while working with a version control system. This is helpful if you're trying to track down a bug and discover that a single commit caused it. You can use revert commit to do this for you instead of manually going in, correcting it, and committing a new snapshot. When a user tries to reverse the EZ-Commit, it fails with an exception. The expected behavior is to revert the EZ-Commit as per the design and create a new commit.

In this scenario, the feature's proper operation requires a successful commit on the branch. Users should have the following privileges to revert commits in AutoRABIT:

1. Commit Author: User who has created the commit

2. Org Administrator and

3. Users with Revert Commits permission

Step-by-Step Guide:

Here are the steps to reproduce the scenario:

1. Create a commit from the source to the destination branch.

2. Commit some data.

3. Once the commit is successful, go to commit history, and for the commit, click on three dots.

4. Click on the revert commit option. It will create a new job for the revert.

5. This will fail with the error/exception Invalid ID.

A code fix has resolved this issue. There is a fix available in the ARM 23.1.31 build version.

Why do I get the following error: "Cannot find the declaration of element 'web:validateSalesforceOrgConnection'" when selecting an org in EZ-Merge?

The error below pops up while selecting the org for merge validation: cvc-elt.1.a: Cannot find the declaration of element 'web:validateSalesforceOrgConnection'

Cause of the issue: This may be due to a cache problem while selecting the Salesforce Org.

Resolution: Clearing the browser cache and refreshing the browser will resolve the issue.

Can I deploy/commit system permission sets to ARM?

By default, when we commit by selecting only Profile metadata, it retrieves User Permissions and IP ranges. However, it depends on what kind of system permissions you're looking for, and if it has metadata API retrieval support from Salesforce, then it is possible to commit via AutoRABIT.

What is the Rollout Plan for the 'Optimized_Workspaces' feature on the Na33 Instance?

Workspace Storage Management

• Once a feature flag is enabled, a new global workspace will be created for each repository in the "/workspaces/globalcheckouts" folder, and for commits/merges, new user workspaces will be created in "/workspaces/localcheckouts" and will be deleted after usage is completed. The existing user workspaces will remain unchanged for now; they will not be deleted immediately. Instead, they will be removed through scheduled jobs as previously done; no new migration has been added to delete workspaces. On the workspace sub-module, only the workspaces created after enabling the feature flag will be visible. Previous non-optimized workspaces will not be visible in the UI if the feature flag is active.

Rollback Plan

• If the feature flag is turned off later, the existing non-optimized workspaces will be used since they were not removed. We will continue utilizing the previous workspaces stored in the base checkout and specific user directories after syncing with the latest remote. Even when the feature flag is enabled/disabled, the retention policy will remain unaffected and will continue to operate as usual.

What does the Sync Branches button in the VC Repo's screen do?

This radio button allows you to view branches that are no longer available in your version control repositories but are still visible in the ARM application, and you can delete them from the ARM application as well.

Can I change or switch the default branch repository in AutoRABIT, since I currently have two default branches?

You can do this by first unregistering both branches and then re-registering your repository's default branch in AutoRABIT and setting the registered branch as the default branch.

Is it possible to transfer Analytics Dataset Metadata, Dashboards, and Dataflows from one Salesforce Org to another using AutoRABIT?

Yes, AutoRABIT can move Analytics Components Metadata, Dashboards, and Dataflows from one Salesforce Org to another Org and the data will be available under the Wave Components list.

When you want to deploy the Analytics data, make sure you have enabled Tableau CRM in your Source Org and assigned permissions to your user record page through the permission set.

To enable the Tableau CRM in your Salesforce Org, follow these steps:

1. Log in to your Salesforce account.

2. Go to Salesforce Setup and enter Analytics in the Quick Find / Search field.

3. Select Getting Started.

4. Click Enable Tableau CRM.

Before you enable this option, you must have a license for the Analytics platform and this permission in your AutoRABIT profile.

To learn more about how to set up the Analytics Platform, refer to: https://blog.bessereau.eu/assets/pdfs/bi_admin_guide_setup.pdf

How can I make the metadata components (ex: ReportType) available for commit and deployment?

Go to the 'My Salesforce Settings' section of the My Account page to activate the metadata components. After that, select the metadata types you want to include in the excluded metadata types.

Why am I unable to retrieve metadata components during deployment?

If you cannot retrieve the components in ARM, although the components are available in Salesforce Org, check for the Salesforce API version from which you're deploying. You can look for the Salesforce API configured for your account under Admin > My Account > My Salesforce Settings section.

Why am I unable to access my Salesforce Production org?

1. When registering your production org, double-check the credentials.

2. Create a new API token for your Salesforce organization and re-enter your credentials with the new API token.

Why does my deployment from one sandbox to another fail without errors?

This commonly occurs when the Salesforce API version in your ARM application is incorrectly configured. You must upgrade the API source flow in your Salesforce org to the most recent version and maintain the same Salesforce version in ARM. To do so, go to Admin > My Account > My Salesforce Settings and update the API version.

Why am I unable to use AutoRABIT to deploy changes made to standard Salesforce fields?

One of the prominent causes is when the standard value set is not included in the commit. The deployment validation will succeed if you include it in addition to the standard field while committing.

When it's a standard field, we recommend including the Standard Value Set and selecting metadata from the picklist option. When it's a custom field, we recommend including the custom field.

Why does my deployment not appear in the target org when I run CI Jobs in AutoRABIT?

You are unable to see your deployment in the target org if the CI job was configured with the remove system and user permissions. Run the deployment while unchecking the user permissions option to resolve the issue.

When selecting the Autodraft features to commit the changes, why are some components missing?

This usually happens if you have used the filter with the most recent modified date rather than the source org's last modified date during the EZ-Commit process.

How do I use ARM to deploy case assignment rules?

Go to the Deployment module and select the case assignment rule during the metadata retrieval process to pick the rules. Errors commonly encountered due to Salesforce issues are listed at the top of this page.

Where can I find the standard picklist values for my deployments in AutoRABIT?

You can see the standard picklist fields under standard value set metadata.

Why am I unable to deploy the profile change from the version control repo to my target sandbox using a single revision?

Select the following checkboxes after picking up the required metadata and the profile members:

• Commit Options for Profile: This option allows you to commit settings for a full profile operation.

• Commit Access Settings for selected metadata (Profiles ONLY): This allows you to perform the commit operation based on the Profiles available only for the selected metadata.

Can CI Jobs be deployed using the "Run Tests Based On Changes" option if some of the LWC components do not have test classes?

Yes, even if one of the LWC components does not have test classes, you can deploy by selecting "Run Tests Based On Changes" because the test is run on the existing test classes for the change-relevant components. Click here for more detailed information about deployment configurations.

Why are deployments based on revisions from a version control branch to my target environment failing?

This occurs when the metadata folder path in the VC repository section is not configured. This problem will not occur once the .src path has been configured. For detailed information about how to configure the VC repository, click here.

Why don't I see the Release Label I created in the dropdown when performing a New Deployment?

It could be due to one of the following reasons:

• You have created a release label in ARM version 22.2 or older.

• You did not select the Create package manifest for Deployment checkbox while creating the release label in ARM 22.3.

• You selected the Create package manifest for Deployment checkbox, but the package preparation failed.

All of these problems can be solved by going to the Release Label Summary screen and clicking on Create Artifact for the respective release label. Once this is successful, the release label will be visible on the New Deployment page.

Why did the deployment fail without any error message?

To resolve this issue, please reauthenticate the Salesforce org and perform the deployment again. If the issue continues, please contact our support team.

Why is ARM not picking the latest activated version of the record trigger flow?

If you are trying to retrieve a recently updated Flow and not getting the latest metadata in the review artifact, modify the Salesforce Metadata API selected for the flow to the latest version, then retry the metadata retrieval. This time, you should see the latest metadata of the flow.

Why is deployment on the Salesforce org through CI Job failing with an error?

Change the baseline revision under CI jobs, then perform the deployment again. This should resolve the issue.

Why did the Release Label Merge fail with an error message on validation deployment?

One of the revisions in that Release Label may have duplicate values for the Layout file, as it could not pick the delta, so the validation failed. To resolve this:

1. Turn off On Successful Mock Deployment in the merge criteria and proceed with the merge, even though you have the validation deployment failure on the layout file.

2. Then manually modify the layout file on the target branch by removing the duplicate entries and triggering the CI Job deployment.

3. We recommend the same steps to avoid duplicates if you move changes into the Prod branch.

While trying to deploy a profile from our development org to the UAT org using the Profile Manager option, why is the profile not being deployed correctly to the UAT org?

This type of issue can occur if you have a profile in your UAT org and want to deploy it to the clone org, but the profile does not exist in your target org. We recommend using the Full Profile option in the Deployment module to resolve this. Then trigger the deployment again; the profile should successfully deploy to your target org.

Why did the quick deploy fail in ARM?

Quick Deploy may have failed due to the Metadata API version. Please update the Metadata API to the latest version and then perform the deployment again.

What does the 'Ignore Missing Visibility Settings' option do, and how does it affect the Deployment?

The 'Ignore Missing Visibility Settings' option refactors the Profiles/Permissions metadata. If users enable this option, the metadata that does not exist in the target org members' access settings/permissions will be removed from the package to reduce deployment failures. The following permissions are skipped if they're missing from the destination org:

• applicationVisibilities

• classAccesses

• customMetadataTypeAccesses

• fieldPermissions

• flowAccesses

• layoutAssignments

• objectPermissions

• page accesses

• recordTypeVisibilities

• tabVisibilities

Why does the Deployment appear as 'Failed' in ARM despite being successful in Salesforce?

If a deployment was successful in Salesforce but failed in ARM, this may be a Salesforce permission issue.

Please follow the troubleshooting steps given by Salesforce to enable the Exempt from Transaction Security permission: https://issues.salesforce.com/issue/a028c00000gAwsxAAC/intermittent-transaction-security-policy-error-while-login-or-making-api-calls-to-salesforce-we-cant-complete-the-action-because-enabled-transaction

Various Deployment sources and their functionalities:

1. Deployment via Commit Label: The entire files from the most recent revision under the commit label will be packaged together. Example: The entire profile will be part of the deployment.

2. Deployment via Single Revision: The delta change of the revision will be packaged. Example: If file permissions are included in the revision, only the file permissions will be considered as part of the change.

Can I deploy standard fields throughout ARM?

Often, users who are having issues deploying HTML reports in AutoRABIT are not aware of an SFDC limitation. Unfortunately, AutoRABIT cannot deploy standard fields because they cannot be edited in Salesforce. They are restricted from the SFDC side. You can commit standard fields but cannot deploy them.

A selection of frequently asked questions about Single Sign On.

What is SSO?

SSO (Single Sign-On) is a sign-in method that allows a user to log into one application and access all of their accounts from one place.

What Identity Providers does CodeScan integrate with?

CodeScan can integrate with any Identity Provider that supports SAML 2.0. In the past, we have worked with:

• ADFS

• Microsoft Entra ID (formerly Azure AD)

• Okta

• PingOne

What happens to users who try to log in via Auth0 when SSO is enabled?

When SSO is enabled, attempting to log in via Auth0 results in the user account being locked out. When a user begins using an SSO login, they should refrain from using Auth0. Any attempt to log in using Auth0 would create a new account. Since CodeScan has a constraint requiring a unique email, the user would be unable to log in because there would be two users in the application with the same email address.

Resolution steps: Remove the user from the CodeScan platform and add them back. It necessitates engineering support from CodeScan.

Is it possible to merge SSO with Auth0?

CodeScan can combine an existing Auth0 with SSO if the user's email address matches. This ensures all user-related information, such as user permissions, groups, user tokens, and assigned issues, stays intact after switching to SSO login.

Why are a few users duplicated when SSO is enabled?

When SSO is enabled, non-Admin users who were previously using Auth0 authentication experience an issue when two users' accounts appear for a single user.

This may occur if:

• The user's Identity Provider was incorrectly configured, preventing CodeScan from receiving emails. Merging will only take place if the Email field for the SSO user is filled in.

• The SAML attribute, which the non-Admin user uses to pass the email details to CodeScan, contains a different value than the email associated with the Auth0 user account.

Resolution steps: The users need to review the SSO configuration in their Identity Provider and identify and fix the issue. They must then ask the CodeScan team to delete the users incorrectly created using SSO.

What happens to users who are logged in to CodeScan before SSO is enabled?

Users who are logged in to CodeScan before SSO is enabled will not be automatically logged out but will have to log in through the Identity Provider upon their next login.

If a user's session times out, CodeScan will direct the user back to the Identity Provider for authentication. If the user logs out of CodeScan, the user will have to log into CodeScan via the Identity Provider.

How do I add users to CodeScan after SSO is enabled?

All non-Admin users must log in using the Identity Provider after SSO is enabled. To access your CodeScan organization, new users must first be added to the Identity Provider.

Encryption

Is there any encryption for Data Loader files? We don't want our data or upload files (e.g., CSV files) to be accessible by AutoRABIT or any other party.

AutoRABIT does not encrypt CSV files. However, the EBS volumes are encrypted using AWS KMS keys.

Can a customer's own key be used to encrypt their data? Is this possible?

Currently, AutoRABIT does not support customer encryption keys for data encryption. This feature is not supported at the moment.

Data Storage

Where is the result data (including exported data) physically stored, and can it be moved to a specific location (e.g., another country)? Can we ensure this data is not stored in AutoRABIT?

AutoRABIT does not delete data in the Data Loader functionality until the customer deletes it. For example, the ap5.autorabit.com instance is hosted in an AWS Singapore data center, and the data is stored in EBS volumes with AWS KMS keys in the same region.

Error Messages

Why does my Data Loader Pro job fail with an "Invalid ID" error message when the parent object is not selected?

An Invalid ID error occurs while running the Data Loader Pro job from release 23.1.26.

This is a known issue in the Data Loader Pro module. There is an invalid ID error while not selecting the parent object and keeping as null. A fix is available in the ARM 23.1.28 build version.

The customer has a Data Loader Pro job and has two queries:

1. They had to select the ancestor object whenever they ran the Data Loader Pro job.

2. They have tried a few records with null values, and it resulted in multiple object record failure with the error message Invalid ID.

Feature Overview

Why does the record fail when trying to update with "null" values?

For this to happen, you must choose "Insert/Update with null values" while running the Data Loader Pro job.

There are instances when you do not want to include ancestor records that haven't changed. For example: If there are no changes on ancestors, then it is not required to include that Parent object in the job unless it is a Master-Detail relation.

Feature Considerations

Why does the current Data Loader setup require parent objects to be included without the Limit 0 option?

The current Data Loader setup in AutoRABIT requires parent objects to be included without the Limit 0 option for the records, causing some records to fail. A code fix has resolved this issue, available in the ARM 23.1.28 build version.

Is AutoRABIT compatible with the deployment of CPQ data?

Currently, we are supporting CPQ data deployment through Data Loader Pro only. We plan to release a beta version exclusively for CPQ deployments in the coming months.

A | C | F | G | I | J | L | N | O | P | R | S | T | U | V | W | Y

413: Status Error

Users may encounter a 413-status error in the browser console when trying to upload duplicate profile files that have been resolved after downloading from version control. This occurs when users try to download numerous files at one time. Download one profile file at a time to resolve the error.

A

Authentication Failed

This error may occur when users are selecting an ALM on the EZ-Commit screen. VPN connectivity appears to be the source of intermittent ALM connectivity issues; the ALM is incorrectly configured. To correct this issue:

• On the My Account screen, look for the ALM configuration.

• To reauthenticate your ALM configuration, click the Test Connection icon to verify your credentials.

If the steps above do not work, create a new credential and link it to your ALM account.

C

Cannot Open Git-Upload-Pack

Users may encounter this error message when trying to register the Bitbucket repository. This occurs when:

• The Bitbucket account is locked.

• When registering the Bitbucket repository, the wrong credentials were used.

• The IT/Network team has whitelisted ARM's IP address.

To resolve this issue:

• Try recreating a new credential and updating the credentials under the Admin > Credential section.

• Re-register your bitbucket repository in ARM.

F

Failed to initiate deployment. Unexpected end of JSON input.

When running a CI job, if any of the folders in the remote repository has an empty JSON file, that will cause SFDX commands to fail with an incorrect JSON error. Delete the empty JSON file(s) from the remote repository to resolve this issue and re-run the CI job.

Failed to push some refs to [remote]

This error typically happens when you try to push to a remote repository, but your local branch is behind the remote branch. You need to pull the latest changes from the remote repository before you can push your changes.

Failed to push some refs to [remote]. Updates were rejected

This error usually occurs when you try to push to a branch that has been updated by someone else. You need to fetch the latest changes from the remote repository using git fetch and then merge them into your local branch using git merge before attempting to push again.

G

GH006: Protected branch update failed for refs/heads/master. Remote: error: Cannot force-push to a protected branch.

This error may be encountered while attempting to commit changes for a production organization to the GitHub master branch. This occurred because protected branches do not allow force-pushes. Get in touch with your Administrator to turn off the protection on that branch.

GIT Push Result: RemoteRefUpdate[remoteName=refs/heads/release/CI_UAT2_Refresh, REJECTED_OTHER_REASON, 3235de0aa8e9edd83ab68d4d723c0301847caf78...9b4c80cea9e7217aa7d16486f1f30b609406c2f1, fastForward, srcRef=refs/heads/release/CI_UAT2_Refresh, message="pre-receive hook declined"] Status of the GIT Push process: REJECTED_OTHER_REASON

Multiple Branching Baseline jobs show no local modifications to commit. As a result the following error message is thrown. This occurs when one of your commit messages is missing a valid issue key:

9b4c80c: Commit From AutoRABIT [Branch Baseline] [LabelName:UAT2 Baseline]

Cross-verify the following things:

• Create a new repository link where the key should include part of the commit comment from AutoRABIT or

• Modify the existing Repository Link’s Key to align with the AutoRABIT Branching Baseline commit comment or

• Disable the Repository Link.

I

Invalid meta-xml name: lwc/xxx/xxx.css-meta.xml, should end with js-meta.xml

When a deployment fails, this error usually occurs due to behavior in the Salesforce CLI 7.83 version. When retrieving the LWC components, it retrieves .css-meta.xml rather than .js-meta.xml file, which results in the deployment failing. Try renaming the .css-meta.xml file to .js-meta.xml and running the deployment again.

J

Job too long after 1 hour of analysis

In CodeScan Cloud, the default setting for unit test timeouts is 1 hour (3600 seconds) for limited Metadata analysis. These timeouts might not be enough if your project has a lot of metadata. This is the reason behind the error message.

Increase the timeouts to avoid this problem:

1. Click Project Settings > General Settings in your Project Overview.

2. Click the CodeScan tab on the left and modify the timeout under the Unit Test Timeout once you're in General Settings.

For detailed information on how to change the timeouts, click HERE.

L

Local and remote repositories are not on the same revision

There are several possible explanations for AutoRABIT to throw an error "local and remote repo is not on same revision":

1. The local repository is out of date.

2. The branch that contains the commit was deleted, so the commit is no longer referenced.

3. Someone force-pushed the commit.

N

Not Authorized (to Merge)

This error message occurs when performing a merge when credentials are not properly mapped in ARM. Follow the steps below to resolve this issue.

1. In Azure, create a new token.

2. In ARM, go to Admin > Credential and create a new credential.

3. Re-test the connection after mapping the credential to your version control branch (in the Profile section).

If the test connection for the mapped repository and branch fails, we recommend upgrading your password and altering the credential in the credential section, then retrying the connection.

O

OAuth Authentication Failed

Users may encounter this error when trying to register a Salesforce environment in ARM. This occurs when users do not use the My Domain URL when adding the Salesforce org to ARM. To correct this error, use My Domain URL while registering a Salesforce org in ARM.

P

Permission Import Personal Contacts depends on permission(s): create account, Create Contact, Edit Account, Edit Contact

Please refer to this article, https://developer.salesforce.com/forums/?id=906F00000008lFkIAI​

Permissions Read All ServiceTerritory depends on permission(s): Read All OperatingHours

Please refer to this article: https://developer.salesforce.com/forums/?id=906F0000000AkbzIAC

Please check credentials for 'xxx' branch of 'abc' repository

Users may encounter this error when trying to connect to the Bitbucket repo, which typically relates to user permissions. If you are using the wrong file format for the package.xml, then the above error occurs. Check the permissions you have on your Bitbucket repository with the repository owner/administrator. Request permissions other users have if you don't have the needed permissions.

Pre-receive-hook declined

This error is usually returned when you have some branch restrictions set up in your repository and the commit you are trying to push does not meet the requirements of that branch restriction.

R

Refusing to update checked out branch: [branch_name]

This error occurs when you try to push to the branch you currently have checked out. To resolve this, you can either switch to a different branch or create a new branch to work on.

RPC failed; result=XXX, HTTP code = XXX

This error is often related to network issues or server misconfigurations. It can occur when pushing large files or when the Git server is experiencing problems. Checking your network connection and trying again later may resolve this error.

S

Schema is invalid

Users may encounter this error when a merge is failing for metadata members. This is due to an invalid structure. If there are any special characters like '>', '<', '|', '=', and the string(length =7), this is considered a GIT conflict (a GIT behavior), which will cause the merge to fail. To prevent this, we recommend that you limit the previously mentioned unique characters to less than seven (7).

For example, if you observe ">>>>>>>" character string(length =7) in any of the Apex Class files or any metadata member files, then update it to less than 7 in the branch itself and re-run the Merge.

Schema is invalid for the file

Users may encounter this error when trying to perform a merge due to invalid characters like (>>>, <<<) symbols used in the file. To resolve, download the merge conflict files and validate the characters present in those XML files.

SCM Authentication Failed

When a commit returns this error, it is either because:

• Version control mapped to your Salesforce org user is incorrect.

• Your user credentials are incorrectly configured in ARM.

1. Ensure your account is correctly mapped with the version control branch to reflect the commits under your name.

2. Verify your credentials in the Admin > Credential Manager section and authenticate the connection again.

src refspec [branch] does not match any

This error occurs when you try to push a branch that doesn't exist locally or has a different name. Ensure that the branch exists and that you have the correct name.

T

TF402455: Pushes to this branch are not permitted; you must use a pull request to update this branch.

This error may be encountered while attempting to commit changes for the production organization to the GitHub master branch. This is expected. When the branch is set with the branch policy, you cannot push it directly and need to create a pull request to update it. Once you remove the branch policy, you should have the ability to push changes to the master branch. Please contact the GitHub Administrator to request push permissions.

The layout Must Contain an item for the required layout field: IsnonStandard

Please refer to this article, https://developer.salesforce.com/forums/?id=906F00000008sDkIAI

This test is already in the execution queue

When generating a code coverage report for a registered Salesforce org, the test fails with this error if the Apex test execution takes a long time. Go to TAF > Apex Test Execution and clear all of the tests in the queue, then run the code coverage report through ARM again.

U

Unable to fetch Salesforce Org Users

This error may be encountered when a user tries to access the Salesforce Org in the ARM Version Control, CI Jobs, Deployment, and SFDX Modules. This may occur due to an invalid username, password, or security token, if the user is locked out, or if the Salesforce API version is incorrectly configured.

Upgrade the API source flow in your Salesforce org to the most recent version and maintain the same Salesforce version in ARM by going to Admin > My Account > My Salesforce Settings and updating the API version.

Uploaded file is not having Workflow Rules

This occur may occur when environment provisioning jobs are failing due to using the wrong file format for the package.xml file. Upload the correct package.xml file during the creation of environment provisioning jobs.

V

Validation checking fails for your repository

Users may encounter this error message when a Merge is failed. This occurs when repository credentials are expired or have been modified and not updated in ARM.

1. Navigate to Admin > VC repos, select your repository, and perform a test connection. Please verify your repository credentials are not expired or modified.

2. Re-run the CI job after you confirm that the repository connection is successful.

W

Why am I getting an error when I try to install CodeScan Sonar as a plugin in ARM?

This occurs when using an old version of CodeScan. Install the most recent version of CodeScan to avoid any installation errors.

Y

You are not authorized to push changes to the remote repository

This error occurs during the branching baseline operation when version control credentials are insufficient for pushing changes to a branch. This indicates that you have read permissions but not write permissions. After updating your permissions, re-run a new branching baseline operation.

Your branch is ahead of [remote]/[branch] by X commits

This error message indicates that your local branch has commits that haven't been pushed to the remote branch. To resolve this, you can either push your local commits using git push or discard your local commits using git reset or git stash.

Your connection is private.

If you are unable to connect to the ARM instance and get this error, it is due to cache and cookies in your system. To resolve this issue, follow the steps below.

1. On your computer, open Chrome.

2. At the top right, click More.

3. Click More tools.

4. Clear browsing data.

5. At the top, choose a time range. To delete everything, select All time.

6. Next to Cookies and other site data and Cached images and files, check the boxes.

7. Click Clear data.

8. Now, log in to your instances using the new browser tab.

What are the benefits of using Quick Deploy?

When you run a validation deployment through ARM, it will pre-run all unit tests. The Quick Deploy option then allows you to skip those tests in the final production release, knowing they passed previously. Using the Quick Deploy option reduces the amount of time the Production org is locked.

When Is the Quick Deploy option available in a CI Job?

Quick deployments are available when the following requirements are met:

• The components have been successfully validated for the target environment.

• As part of the validation, Apex tests in the target org have passed.

• Code coverage requirements are met.

• If all tests in the org or all local tests are run, overall code coverage is at least 75%, and Apex triggers have some coverage.

• If specific tests are run with the Run specified tests test level, each class and trigger that was deployed is covered by at least 75% individually.

• The "Prevent Deployment" checkbox is NOT selected in the CI Job setting.

Why am I getting a popup saying, "Not Eligible for Quick Deploy," after selecting Quick Deploy in the CI Job?

This error will occur when the "Prevent Deployment" checkbox is enabled in the CI Job setting. Deselect the checkbox, then proceed with the Quick Deploy.

Why am I not receiving email notifications for all CI jobs that AutoRABIT has initiated?

You might have exceeded the maximum number of recipients; the maximum number of recipients should not exceed 50. Remove some of the recipients from the mail notification list and run the CI job again; you should now receive email notifications.

Why is it taking longer to build CI jobs triggered on PR submission as compared to CI jobs triggered on Commit?

Build on Commit Job: When a user creates a CI job on one branch, for example, Integration, if any Commits are made on that branch on the remote, we will only perform the Pull (Delta changes) and then prepare the Package. This is why the build time is shorter.

Build on PR Submission: When a CI job is created on the base branch, for example, Integration, if the developer works on the Feature 1 branch and creates the Pull Request (PR) on the Integration branch, then the job gets triggered in ARM. The branch will switch to the Feature 1 branch, take the clone of the entire branch, prepare the changes between the two branches, and then switch back to the master branch when the job is completed. This is why the build time is longer for PR jobs.

Why is my CI job failing with the error ‘HTTP ERROR 405 Problem accessing /services/Soap/m/55.0. Reason: Only POST allowed’?

The authentication for your destination org may have expired. Please Re-authenticate your target Salesforce org. Once this is done successfully, please Edit and resave the CI job, then retrigger it.

Why are the FLS changes in the CI job reflected in the diff file but not in the sandbox?

This usually happens if the Ignore missing visibility checkbox is selected in CI Jobs. Another possibility is that the field in question is unavailable in the destination org where the FLS was deployed. Please contact our support team to determine the root cause and assist you further.

Why am I unable to push components from a branch to an org in a CI Job? What is the ‘Maximum size of request reached’ error?

How do User Credentials impact different types of CI Jobs?

Listed below are the different types of CI Jobs and their corresponding credential usage:

Forced/Manually Triggered Build:

The CI job process will consider the triggered User Credential, which is mapped with the respective Repo and Branch in the My Profile section. If the credentials are invalid/expired, authentication fails and an error message is displayed upon build initiation. To resolve this issue, the user initiating the build must update the credentials in My Profile and perform a Test Connection. If it is successful, reinitiate the CI Job

Build on Commit and Scheduled CI Job:

The CI Job process will consider the last modifying user's credentials, which are mapped with the respective Repo and Branch in the My Profile section. If the credentials are invalid/expired, the CI Job build fails and authentication error message is displayed in the CI Job Build log. To resolve this issue, the user who last modified the CI Job must update the credentials in My Profile and perform a Test Connection. If it is successful, the job will be executed in the next cycle.

CI Job Build Initiated From API:

The CI Job process will consider the Token user credential, which is mapped with the respective Repo and Branch in the My Profile section. If the credentials are invalid/expired, the CI Job build fails and an authentication error message is displayed in the CI Job Build log. To resolve this issue, user generating the token must update the credentials in My Profile and perform a Test Connection. If it is successful, the job will be executed in the next cycle.

Why is CI Jobs deploying a metadata type I deselected in the "Exclude Metadata Types" section?

If you have deselected a metadata type but it is still being deployed in CI jobs, then it could be because of a different name. Please verify that the folderName committed in Git is correct for the metadata. This should resolve the issue. If it doesn’t, contact our support team for further analysis.

Why is a CI job for production deployment running random test classes, even though there are no Apex classes in the build, causing the deployments to fail?

You might have selected the option to Include default Apex tests for run test based on changes under Admin-->Salesforce settings, so even though there are no classes present in the package, it's still running default classes for code coverage. This is an expected behavior.

Why am I getting an error while trying to access CI job builds more than 3 months old?

The reason you are unable to get the details of specific builds older than 3 months is due to ARM’s Retention Policy. There are some details which are archived and become unretrievable.

You can change the retention period to 6 months or 12 months from the Admin section of your ARM account.

Why is a CI job failing with an error during validation?

The deployment may fail if it does not detect the metadata root folder path ‘src.’ Please update the Branch settings and then re-save the CI Job.

You can then perform a Merge Request to trigger the CI job and validate the deployment.

How do I include destructive changes in a CI job?

The "File Changes" tab shows that the Quick Actions metadata type is deleted. Why isn’t this reflected in the Destructive Changes tab or the package xml?

This may be a GIT behavior where the QuickAction metadata members are added and deleted again. As per GIT behavior, when it has to generate the delta between From and To revisions, in the case of a conflict, it skips such files from package preparation.

There is no Git logic under File Diff because it simply displays what was added/modified/deleted for better UI visibility to understand the changes and be reviewed.

You can work around this by updating the baseline revision CI job and using Single Revision in the Deployment module.

Why am I getting the "License is not valid" error when trying to use CodeScan as the analysis tool while running a CI job in ARM?

Why am I not getting a package for the CI Job?

Packages will only be displayed in CI jobs if created or imported through our application's SFDX -> Packages module. This ensures that we accurately track packages and their versions.

To create or import the package, refer to the following articles:

Why am I receiving the error message: Cannot invoke "String.startsWith(String)"?

This occurs when the return value of "com.autorabit.entity.admin.UserProject.getProjectType()" is null. A fix has been incorporated in the ARM 23.1.24 release. Reference support ticket # 109042.

Can I update or remove picklist values with my CI Job?

Since Salesforce does not retrieve deleted/deactivated picklist values in a metadata API call, replacing the picklist values via BackUp to VersionControl CI Job is impossible. However, a best practice in replacing the Picklist values is using the EZ-Commit module.

This configuration for RecordType PicklistValues option only works in the EZ-Commit module. If picklist values need to be replaced, use this approach.

()How can I view my organization-related support tickets in AutoRABIT?

To view your support ticket and its status, follow the steps below:

1. Log in to your ARM instance.

2. At the top of the page, navigate to Quick Links > Help Center. You'll be redirected to the ARM Support Dashboard page.

3. Navigate to Teams Queue under Tickets.

Now you will be able to view your org-related tickets here.

()Why am I unable to log in to my ARM account?

If you're having trouble logging into your AutoRABIT account, here are some things you can try.

1. The account is not created: Please check with AutoRABIT admin for creating a new account

3. Check if your account subscription has expired or your account is disabled: If your AutoRABIT account has been disabled, you'll see a message saying your account is disabled when you try to log in.

4. If you get the following error “getAttribute: Session already invalidated", try clearing your browser cache.

5. Restriction of your IP address: Verify with your network team internally and verify if there are any issues or restrictions for your IP address from the network side.

()Why did I not receive the email to reset my account password?

If you requested a new password but didn't receive your password reset email, then:

1. Check the spam or junk email folder in your email accounts linked to your AutoRABIT account.

2. Try to reset your password again.

()What factors should I consider when modifying or resetting my account password?

Password Requirements:

1. MUST contain at least 10 characters (12+ recommended)

2. MUST contain at least one uppercase letter (A-Z)

3. MUST contain at least one lowercase letter (a-z)

4. MUST contain at least one number (0-9)

5. MUST contain at least one special character (such as !, %, @, <, >, # and so on)

6. MUST NOT contain an email address, first, middle or last name, or commonly used passwords

7. MUST NOT be one of the 5 previously used passwords

()How often do I have to change my password for the ARM application?

()Why am I unable to register my Salesforce Org using an OAuth connection?

1. Verify in the user Salesforce Org if the AutoRABIT Connected App is “Blocked” and unblock it.

2. Verify in user Salesforce Org if there are any specific permissions set for the Connected App.

3. Verify whether the redirect URL, client ID, and the secret key in oauth.properties file (path: .rabit/org/oauth.properties) are valid.

If the user is on a proxy-enabled server and receives an error such as "Username may not be null", the proxy credentials must be validated. If the proxy username is set to "null", the above error will occur.

()How will I track all the support tickets that I have created in ARM?

View all your support tickets via Quick Links > Help Center from the ARM application which redirects to the Support portal page where you can see the list of open cases created by you or by your team.

()Which version of TLS does ARM run?

ARM runs on TLS 1.2, therefore when Salesforce disables TLS 1.0, it has no effect on ARM.

()What rules do I need to obey when naming identifiers for all of the labels in the ARM application?

There are some rules you have to follow for naming identifiers:

• Must contain at least 3 characters (5+ recommended)

• Uppercase letter (A-Z) is allowed

• Lowercase letter (a-z) is allowed

• Number (0-9) is allowed

• Special characters (- and ,) are allowed.

()What is the primary reason for restricting special characters when naming identifiers?

It is done to restrict XML injections and prevent XML file corruption.

()What browsers does ARM support?

ARM works best in the two most recent versions of these browsers:

• Chrome

• Edge

• Firefox

• Safari

()Why am I unable to log in to ARM using the Chrome browser?

1. Try logging in to your account using Chrome incognito mode.

2. Clear the Chrome browser cache.

3. If cleaning the cache does not help, try a different browser (Firefox) and see if the problem persists.

4. If the problem is solely with Chrome, reinstall it.

()Given the shift in IP ranges, is it possible to migrate from one AutoRABIT instance to another?

()Why am I able to see some users who are deleted in AutoRABIT?

1. The deleted user's credential exists in AutoRABIT: Go to Admin > Credential Manager and type in the username that exists. You should find a record if it is still there.

()Why do my users not have access to all the features available in ARM?

1. Your users may not have the authority to access the modules that they are looking for; nevertheless, users with administrator privileges only will have access to certain features. To see the user's available roles in AutoRABIT, go to the Admin > Roles section.

2. For the necessary permissions, contact your Org Admin.

()Is it feasible to update the repository URL without having to re-register the repository in ARM?

Why am I getting a Credential Name error while trying to Save Mappings?

If you're a sub-user and get an error message Credential with name: "qa private token cred" for this UserEmail does not have permission to save mapping while saving Org Mapping, then the admin must re-register the repository credentials and make the credentials Public. The sub-user must then use the newly registered credentials.

Why am I unable to create branching baselines for UAT and new SIT and getting an error while trying to create a new branch from VC Repo's?

Depending on the error, the credentials may have expired. Check the repository credentials and then Test Connection in ARM. Then retrigger the branching baseline. Please contact our support team if the problem continues.

Why is my Test Connection in ARM failing even after re-authenticating the credentials?

If you have already re-authenticated, but the issue is still unresolved, it may not be a credential issue. Please contact our support team so we can whitelist the domain from our end with the SRO team. Once this is whitelisted on our end, you must also whitelist the Instance IPs on your network side.

How can I remove the previous Super Admin from ARM and assign access to myself?

How many Super Admins are allowed? Can I assign a backup Super Admin?

I have refreshed one of our branches by using the Branching Baseline option. The process was successful, but why is there no Revision Number created?

How can I get access to the AutoRABIT LearningHub?

Is there a way to change an existing user’s email address without deleting the user?

As of now, you cannot simply change the email address of an existing user, either active or inactive. Your Admin must delete the user, then the user can create a new account with the desired email address.

Why is my On-Prem ARM Test Server not working even after I have restarted the server and also restarted the processes?

If there is a problem with the Test Server instance, we do suggest you restart it. However, please restart the services first and then restart the server. This should resolve the issue.

AutoRABIT displays unwanted changes and removes picklist options from branches when deploying changes to RecordTypes picklistValues.

If you have selected the below configuration for recordTypes picklistValues under Admin > Salesforce settings > Configuration for recordTypes picklistValues, then it will replace all picklist values with new picklist values.

replaceall

Solution: Select the Append button so that instead of overriding the entire record type picklist values, it adds to the existing picklist values.

Why can’t my colleague with Deployment Manager, Developer, and Pull Request Reviewer roles Approve/Reject Merge and EZ-Commits?

Please edit the role assigned to the user and ensure that the below-mentioned special permissions are enabled for that role:

1. Gated check-ins approver

2. EZ-Merge approver.

We’re switching from an on-premises GitHub account to the Cloud version of GitHub. I created the GitHub cloud account and tried setting up the cloud connection in ARM, but the system gave me an error.

Once the GitHub cloud account is created, you should be able to set it up with ARM as well. If you’re facing any issues, it is possible that the repository might still be migrating. If so, you are unable to register the repository during that time. But after migration is complete, you should be able to register the repository in ARM.

Why can't we see the Diff when a Commit is created, but we can see a Diff during the process of Commit?

Using the Compare Changes option, you can file the Diff before performing a Commit.

Why is the Branching Baseline job status in ARM showing as hanged for more than 24 hours?

Usually, the metadata retrieval would fail due to timeout. Please rerun the baseline and reduce the batch size. If this doesn’t resolve the issue, contact the AutoRABIT support team, and we should be able to assist further after inspecting the logs.

Why can’t I see the Pull Request Plugins dropdown and the Enable Pull Request Support checkbox in the Admin VC Repo page when the repository is registered with SSH?

Pull requests are currently not supported for repositories authenticated via SSH protocol. However, an HTTPS-based connection via username and personal access token is supported.

()Why can’t I see the User Management section anymore to add a user like I could before?

The User Permissions and Roles in your organization may have been rearranged. Please contact your Admin and they should be able to grant you the necessary permissions again.

Why am I getting an error when trying to register a Bitbucket repo?

Please check your credentials because your Bitbucket account username is different than your email address. Once you have confirmed your username, try to register the repository, and then test to see whether branch creation was successful.

A CodeScan license key is provided for CodeScan Self-Hosted customers upon the purchase or renewal of a CodeScan license.

The key is provided in the form of a string of characters to use when Installing CodeScan Self-Hosted or downloading CodeScan plugins (in the absence of a Subscription Key).

If you do not know your License Key or have misplaced it, please contact your Customer Success Manager or support@autorabit.com

Overview

CodeScan has static IPs available for its shared EU, AUS and US servers.

If you are in the EU region:

If you are in the US region:

If you are in the AUS region:

Most of the differences between CodeScan Cloud and Self Hosted lie in the integration types and scanning options available.

On CodeScan Cloud, all scanning are done from the GUI. The tool integrates with your version control/Salesforce orgs to pull the metadata and scan it on our server.

On Self-hosted, the metadata collection and scanning are completed by an external scanner and pushed to the SonarQube™ dashboard. This can be accomplished with AutoRABIT's ARM, CodeScan’s Salesforce CLI plugin or SonarQube™’s own SonarScanner.

Your edition of SonarQube™ also limits the features. SonarQube™ provides a free and open-source version and multiple tiers of paid versions. Please ensure that the version you choose to use has the features you need.

Platform API endpoints are very similar but are also subject to the version and the edition of SonarQube™ you are using.

Record-Based Migration error use case

Description: The user was deploying nCino records using the nCino standard template from the source environment to the destination environment.

Problem Statements:

1. ARM not picking up the Parent route look up value on the Route group object, thereby resulting in empty parent routes in the destination org.

2. Blank lookup fields that were recently updated from not null to null are not being updated by ARM.

Resolution:

1. The parent object must also be included in the deployment for the child object's lookup fields' values to be updated.

2. Deploying both Route and Route Group objects while choosing the "Insert/update with null values" option will update the Parent Route lookup field with a null value.

Other Queries:

a. How exactly does ARM go about retrieving datasets?

Preparing object sets (from child to parent) that reflect relationships between the chosen objects is the first step in the dataset retrieval process. Next, pull the data of the object on which the filter is applied (entry object). After then, ARM begins processing sets object by object, starting with the object sets that contain the entry object.

b. Why is the nForce_Route_c object auto-selected on the Record Configuration screen?

c. To pull all required data from parent and child objects, why apply a filter on the child object?

In this current scenario, when Route and Route Group are selected, as per our process, we don prepare object sets first, and below are the object sets prepared. Group object is automatically picked since Route Group has a Master-detail relationship with Group.

Object Set 1: nFORCE__Route_Group__c, nFORCE__Route__c

Object Set 2: nFORCE__Route_Group__c, nFORCE__Group__c

• What if the filter is applied on Route Group?

  First, we pull data from Route Group based on the filter, and then as per the set-1, we will pull relations of Route with the help of the below query.

  Select nFORCE__Route__c,nFORCE__Parent_Route__c from nFORCE__Route_Group__c where Id is (route group id's based on filter applied) Next, if self-references exist on Route, we do retrieve those relations. In the same way, we do process set-2.

• What if the filter is applied on Route?

  First, we pull data from Route based on the filter, and then as per the set-1, we will pull relations of Route Group with the help of the below queries.

  Select Id from nFORCE__Route_Group__c where nFORCE__Parent_Route__c in (route id's based on filter applied) Select Id from nFORCE__Route_Group__c where nFORCE__Route__c in (route id's based on filter applied) Next, if self-references exist on Route Group, we do retrieve those relations. In the same way, we do process set-2.

In the second case, if Route Group has any other Route via the nFORCE__Parent_Route__c field other than the route that is picked as a part of the query applied, that will not be considered. But in case one, we do consider data from both nFORCE__Route__c and nFORCE__Parent_Route__c fields.

So, in the case of custom configuration, the best practice is to apply a filter on the child object. Exceptional Scenario: Now, I would like to highlight here one more exceptional case where you need to have a look at considering the entry object when the below objects are part of your customized scenario. No matter whether it is parent relation or child relation, as per the nCino design, data for the objects on the right side have to be pulled only based on objects on the left side. So when your scenario includes any of the below object pairs, the filter has to be applied on left-side objects.

How to send custom label translations from one nCino environment to another

To select the language translations and for you to view them in the list, they need to be enabled under your source salesforce org first. Follow the below steps to perform the translation deployments:

• Under source Salesforce org, go to Setup > Translation Workbench > Translation Language Settings and enable the appropriate language.

• Once enabled, go to ARM and try to retrieve the components under Translations. You will observe the languages populated.

• Create a new deployment by selecting the custom object translations, its relevant languages under translations, and the custom object. Your target environment should have custom label translations now.

Please refer to the article: Working with Translation in ARM for more detailed information.

Conditional rendering references in the 'Screen' sections are not included when using the nCino standard UI template

The views and the self-references screens sections were not picked up during the feature deployment using the nCino standard UI migration template. This is our top priority, and our development team is working hard to remedy the problem as quickly as possible. After running the nCino UI migration template, please run the Screen UI template to pick up all the missing components as a workaround.

What Is Cyclomatic Complexity?

Cyclomatic complexity in CodeScan is calculated by the number of decision points in a method (like if, while, for, and case statements), plus one for the method entry. A higher cyclomatic complexity indicates more decision points, making the code harder to read, maintain, and test.

Complexity Levels:

• 1-4 (Low Complexity): Simple methods, easy to understand and maintain.

• 5-7 (Moderate Complexity): Acceptable but should be monitored.

• 8-10 (High Complexity): Consider refactoring to simplify.

• 11+ (Very High Complexity): Strongly recommended to refactor.

Significance of Report Level (default 10):

The report-level parameter in tools that analyze cyclomatic complexity flags methods with a complexity of 10 or higher for further inspection. This helps identify methods that might need refactoring due to their complexity.

How Is Cyclomatic Complexity Calculated?

For example, the method below would have a cyclomatic complexity of 5.

public void newMethod() {
     for(Integer i = 0; i < 100; i++){
      if (a == b && b == c){
        doStuff();
      } else if(a != b) {
        doOtherStuff();
      }
     }
   }

This counts:

• The entry to the method

• The entry to the for loop

• The if statement and the first conditional

• The second conditional in the if statement

• The elseif statement

This does not include:

• else statements

• when else in switch statements

The cyclomatic complexity for a class will be the average complexity between all methods in that class.

How Do I Reduce Cyclomatic Complexity?

• Break Down Methods: Split complex methods into smaller, more focused functions.

• Use Helper Methods: Extract repetitive logic into separate methods.

• Simplify Conditionals: Refactor nested if statements into simpler, sequential checks.

• Use Switch Statements: For multiple conditions, switch statements can streamline the logic.

Following these guidelines will help you write cleaner, more maintainable, and less error-prone Apex code.

What is a data retention policy?

Data retention policies dictate what data should be stored or archived, where that should happen, and for how long. Historical data that becomes irrelevant after a certain period will be cleared from the ARM database weekly. This way, the ARM application performs faster, primary storage remains uncluttered, and at the same time, the organization remains compliant.

How can I change the data retention policy?

Administrators can determine the age of still-relevant data for the company and then change the retention policy under the Admin > My Account > Retention Policy page.

Can the data retention policy be disabled?

No, Administrators cannot disable the data retention policy. Data retention policies greatly enhance data scan performance by removing outdated and duplicated data.

How can I access the data that has been cleared?

To access any historical data that has already been cleaned up, contact us at support@autorabit.com, and we will provide the data in a CSV file format.

For on-premises customers, the historic data is moved to the alt path in the .rabit folder (.rabit/dataretention/{org-name}).

Can the cleared data be restored to the application?

No. Deleted data cannot be restored to ARM under any circumstances.

Data from which pages are affected by this policy?

The following pages have historic data that is affected by the retention policy:

• Deployment history

• CI Job history

• Org Sync history

• EZ-Commits

  • EZ-Commits history

  • Prevalidation commits history

  • Reverted commits history

  • Merges history

  • Prevalidation merge history

• Merge Requests history

• External Pull Requests page

• Branching baseline page

• Change Labels page

  • Commit Labels

  • Release Labels

  • ALM Labels

I did not select the period for data retention. Will I lose everything?

You will not lose data if you do not manually set the retention period. The retention period is set to 12 months by default. When ARM version 22.3 is released, data older than 12 months is cleaned up. If you did not alter the settings, you will still have access to up to 12 months of old data.

What if I decrease the retention period from 12 months to 3 or 6 months?

If you decrease the retention period from 12 months to 3 or 6 months, then at the time of the next cleanup, data older than 3 or 6 months (whichever you have selected) will be cleaned up from the application, and the rest will be retained.

What if I increase the retention period from 3 to 6 months or 6 to 12 months?

If you increase the retention period from 3 months to 6 or 12 months, then data from the last 3 months will remain as it is, but data older than that will not be restored. Instead, for the next 3 or 9 months, no data will be deleted when the cleanup happens. For example: If your retention period is set as three months, and you change it to 6 months on 1 April, then data from 1 January to 31 March is already retained. From 1 April to 30 June, the cleanup will still happen weekly as scheduled, but no data will be deleted because nothing is older than six months. After the 30 June, some data will be more than six months old. This six-month-old data will be deleted at the next cleanup.

Similarly, if you change it from 6 months to 12 months, the above logic applies, i.e., no data will be deleted during cleanup for the next six months until the oldest data is 12 months or more.

A subscription code is an identifier for your CodeScan self-hosted license. It is a way to share download access with the necessary resources without providing your full CodeScan License Key.

When downloading CodeScan plugins, you are required to fill in the below details:

• Enter your name

• Enter your email address

• Enter the subscription code or, your CodeScan license key

• Accept the CodeScan Terms of Service

After completing these steps, click on Request License to begin with the plugin download.

If you do not have your license key or subscription code, please contact support@autorabit.com.

Problem Statement: My team member assigned me issues for a project, yet I have not received any email notifications from CodeScan.

Probable Cause:

1. Verify the notifications feature is turned on for any new issues in your profile.

1. If you log in to CodeScan through SSO, ensure the following:

   • Email attributes are configured in SAML configuration.

   • If SAML username attribute contains email as a value, email security tools may block the notifications.

Key point to note related to CodeScan Notification issue

• A notification is never sent to the author of the event.

• The developer will not be notified about their own issues. It's only the assignee who gets notified and not the author.

• If the author of a pull request manually assigns the issue to themselves, no email notification is received.

• The author/developer can look at their respective issues from the CodeScan UI.

• You can export issues in the CSV format for all the projects and monitor the issues (https://knowledgebase.autorabit.com/codescan/docs/exporting-issues-in-codescan-cloud) **

CodeScan is based on SonarQube™, an open-source reporting platform for coding languages. The metric definitions used for some of our rules including those based on complexity and duplication have been pre-defined by SonarQube™.

To learn more about the different metric definitions, please see the SonarQube Documentation - Metric Definitions.

Yes, it just takes a small amount of configuration. You can find a short guide to setting it up by clicking here.

CodeScan requests read and update permissions while establishing a connection with Bitbucket.

To stop the pull request from being merged if the Quality Gate fails, CodeScan requires the edit repository permission. CodeScan will not modify any of the customer code, but it can prohibit customers from making changes.

Webhook is required to start analysis immediately, every time a pull request is sent or a commit is posted directly to a branch.

What is a 'Block' of Code in CodeScan?

A 'block' in CodeScan refers to a defined segment of code that can be scanned in one operation. Specifically, a block consists of up to 40,000 lines of code. This metric is used to quantify and manage the code analysis process effectively.

How is a 'Line' of Code Defined in CodeScan?

In CodeScan, a 'line' of code is defined as any physical line in the codebase that contains at least one non-whitespace character and is not part of a comment. This definition ensures a consistent and accurate measurement of the actual code being analyzed, excluding whitespaces and comments.

How are Lines Counted in Queries with Multiple Fields?

When analyzing code containing queries with multiple fields, each field placed on a separate line is counted individually. For instance, if a query is structured with five fields, each on its own line, this will be counted as five lines in total. This granularity helps in providing a precise assessment of the code structure and volume.

What Is the Difference Between a Line and a Line of Code?

CodeScan has two ways of counting the "Lines" in a project.

1. Lines

2. Lines of Code

The Lines of Code may not increase in a project, but the number of Lines may increase due to the addition of the Profiles and Permission Sets to the Salesforce project.

XML settings count as lines but not as Code. To see this, you can use a custom view in the activity graph: https://app.codescan.io/project/activity?custom_metrics=duplicated_lines_density%2Clines%2Cncloc&graph=custom&id=NDR-Main

Are Empty Lines or Lines with Only Whitespace Included in the Line Count?

No, lines that consist solely of whitespace or are part of comments are not included in the line count in CodeScan.

What Blocks of Code are Billable?

Only non-commented lines of code for Apex, Aura Lightning, and VisualForce languages are billable. JavaScript, HTML, CSS, and Salesforce Metadata languages are not considered.

Yes, you can. You can use our .CSV export tools to export to a .CSV file.

To export results for CodeScan Cloud or CodeScan Self-Hosted, you can use our npm tool. Click here to find out more.

You can use our CSV plugin if you want a self-hosted GUI tool. See below for details.

Installation

1. First, download the .CSV export plugin from here. It’s available as a ready-to-go .JAR file or an archive of source code (.ZIP and .TAR.GZ) .

2. Copy the .JAR file into your SonarQube™ plugins folder at "(your SonarQube™ directory)/extensions/plugins/".

   • Start your SonarQube™ server and run a scan on one or more projects. When the scan is finished, click on the More drop-down menu at the top of the screen. Click on CSV Issue Export and you’ll be given a list of filters and all projects currently in SonarQube™.

   • Choose the filters you require and click the project name to download the .CSV report for that project with the selected filters. Open the file with a spreadsheet editor to view your project's issues.

How is the SSL Certificate validity enforced?

The SSL certificate validity is set by CodeScan; however, if there is a firewall (e.g., Zscaler), then it’s determined by the firewall. You can bypass the SSL security for app.codescan.io or whichever instance URL you are using to avoid the issue of the SSL certificate expiring and the need to keep adding them to the environment variables every time.

CodeScan Self-Hosted FAQs

How do I upgrade an instance?

If you are utilizing an On-Premises Instance and wish to upgrade, follow the steps below to ensure a smooth upgrade process.

1. Initiate Your Request: Contact your Customer Success Manager (CSM) or the Support team to request an instance upgrade.

2. Coordinate with the Release Team: CSM/Support teams will coordinate with the Release Team to prepare and share the necessary binaries with you.

Assistance with Installation: If you encounter any challenges while installing the binaries, you can request a call for assistance. One of our Release Team members will guide you through the installation process over the call.

Contact your CSM or the Support team for any further inquiries.

Is it possible to directly integrate and scan a Salesforce org as part of a single code analysis for SonarQube self-hosted users?

In self-hosted environments, Salesforce direct integration is not possible; therefore, CodeScan SCA through direct integration is not possible.

Can I create a new SonarQube™ instance and use the existing CodeScan license if one of my SonarQube™ instances was mistakenly deleted?

Yes, you can reinstall CodeScan Self-Hosted and continue to utilize your existing license.

After you've set up the prerequisites, you can use your existing account and password to log into SonarQube™. If it doesn't work, try logging in with the admin username and password.

1. Login into SonarQube™ using the below credentials:

   • username: admin

   • password: admin

2. Go to the top right and select Administrator.

3. On the right side, select General Settings.

4. On the category list, select CodeScan.

5. In the CodeScan license text box, type your license key. (key is sf.license.secured)

6. Save the file.

SonarQube only supports test execution reports for the branches of a project (including the main branch), not for pull requests. This differs from test coverage reports, for which pull requests are supported.

Depending on permissions in your SonarQube™ instance, the following issue can occur when running the analysis:

[Warn - 12:10:58] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[Warn - 12:10:58] CodeScan License has not been set

[Warn - 12:10:58] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[Error - 12:10:58] CodeScan is NOT licensed. Please contact our support team to purchase or renew your license

The issue is that the license is a variable that needs to be checked by CodeScan when it runs and the user that created the token needs certain permissions for the plugin to access the license variable. So this can be solved by allowing access to the variable or providing the license early.

Here are the options:

Enable the Execute Analysis permission on the Global level to read the CodeScan license key configured on the organization level for each member/group that is using VS Code.

OR

Add an environment variable called codescanLicense containing the license on the user's machine. The plugin checks for this before calling out.

OR for VS Code

In VSCode settings.json, add the following setting: "codescan.analyzerProperties": { "sf.license.secured": "<license-goes-here> " },

OR for IntelliJ

Under Settings > Tools > CodeScan > Project Settings, click the Analysis Properties tab. Add sf.license.secured with your license as the value.

If you do not have your license available, please contact support@autorabit.com.

CodeScan Self-Hosted (On-Premises)

Errors and Solutions

Why is my CodeScan update binding getting failed?

If the CodeScan update binding is getting failed, try disabling the VPN and antivirus, then try updating the binding again.

If the binding successfully updates, the error occurred due to antivirus blocking CodeScan. Add CodeScan to the list of allowed sites for the antivirus in use.

If the binding still fails, raise a Support Ticket, including the analyzer logs and verbose logs in the attachment.

Why did I get the following error during initialization of VM: Could not reserve enough space for xxxKB object heap?

If you are experiencing this error when running a scan, the issue may be with your Java version. 32-bit Java versions have a lower limit to their heap size. This limit can be as low as 1.6GB on Windows operating systems.

If you are running a 64-bit operating system, you will need to upgrade to a 64-bit version of Java.

You can check whether your Java version is 32 or 64-bit by using the command: java -d64 -version in your command prompt or terminal. If you have a 32-bit version of Java installed, you will get the message:

Error: This Java instance does not support a 64-bit JVM.

To correct this error, please install the proper Java version.

Why am I getting the error: java.lang.OutOfMemoryError: GC overhead limit exceeded?

This error can be solved by manually adding a parameter to your Ant environment path variable.

In Windows:

set ANT_OPTS=%ANT_OPTS% -Xmx2048M

In Linux/OS X:

export ANT_OPTS=$ANT_OPTS -Xmx2048M

If the problem persists, please contact support@autorabit.com.

Why am I getting the error: Jenkins: java.lang.OutOfMemoryError: Java heap space?

This error can be solved by manually adding a parameter to dedicate memory to the build process.

1. In your Jenkins project, click Configure.

2. Scroll down to the Build section of the page to the Build Step titled Invoke Ant with the fields:

   • Ant Version: CodeScan Bundled Ant

   • Targets: sonar

3. Click on Advanced.

4. In the Java Options field, add the parameter -Xmx2000m. This will assign 2000mb of memory to you build.

If after increasing the heap space, you get the error:

Error occurred during initialization of VM Could not reserve enough space for xxxxxxKB object heap

The problem may be that you are using a 32-bit version of Java. Please refer to the following article for more details.

Why am I getting a PKIX Path Building failed error?

Error Code:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

This error occurs when the Java environment does not trust the certificate of the server running your SonarQube™ instance.

To correct this issue, you need to install the server certificate to the Java key.

2. From the window, select Connection is secure.

1. Next, select the second option: Certificate is valid.

1. Go to the Details tab and click on Export.

1. Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.

1. The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.

Command:

keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}

Example:

keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt

When adding the certificate, password is required. The password is changeit.

Note:

If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.

Command to list all of the certificates from the Java Keystore: keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt

Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt Command to delete the certificate: keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”

Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”

License Expired Errors

You must renew your subscription by entering a new license key if your subscription has expired and you can no longer access your CodeScan account. For your subscription extension and the proper license key, reach out to our support team.

However, if the system throws the following error message after you enter a new license key, you need to identify where the expired license key is being passed on and update it with the new license key.

XXXXXXXXXXXXXXXXXXXXXX

License is not valid
License expired on <date_of_expiry>
Code: 6

XXXXXXXXXXXXXXXXXXXXX

A CodeScan license key can be entered via the following ways:

1. SonarQube UI

2. Command Line parameter [-Dsf.license.secured]

3. In the sonar.properties, codescan.properties or sfdx-project.json inside the project folder considered for analysis

4. In the SonarQube-{version} installation folder Example: sonarqube-1.0.12345/conf/sonar.properties

5. System environment variable: Add an environment variable called codescanLicense containing the license on the user's machine.

   • Variable name: codescanLicense

   • Value: <License_Key>

Proxy Errors

The most common problem with licensing problems are when your network has a proxy. This can cause licensing problems including:

101: Couldn’t fetch license for unlicensed project

104: Couldn’t fetch license: No response given

Couldn't fetch license for unlicensed product is sometimes coupled with something similar to:

JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Expected EOF near <!DOCTYPE html PUBLIC "-//W3C//DTD

This is the proxy replying with an HTML error page when a JSON object is expected.

See here for instructions on how to set up CodeScan on a network with a proxy.

Version Errors

Licensing version problems can occur with older versions of CodeScan. When this occurs, you will see the following error:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

License is not valid:

License is not for this product

Code: 7

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 

This can be avoided by updating to the latest version of CodeScan.

If this is not an option, contact Support for assistance and we will provide you with the appropriate license version.

Line Count Problems

Licensing problems can occur when you are operating outside the Terms of Service.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

License is not valid:

Lines exceed your license (6878 > 1000)

Code: 103

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

This can be avoided by increasing your license limit or reducing the lines of code you are scanning. More information: CodeScan License Issues (IDE)

Please reach out to CodeScan Support for any queries about your license.

Overview

You must renew your subscription by entering a new license key if your subscription has expired and you can no longer access your CodeScan account.

A CodeScan license key can be passed on by setting the path and environment variables in a user's machine.

Setting the system environment variables for a Windows operating system

For Windows 11

1. Press the Windows key+X to access the Power User Task menu.

2. In the Power User Task menu, select the System option.

3. In the System window, scroll to the bottom and click the About option.

4. In the System > About window, click the Advanced system settings link at the bottom of the Device specifications section.

5. In the System Properties window, click the Advanced tab, then click the Environment Variables button near the bottom of that tab.

6. In the Environment Variables window, click on New button in the System variables section.

7. Enter the following details:

   • Variable name: codescanLicense

   • Value: <License_Key>

8. Click OK.

9. Click OK again to close the Environment Variables screen.

For Windows 10

1. Press the Windows key+X to access the Power User Task menu.

2. In the Power User Task menu, select the System option.

3. In the About window, click the Advanced system settings link under Related settings on the far-right side.

4. In the System Properties window, click the Advanced tab, then click the Environment Variables button near the bottom of that tab.

5. In the Environment Variables window, click on New button in the System variables section.

6. Enter the following details:

   • Variable name: codescanLicense

   • Value: <License_Key>

7. Click OK.

8. Click OK again to close the Environment Variables screen.

Setting the system environment variables for a Mac operating system

System environment variables are added to the .bash_profile file:

1. Find the path to .bash_profile by using: ~/.bash-profile

2. Open the .bash_profile file with a text editor of your choice.

3. Scroll down to the end of the .bash_profile file.

4. Use the export command to add new environment variables: export codescanLicense=[License_Key]

5. Save any changes you made to the .bash_profile file.

6. Execute the new .bash_profile by either restarting the terminal window or using: source ~/.bash-profile

Unsupported Metadata Types

The following metadata items are NOT supported in the 24.1 release. They may be supported from 24.2 onward. This list will continue to be updated.

AIApplication

AIConvSummarizationConfig

BriefcaseDefinition

CanvasMetadata

ChannelObjectLinkingRule

ConversationMessageDefinition

CustomIndex

DataConnectorS3

DataPackageKitObject

DataSource

DataSourceBundleDefinition

DataSourceObject

DataSourceTenant

DataSrcDataModelFieldMap

DataStreamDefinition

DataStreamTemplate

DigitalExperience

DigitalExperienceBundle

DigitalExperienceConfig

ExperienceContainer

ExternalAIModel

ExternalDataConnector

InternalDataConnector

MktCalcInsightObjectDef

MktDataTranObject

MLDataDefinition

MLPredictionDefinition

OmniSupervisorConfig

Common Issues

Why is the Add & Run Scan tab grayed out?

If a user does not have approval/permission to run a scan, when they try to add a project for analysis, the Add & Run Scan tab will be grayed out.

Errors

Error: Project reports are not available for branches created outside the CodeScan Cloud.

For branches created outside the CodeScan Cloud, such as ARM, Flosum, or Copado, project reports are not yet accessible. Only the branch chosen during the initial integration setup with CodeScan Cloud can have reports fetched in CodeScan.

Solution: In the Edit Project section, select “Attach Analysis Project,” and choose project type as “Webhook.” After this step, project reports will be accessible.

Error: Salesforce\force-app\main\default\applications\Chatter_Delete_Blocker.app-meta.xml when writing a custom SonarQube rules using the Xpath Template rule for Salesforce Metadata (sfmeta:XPathRule)

The analysis is looking for a match with a file name and the suffix entered in the field, but it cannot find any, which is why the above error is thrown. This is expected behavior because CodeScan cannot decide which rules to apply to the files. To remove file patterns listed for sonar.lang.patterns.xml, navigate to Project Settings > General Settings > Language.

Error: "Job took long. We will attempt to rerun with more memory."?

This error may occur for projects having huge metadata.

1. Increase the Project's Java heap memory size to analyze the project sources.

   • On the CodeScan Project page, navigate to Project Settings > Project Analysis.

   • Click on the Edit Project button.

   • Update the Project Memory by selecting the required memory from the dropdown. The memory size can be overridden and increased at the organization level.

2. Check for the rule "Avoid Cleartext Transmission of Sensitive Information in the default quality profile" in your default quality profile. If available, please deactivate it. Use the steps below:

   • Create a new quality profile for Apex language.

   • Deactivate the "Avoid Cleartext Transmission of Sensitive Information in the default quality profile" rule.

   • Set the newly created profile as default.

For detailed steps, please refer to Customizing Quality Profiles.

Error: Background Tasks Failing

This error either occurs if it’s out of memory or when multiple analyses have been triggered at the same time. The one triggered last gets completed first.

Error: Not Able to Download Code from SF in the Project Analysis Page

Check to see whether CodeScan is blocked in Salesforce (Setup > Connected Apps > CodeScan). If it's blocked, unblocked it. If it's already unblocked, yet you are still seeing the error, uninstall then reinstall, block it, and then unblock it.

Error(s): Expired Access/Refresh Token or Authentication Failure

Following a sandbox refresh, you may encounter issues scanning your environment. In most cases, an “expired access/refresh token” or “authentication failure” error shows under the Project Analysis tab.

To resolve these issues, simply reauthenticate your environment. Follow these steps:

1. Select Project -> Project Analysis tab

2. Click Delete Analysis
3. Make sure you DO NOT select the checkbox to Delete the Project Also (as you just want to reattach it while maintaining the same project and its history).

1. Then select Attach Analysis Project.
2. Select Salesforce.
3. It will redirect you to the authorization page. Enter your credentials.

4. After successful authentication, you will be redirected to CodeScan, and a new analysis will kick off.

Copado Integration

Should the user add a new analysis project after the CodeScan-Copado integration is complete? If the user creates one, how does CodeScan understand it's the same project as the Copado connection?

Adding a new analysis project is not required. The project in CodeScan is automatically created in Copado Integration using the organization key and security token provided by CodeScan.

Why am I unable to see the results in CodeScan using the Copado integration?

Check if the specific user has permission to access the 'Result Record' in Copado.

CodeScan Cloud

Common Errors and Solutions

Can the status of issues marked as False Positives in the lower environment be transferred when the scan is triggered in the higher environment?

Issues in standalone branches are treated separately. The status can only be transferred if the Develop branch is a comparison or pull request branch using ProductionReady as the target.

Why am I getting the error 'Background tasks failing'?

This error either occurs if it’s out of memory or when multiple analyses have been triggered at the same time. The analysis triggered last gets completed first.

CodeScan is based on SonarQube™, an open-source reporting platform for coding languages. The Background Tasks that occur when an analysis report is run have been added by SonarQube™ to allow administrators to view technical details about why the processes fail.

To learn more about background tasks, please see the SonarQube Documentation - Background Tasks.

Why am I getting the following error: 'Error during SonarScanner execution'?

Why is my Commit and Merge failing with the following SonarScanner error but still allowing submission: 'Language of file force-app/main/default/permissionsets/abc_filename.permissionset-metaxml' cannot be decided as the file matches patterns of both sonar.lang.patterns.mule: **/*abcd,**/*xml and sonar.lanq.patterns.sfmeta: **/*profile-meta.xml.**/*permissionset-meta.xml.**/*settings-meta.xml.**/*object-metaxml.z*/*field-meta.xmll*s/*flow-meta.xml.**/*sharingrules-meta.xml.**/*workflow-meta.xml**/*profilesessionsetting-meta.xml **/*profilepasswordpolicy-meta.xml.**/*.profile，**/*.permissionset，**/*.settings.**/*.object.**/*.flow，**/*.sharingrules，**/*workflow**/*.profilesessionsetting，**/*.profilepasswordpolicy'?

Environment configuration checklist

Configure the Mule setting (Key: sonar.mule.file.suffixes) with values ".abcd" and ".xml," which are causing errors. Navigate to the project where this error occurs in CodeScan. Go to Project Settings > General Settings, and search for "mule" in the search box. Remove ".xml".

By adjusting these settings in CodeScan, the SCA will not fail.

Why am I getting an 'Expired Token' error on my project analysis?

Errors such as Expired Token on your Project Analysis page can sometimes be fixed by resetting the link to your code repository. CodeScan Cloud allows you to do this without erasing the historical data present in your project.

To fix the above errors, follow the steps below to delete the Analysis Project:

1. Go to your Project and navigate to the Project Settings > Project Analysis page.

1. Click on Delete Analysis.

1. Make sure you do not have the "Delete this project also?" box checked. This will delete your history and is not reversible. Click Delete Analysis.

1. Now, use the Attach Analysis Project button at the top right of the screen to add the link.

1. You will now see a new popup window. Select the required option from the options given.

1. Rerun the request.

Why am I getting an 'inactive user' error message?

Sometimes, an "Inactive user" error may appear at the start of an analysis:

This could be caused because the user who created the project and provided credentials for it:

• Is no longer a member of the team and was removed.

• Had their permissions changed in CodeScan.

• Had their permissions changed in the repo/environment that is scanned.

To resolve the “Inactive user“ issue, you need to reattach the project—without deleting its history.

Follow these steps:

1. Delete the project analysis:

Important! Do not select the checkbox to 'Delete Project also?' if you want to keep the current project and its history:

1. Reattach analysis:

1. Provide repo/environment credentials:

1. Rerun the SCA; it should succeed.

If the steps above were completed but the issue persists, contact support@autorabit.com.

Why am I getting an 'ip restricted' message?

The IP restricted issue can be solved by relaxing the IP restrictions for the CodeScan connected app in the org you are trying to scan.

To do this follow the below steps:

1. Log in to the org you are trying to scan.

2. Go to Setup and search for Connected Apps OAuth Usage.

3. Install the app that is making the scan (CodeScan Cloud or CodeScan Quick Reports).

4. Click Manage App Policies and then Edit Policies.

5. Under IP Relaxation select Relax IP Restrictions.

6. Rerun the scan.

Why am I getting a 'Packfile is truncated' error?

While analyzing the project, you may encounter a “Packfile is truncated” error. Initially, access to CodeScan was denied on GitHub.

1. Check Access: Verify if you have the necessary access to CodeScan in GitHub.

2. Grant Access: If access is denied, request and obtain the required permissions for CodeScan.

1. Retry Analysis: After granting access to CodeScan in GitHub and integrating it with CodeScan, start the connection, then reattempt the project analysis. The error should no longer appear. The repositories should be synced. CodeScan should indicate the analysis was triggered, and the user should see the issues.

Why am I getting the error: 'Project reports are not available for branches created outside the CodeScan Cloud'?

For branches created outside the CodeScan Cloud, such as ARM, Flosum, or Copado, project reports are not yet accessible. Only the branch chosen during the initial integration setup with CodeScan Cloud can have reports fetched in CodeScan.

In the Edit Project section, select “Attach Analysis Project,” and choose the project type as “Webhook.”

After this step, project reports will be accessible.

Why am I getting the error: 'Salesforce returned an unexpected result'?

The Salesforce Enhanced Domains feature was rolled out to Sandboxes on August 26, 2022, and available on September 9 for all environments.

If your CodeScan Cloud Salesforce project was linked to a Sandbox or Org that this feature is enabled in, you will need to reattach your project analysis.

CodeScan Cloud allows you to do this without erasing the historical data present in your project.

To fix the above errors, first you need to delete the Analysis Project, to delete follow the steps below:

1. Go to your Project and navigate to the Project Settings > Project Analysis page.

1. Click on Delete Analysis.

1. Make sure you do not have the "Delete this project also?" box checked. This will delete your history and is not reversible. Click Delete Analysis.

1. Now use the Attach Analysis Project button at the top right of the screen to re-add the link.

1. Configure the project and run the analysis.

Why am I getting a unit test timeout?

In CodeScan Cloud, the default setting for unit test timeouts is 1 hour (3,600 seconds). For Orgs and Sandboxes with a large number of tests, this can be insufficient. To increase the timeout, click on your project and then navigate to Overview > Project Settings > General settings.

In General Settings, click on the CodeScan tab on the left and edit the timeout under the Unit Test timeout.

Archival

What determines whether a child record is mandatory for archival?

AutoRABIT Vault considers a child record mandatory for archival if it meets any of the following criteria:

Are email messages mandatory child records for objects they have a direct relationship with?

How are backup and archival handled for objects with both parent and child references?

If an object has a reference from another object as both parent and a child record, then the parent will only be considered for a backup but not for archival. The child record will only be considered for archival.

PCI Compliance

Does Vault adhere to the Payment Card Industry (PCI) Data Security Standards (DSS)?

PCI DSS is the global standard for protecting payment data. These security requirements and global access control measures are established by the Payment Card Industry Security Standards Council. Vault ensures the storage and transmission of cardholder data is kept private, safe, and secure.

How does Vault ensure PCI compliance?

Vault firewalls, software, data encryption, secure passwords, transmission, and physical access to data storage all serve to protect data security. AutoRABIT performs continual software and security updates, testing to verify compliance. Data access logs are monitored regularly monitored to identify outliers.

Sandbox Refresh vs. Backup and Restore Timing

How long does it take to perform a sandbox refresh versus a backup and restore?

Sandbox Refresh: A sandbox refresh creates a full replica of a Salesforce org, including data and metadata, in another sandbox environment. It can take hours or days, depending on the org's data and metadata size and complexity. Salesforce limits full-copy sandbox refreshes to once every 29 days.

Backup and Restore: Backup and restore processes involve creating backups and restoring specific or full data sets as needed. AutoRABIT Vault uses backups from AWS S3 or Azure Blob Storage for selective or full restoration. The time to perform a backup and restore is typically faster than a sandbox refresh. It also has no Salesforce-imposed frequency limits.

Replicate RTO (Recovery Time Objective) estimates depend on:

• Data volume

• Schema complexity

• API availability

For specific estimates, contact the product team.

Backup and Compare

Can I delete specific, condition-based data from an existing backup?

No, if the data is backed up in GCP and AWS, it is not possible to delete data from a field in Vault. If you want to delete it from the Org, you can archive the whole record but not the data for a single field.

Is it possible to mask an existing field/record already backed up in GCP?

It is impossible to mask existing data in a backup, as backups are kept immutable in compliance with General Data Protection Regulation (GDPR) requirements.

Where can I find my backup expiration date?

Users can verify the expiry date by reviewing the backup history in Vault. In our application, a column will display the backup's expiration date.

Can I migrate data from other Salesforce backup solutions?

All backup solutions will ideally provide an option for users to download their data, which can be uploaded to our storage bucket and connected to our application to reinstate the backups/archives as if they were done through Vault. This is considered a professional service on our end, as there is significant effort involved from us to perform the migration.

Where in Vault can I view the attachments that were backed up?

File attachments cannot be viewed from the Vault user interface or in CSV format, as they are encrypted in our S3 storage. The customer must either restore those specific files in their Salesforce Org or Replicate them to another Salesforce Org.

How can I filter backup data by specific dates and use it as the source to Restore/Replicate?

To filter data based on specific dates from a backup using a CSV file and Excel, follow these steps:

1. Download CSV File: Download the CSV file corresponding to the object on which the date needs to be filtered from the backup.

2. Filter Dates Using Excel: Open the downloaded CSV file in Excel. Use Excel's filtering features to filter out the IDs for which the dates match the required criteria.

3. Create Final CSV File: Save the filtered data in a new CSV file. This file should contain only the filtered IDs.

4. Upload and Filter Backup: Use the final CSV file with the filtered IDs as the source. In the restore/replicate module, use the file upload option in the filters to filter the backup data accordingly.

If I delete the backup configuration, will the backup still exist in Vault?

If the backup configuration is deleted, all its related backup snapshots are also deleted from the Vault UI. The backup will be available in the storage, but it'll be in Excel format. Restoring/Replicating along with the relationships will be a challenge and must be done manually. That's why we recommend users do not delete any configurations unless they are certain they will not be needed in the future.

If a Salesforce org is decommissioned, will its backup still be available and can I Replicate it to another org?

1. If the Backup snapshots are available in the storage, i.e., not expired, you can Replicate them to another org (Restore is for the same org, which is not possible if the org is decommissioned).

2. If the configuration is deleted, all its related backup snapshots are also deleted from the Vault UI. The Backup will be available in the storage, but it will be in Excel format. Restoring/Replicating, along with the relationships, will be a challenge and must be done manually, which is why we recommend users not delete any configurations unless they are certain they won't be needed in the future.

Restore and Replicate

Will the Restore operation create a duplicate if a record already exists in Salesforce?

Can I specify the order in which objects are restored, e.g., users first, then other objects?

No, the order of a Restore operation is established by internal logic using data schema.

Can I determine the number of API calls made during the Restore process, similar to a Backup?

API calls are not currently displayed on the user interface during the Restore process.

Data Encryption

Does Vault encrypt data at rest by default?

Yes, by default, Vault encrypts data at rest in Amazon S3 buckets using AES-256 encryption, a highly secure encryption standard.

What is AES-256 encryption, and why is it used?

AES-256 (Advanced Encryption Standard) is a powerful encryption algorithm that ensures data is stored in an unreadable format unless decrypted with the proper key. It is widely recognized for its security and compliance with regulations like GDPR, HIPAA, and PCI-DSS.

Can I disable data encryption at rest?

No, encryption at rest is enforced by default in Vault and cannot be disabled. This ensures all stored data remains secure, even in the unlikely event of unauthorized access to storage.

Where is encrypted data stored?

Encrypted data is stored in Amazon S3 buckets, part of Amazon Web Services (AWS), which provides secure, scalable, and reliable cloud storage.

Admin

Does Vault support the Terafina managed packages?

Currently, Vault does not support the Terafina managed package.

Does Vault integrate with Salesforce Shield?

Salesforce Shield ensures that data is encrypted at rest within Salesforce. However, when data is queried through APIs, Salesforce returns it in a decrypted format. Since Vault leverages Salesforce APIs to retrieve data, our solution fully supports the backup and restoration of Salesforce orgs where Salesforce Shield is enabled.

Welcome to the AutoRABIT Release Notes page! This is your go-to resource for the latest updates and changes to all of our key products, including ARM, CodeScan, Vault, and nCino Integration.

Here, you'll find detailed release notes that provide insights into new features, enhancements, and bug fixes for each product update. Our goal is to keep you informed and equipped with the knowledge to make the most of our products.

By staying tuned to this page, you'll gain a deeper understanding of how our products are evolving to meet your needs and the changing landscape of software development. From small adjustments to major overhauls, every update is documented here to ensure you have all the information you need at your fingertips.

Whether you're a new user learning the ropes or an experienced customer seeking to optimize your use of our products, our Release Notes page is an invaluable tool for staying up-to-date with AutoRABIT's dynamic suite of solutions.

ARM Release Notes 25.1.3

Release Date: 06 April 2025 This release introduces significant new capabilities and key enhancements across the ARM platform. A major new feature enables multi-level deployment approvals by Org, offering structured release governance with customizable approval groups. Architecture improvements include enhanced global workspace management to handle deleted or missing branches more gracefully. The release also strengthens security with encrypted installation key handling. Core functionality has been optimized, including improved commit revision sorting and faster loading of standard value sets.

1. New Feature

• Multi-Level Deployment Approval by Org A two-level deployment approval process has been introduced to provide better control over releases. Each approval level supports group-based approval, allowing any member within the group to approve the deployment. Email notifications are sent to approvers with a link to ARM for approval actions. This approval process can be configured based on Org name. Admins can select applicable orgs and assign separate approvers or approver groups for each.

2. Feature Enhancements

• Secure Handling of Installation Key in Unlocked Packages CI Job The installation key used in the Unlocked Packages CI Job is now masked and encrypted for improved security. Additionally, a view/hide eye icon has been introduced to toggle the visibility of the installation key.

• Clear Status Indicators for Merge Pre-validation Outcomes The "Merge Prevalidation Process" logs now provide clearer visual indicators based on the outcome of the validation. A green checkmark ( ✓) is shown only when the process completes successfully, while a red X clearly indicates when the pre-validation has failed or resulted in auto-rejection. This improvement ensures better visibility into validation outcomes for both merge and commit workflows.

3. Architecture Improvements

• Resilience in Global Workspace Management for Optimized Workspaces A backend fix has been implemented to ensure stability in global workspace creation when the default branch is missing or deleted in the repository. When the default branch no longer exists in AutoRABIT or the remote repository, the system will now automatically update the global workspace and repository configuration to use the last valid branch. This prevents version control operations—such as commit, merge, or revision listing—from being blocked due to a broken global workspace.

  A UI enhancement to allow users to change the default branch directly in the VC Repos module will be introduced in an upcoming release to fully resolve the issue.

4. Bug Fixes and Improvements

• Reliable CI Job Queue Handling Resolved an issue where CI jobs were stuck in the queue due to mismatched build numbers between CIJobInfo and CIJobHistory tables. The system now handles these cases correctly, ensuring jobs progress without blocking subsequent builds. Impacted Modules: CI Job abort and Queue flows, Release Label abort and Queue flows. Support Case #134965

• CustomNotificationType Support in Destructive Commits Destructive commits now support the CustomNotificationType metadata. Impacted Modules: Commits, Merges, Release Label Artifact execution, CI Jobs, Deployments while performing the Custom Notifications type destructive changes flow. Support Case: #133054

• Package Key Handling in Deployment Module Resolved an issue where deployments failed due to a null package key during package version installation. The key preparation logic for dependent packages has been corrected, and a migration has been implemented to fix existing invalid keys. Impacted Modules: Unlocked packages, Deployments. Support Case: #132661

• LWC API Check Support in CodeScan Analysis Files with .js-meta.xml suffixes are now included in the CodeScan analysis, enabling proper API checks on Lightning Web Components (LWC) from ARM. This ensures more accurate validation during the scan process. Impacted Modules: ARM CodeScan integration. Support Case: #132042

• Accurate File Name Display in Review Artifact The Review Artifact UI now correctly updates the file name when switching files, ensuring clarity while reviewing changes. Impacted Modules: EZ Commit -> Review-Artifact -> Edit In IDE -> File Names in editor view. Support Case: #133904

• Commit Revisions Sorted by Committed Timestamp Commit revisions in the Commit module are now displayed based on the committed timestamp, aligning with GitHub's behavior. Previously, revisions were shown using the author timestamp, causing confusion. The backend logic has been updated to ensure commits are sorted and displayed consistently. Impacted Modules: New Deployment, New CI Jobs, New Merge, VC Repositories, Release Labels. Support Case: #132721

• Support for Special Characters and Extended Name Lengths in User Profiles User profile fields now support special characters in first and last names. Additionally, the character limits have been extended—first names now allow 3 to 40 characters, and last names allow 1 to 80 characters. Impacted Modules: Admin, My Profile. Support Case: #133923

• Support for Priority 4 Rules in Apex PMD Static Code Analysis Static Code Analysis now includes Priority 4 rule violations in Apex PMD reports. The minimum PMD priority has been updated from Medium (3) to Low (5), allowing visibility into lower-priority issues without affecting CI Job validations configured to fail only on higher priority errors. Impacted Modules: All static code analysis running with Apex PMD. Support Case: #132749

• Optimized Loading of Standard Value Sets in Commit Improved performance and visibility of Standard Value Sets in the EZ-Commit module by minimizing repeated Salesforce API calls. The system now retrieves enabled services during org registration and stores the cloud org type in the database. For existing orgs, the cloud type is updated during retrieval and used for subsequent requests, significantly reducing load times and ensuring correct metadata visibility—especially for Financial Services Cloud orgs. Impacted Modules: EZ-Commit, Commit Templates, Branching Baseline, Deployments, CI Jobs. Support Case: #133958

• Provar Plugin Name Edit Handling Editing the Provar name in the Admin module no longer triggers an invalid notification pop-up when a key file is already uploaded. A response check ensures smoother and more accurate user feedback. Impacted Modules: My Account plugins (Provar).

Vault FAQs

Common Error Messages + Resolutions

Restore/Replicate

CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY

This error is a result of an issue stemming from a trigger in the Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Use the option to disable the triggers in the job configuration. For the triggers that cannot be disabled via metadata API, manually disable the triggers in Salesforce and re-run the job.

CANNOT_EXECUTE_FLOW_TRIGGER

• Typical error message - We can't save this record because the ‘Online Applicant Validation’ process failed. Give your Salesforce admin these details. An error occurred when executing a flow interview. Error ID: 1545064308-45750 (1670083917)

• This error typically indicates that there is a Process Builder process / Flow in place which is causing the upsert operation to fail.

Resolution steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Locate the process builder process / flow that caused the error. Temporarily disable the automation and rerun the job to restore/replicate failed records.

3. Alternatively, the job can be retried by specifying a lower batch size in the job config which prevents the process builders/flows from hitting the parallel processing limits in Salesforce.

INACTIVE_OWNER_OR_USER

This error is due to the owner of the records about to be inserted into the destination Org is inactive in the destination Org.

Resolution Steps:

1. Click on Replicate/Restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Enable "Set Audit Fields upon Record Creation" and "Update Records with Inactive Owners" permissions in Salesforce settings.

3. Enable these permissions in the permission set corresponding to the dataloading user in the destination Org.

4. To access details on how to do this in Salesforce, click on this link: https://help.salesforce.com/articleView?id=000334870&type=1&mode=1

FIELD_CUSTOM_VALIDATION_EXCEPTION

This error is due to validation rules applied to certain fields.

Resolution Steps:

1. Click on Restore/Replicate job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Disable validation rules in the restore modal in the final step of the restore process.

INVALID_OR_NULL_FOR_RESTRICTED_PICKLIST

This error occurs when the destination Org doesn't have the value enabled that is selected in the source Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Sync the values in the restricted picklist between the source and destination.

3. Alternatively, use the mappings for restricted picklist to cross-map a value in the restricted picklist from the source to another value in the destination Org as part of the replicate job configuration.

REQUIRED_FIELD_MISSING

This error occurs due to a failure of a required parent record (related through master-detail/required).

Resolution Steps:

1. Click on Replicate/Restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Such errors occur when failure of a required parent record (related through master-detail/required lookup) leads to the failure of its associated child records.

3. Check the fields that failed. Review the error corresponding to the failure of the referencing parent record(s), rectify them, and restore the corresponding failed parent records first, then restore failed related child records.

INVALID_CROSS_REFERENCE_KEY

This error is caused by the Parent record not being included in the job or permission issue(s) on the parent object or a lookup relationship is not included in the job.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Verify the parent object is included in the job.

3. Review the authenticated user to ensure the user has access to the parent record that is referenced within the error.

4. If it is a lookup relationship then ensure the parent object is included in the job.

CANNOT_UPDATE_CONVERTED_LEAD

This error is due to a Lead record once converted (to a contact) becomes read only which prevents you from updating the lead.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. You can check to ensure that the lead is converted by checking the isConverted field.

FIELD_INTEGRITY_EXCEPTION

This error typically occurs when upsert tried to populate a lookup field with a wrong ID either because the parent failed or Vault is unable to recognize the parent record Id.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Need to pass the correct Id for a lookup field.

INVALID_OPERATION: Too many files in zip

• Typical error message - Metadata deployment error...com.sforce.ws.SoapFaultException

• This error is generated when there are more than 10,000 files in the .zip file which violates the governor limit.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on logs-> view error the 'Error' column.

2. Reduce the number of metadata components restored/replicated in each job to less than 10,000 files

RECORD-TYPE ACCESS ISSUE

This error indicates that the Salesforce user authenticated on Vault doesn’t have access to some record types of an object(s).

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Give appropriate access using profiles and permissions to the Salesforce user authenticated on Vault

UNKNOWN USER PERMISSION

This error is generated when the required user permissions are missing in Salesforce.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Assign user to the desired permission set in Salesforce.

INVALID RECORD TYPE ID FOR THE USER

• Typical error message - Record Type ID: this ID value isn't valid for the user: 012D0000000BfaLIAS:RecordTypeId --

• This error is generated when the Salesforce user authenticated on Vault doesn’t have access to some record types of an object(s).

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Give appropriate access using profiles and permissions to the Salesforce user authenticated on Vault.

CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY

• Typical error message - SFSSDupeCatcher.SSDupeCatcherContactTrigger: System.LimitException: Apex CPU time limit exceeded

• Error is generated by Triggers preventing the records from getting loaded in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Disable the triggers on the destination Org either by using the option to disable triggers in Vault or by performing the same in the Salesforce Org.

3. Alternately, try lowering the batch size of the operation to avoid more records from getting inserted/updated in parallel which may result in a CPU time limit exception.

UNABLE_TO_LOCK_ROW

• Typical error message - unable to obtain exclusive access to this record or 126 records.

• Error is caused by Dependent records causing the load of records from populating in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Execute the job in serial mode instead of parallel mode to help prevent records in different batches having dependency with each other getting inserted into Salesforce in parallel and causing the error.

TooManyLockFailure

• Typical error message - Too many lock failure 200 Trying again later.

• Error is caused by Dependent records causing the load of records from populating in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Decrease the batch size or execute the job in serial mode instead of parallel mode to help prevent records in different batches having dependency with each other getting inserted into Salesforce in parallel and causing the error.

Replicate

DUPLICATE_VALUE

Such failures occurs when such records are already present in the destination

Resolution Steps:

1. Click on Replicate job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. An existing automation is blocking the upsert operation. Try disabling the automation if necessary.

3. If you would like Vault to recognize the existing records in the destination that are created/transferred outside of Vault, you can configure the unique identifier for the object and enable the option ‘Prevent duplicate record creation using unique identifiers in replicate job config to avoid Vault from attempting to recreate an existing record matching the value in the unique identifier specified.

4. For steps on how to configure unique identifiers, go to this link:

Unique Identifier (UID) | AutoRABIT Knowledge Base

Limitations

Restoration of System-Generated Chatter-Feed Items

• Issue: Salesforce does not allow the restoration of chatter-feed items generated by the system.

• Details: Only feed items manually added by users to the chatter feed can be restored.

• Error Message: Attempting to restore system-generated chatter-feed items will result in the error: "Required field missing: Body."

Restoration of Shared Objects Data

• Issue: Salesforce does not permit the restoration of data in shared objects generated by sharing rules.

• Details: Only manually added share-related records in the shared object can be restored.

Installed Packages

• MuleSoft operates as an installed package component in Salesforce. Consequently, it cannot be backed up, restored, or replicated using API calls.

• Installed packages, which includes MuleSoft or anything related to Mule, cannot be backed up directly; they must be obtained from the Salesforce AppExchange platform and installed.

File Size Limits

• Issue: If the metadata zip file exceeds the file size limit of 39 MB, then Vault cannot restore the file to the destination Org.

• Details: Use the workbench to restore larger files.

• Error Message in the UI logs: "Metadata ZIP file exceeds the maximum allowed size of 39 MB. Please refer to the AutoRABIT Knowledge Base for more details.”

• Additional Info: Refer to this Salesforce article for more information on file size limitations.

Vault FAQs

Common Error Messages + Resolutions

Restore/Replicate

CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY

This error is a result of an issue stemming from a trigger in the Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Use the option to disable the triggers in the job configuration. For the triggers that cannot be disabled via metadata API, manually disable the triggers in Salesforce and re-run the job.

CANNOT_EXECUTE_FLOW_TRIGGER

• Typical error message - We can't save this record because the ‘Online Applicant Validation’ process failed. Give your Salesforce admin these details. An error occurred when executing a flow interview. Error ID: 1545064308-45750 (1670083917)

• This error typically indicates that there is a Process Builder process / Flow in place which is causing the upsert operation to fail.

Resolution steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Locate the process builder process / flow that caused the error. Temporarily disable the automation and rerun the job to restore/replicate failed records.

3. Alternatively, the job can be retried by specifying a lower batch size in the job config which prevents the process builders/flows from hitting the parallel processing limits in Salesforce.

INACTIVE_OWNER_OR_USER

This error is due to the owner of the records about to be inserted into the destination Org is inactive in the destination Org.

Resolution Steps:

1. Click on Replicate/Restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Enable "Set Audit Fields upon Record Creation" and "Update Records with Inactive Owners" permissions in Salesforce settings.

3. Enable these permissions in the permission set corresponding to the dataloading user in the destination Org.

4. To access details on how to do this in Salesforce, click on this link: https://help.salesforce.com/articleView?id=000334870&type=1&mode=1

FIELD_CUSTOM_VALIDATION_EXCEPTION

This error is due to validation rules applied to certain fields.

Resolution Steps:

1. Click on Restore/Replicate job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Disable validation rules in the restore modal in the final step of the restore process.

INVALID_OR_NULL_FOR_RESTRICTED_PICKLIST

This error occurs when the destination Org doesn't have the value enabled that is selected in the source Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Sync the values in the restricted picklist between the source and destination.

3. Alternatively, use the mappings for restricted picklist to cross-map a value in the restricted picklist from the source to another value in the destination Org as part of the replicate job configuration.

REQUIRED_FIELD_MISSING

This error occurs due to a failure of a required parent record (related through master-detail/required).

Resolution Steps:

1. Click on Replicate/Restore job summary-> Click on Failure records-> download details-> view error in the 'Error' column.

2. Such errors occur when failure of a required parent record (related through master-detail/required lookup) leads to the failure of its associated child records.

3. Check the fields that failed. Review the error corresponding to the failure of the referencing parent record(s), rectify them, and restore the corresponding failed parent records first, then restore failed related child records.

INVALID_CROSS_REFERENCE_KEY

This error is caused by the Parent record not being included in the job or permission issue(s) on the parent object or a lookup relationship is not included in the job.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Verify the parent object is included in the job.

3. Review the authenticated user to ensure the user has access to the parent record that is referenced within the error.

4. If it is a lookup relationship then ensure the parent object is included in the job.

CANNOT_UPDATE_CONVERTED_LEAD

This error is due to a Lead record once converted (to a contact) becomes read only which prevents you from updating the lead.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. You can check to ensure that the lead is converted by checking the isConverted field.

FIELD_INTEGRITY_EXCEPTION

This error typically occurs when upsert tried to populate a lookup field with a wrong ID either because the parent failed or Vault is unable to recognize the parent record Id.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Need to pass the correct Id for a lookup field.

INVALID_OPERATION: Too many files in zip

• Typical error message - Metadata deployment error...com.sforce.ws.SoapFaultException

• This error is generated when there are more than 10,000 files in the .zip file which violates the governor limit.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on logs-> view error the 'Error' column.

2. Reduce the number of metadata components restored/replicated in each job to less than 10,000 files

RECORD-TYPE ACCESS ISSUE

This error indicates that the Salesforce user authenticated on Vault doesn’t have access to some record types of an object(s).

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Give appropriate access using profiles and permissions to the Salesforce user authenticated on Vault

UNKNOWN USER PERMISSION

This error is generated when the required user permissions are missing in Salesforce.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> view error in 'Error' column.

2. Assign user to the desired permission set in Salesforce.

INVALID RECORD TYPE ID FOR THE USER

• Typical error message - Record Type ID: this ID value isn't valid for the user: 012D0000000BfaLIAS:RecordTypeId --

• This error is generated when the Salesforce user authenticated on Vault doesn’t have access to some record types of an object(s).

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Give appropriate access using profiles and permissions to the Salesforce user authenticated on Vault.

CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY

• Typical error message - SFSSDupeCatcher.SSDupeCatcherContactTrigger: System.LimitException: Apex CPU time limit exceeded

• Error is generated by Triggers preventing the records from getting loaded in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Disable the triggers on the destination Org either by using the option to disable triggers in Vault or by performing the same in the Salesforce Org.

3. Alternately, try lowering the batch size of the operation to avoid more records from getting inserted/updated in parallel which may result in a CPU time limit exception.

UNABLE_TO_LOCK_ROW

• Typical error message - unable to obtain exclusive access to this record or 126 records.

• Error is caused by Dependent records causing the load of records from populating in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Execute the job in serial mode instead of parallel mode to help prevent records in different batches having dependency with each other getting inserted into Salesforce in parallel and causing the error.

TooManyLockFailure

• Typical error message - Too many lock failure 200 Trying again later.

• Error is caused by Dependent records causing the load of records from populating in the destination Org.

Resolution Steps:

1. Click on Replicate/restore job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. Decrease the batch size or execute the job in serial mode instead of parallel mode to help prevent records in different batches having dependency with each other getting inserted into Salesforce in parallel and causing the error.

Replicate

DUPLICATE_VALUE

Such failures occurs when such records are already present in the destination

Resolution Steps:

1. Click on Replicate job summary-> Click on Failure records-> download details-> view error in 'Error' column.

2. An existing automation is blocking the upsert operation. Try disabling the automation if necessary.

3. If you would like Vault to recognize the existing records in the destination that are created/transferred outside of Vault, you can configure the unique identifier for the object and enable the option ‘Prevent duplicate record creation using unique identifiers in replicate job config to avoid Vault from attempting to recreate an existing record matching the value in the unique identifier specified.

4. For steps on how to configure unique identifiers, go to this link:

Unique Identifier (UID) | AutoRABIT Knowledge Base

Limitations

Restoration of System-Generated Chatter-Feed Items

• Issue: Salesforce does not allow the restoration of chatter-feed items generated by the system.

• Details: Only feed items manually added by users to the chatter feed can be restored.

• Error Message: Attempting to restore system-generated chatter-feed items will result in the error: "Required field missing: Body."

Restoration of Shared Objects Data

• Issue: Salesforce does not permit the restoration of data in shared objects generated by sharing rules.

• Details: Only manually added share-related records in the shared object can be restored.

Installed Packages

• MuleSoft operates as an installed package component in Salesforce. Consequently, it cannot be backed up, restored, or replicated using API calls.

• Installed packages, which includes MuleSoft or anything related to Mule, cannot be backed up directly; they must be obtained from the Salesforce AppExchange platform and installed.

File Size Limits

• Issue: If the metadata zip file exceeds the file size limit of 39 MB, then Vault cannot restore the file to the destination Org.

• Details: Use the workbench to restore larger files.

• Error Message in the UI logs: "Metadata ZIP file exceeds the maximum allowed size of 39 MB. Please refer to the AutoRABIT Knowledge Base for more details.”

• Additional Info: Refer to this Salesforce article for more information on file size limitations.

ARM Release Notes 25.1.0

Release Date: 23 February 2025

The ARM Release 25.1.0 introduces key upgrades, new features, and critical fixes to enhance security, compatibility, and overall performance. This release includes updates to third-party libraries, improved error handling, and several bug fixes to ensure a seamless user experience.

Upgrades and Enhancements

• Third-Party Library Updates: OpenJDK, Tomcat, Salesforce CLI, Sonar Scanner, and Local DynamoDB have been updated to their latest versions for improved performance, security, and compatibility.

• Salesforce API Version 63.0 Support: ARM now fully supports Salesforce API version 63.0, ensuring compatibility with the latest Salesforce features and functionalities.

Deprecated Features

• Picklist to ValueSet Migration: The Picklist feature in the VC Repo section is now deprecated, as Salesforce has discontinued support for it starting from API version 39.

Bug Fixes and Improvements

• Clearer Error Messages: Improved UI messages provide more precise and actionable feedback, making troubleshooting easier.

• Tag Deployment Fix: Previously, deploying a tag would always result in the same changes, even when those changes were not present in the specified tag or branch. Tags now deploy the correct updates as expected. Impacted Modules: Custom Deployments. Support Case #124672

• Flow Access & LoginFlows Retrieval: Users can now retrieve and compare Flow Access and LoginFlows seamlessly. Previously, LoginFlows were not visible during change comparisons. Impacted Modules: EZ-Commit with validate deploy, Merge with validate deploy , Profile duplicates. Support Case #126050

• EZ-Merge Report Accuracy: The EZ-Merge report CSV now includes missing details, such as dates and L1/L2 review statuses, improving tracking and transparency. Impacted Modules: Weekly Report, EZ-Merge report. Support Case #128801

• CI Job Stability: Resolved issues causing CI job failures and deployment errors for AccelQ tests. Test results now display the correct status and test counts in the Test Summary Report. Impacted Modules: Accelq CI Jobs. Support Case #128701

• Deployment Rules Visibility: Deployment rules are now consistently displayed in the Deployment Submit popup window across all deployment types. Impacted Modules: Custom Deployments. Support Case #129905

• Lightning Email Templates Retrieval: Fixed an issue where Lightning Email Templates were not retrievable across multiple ARM modules, including EZ-Commit, EZ-Merge, Release Label Artifact Preparation, Org-to-Org Deployment, Org Sync, Auto-draft, Commit Template, and Branching Baseline. Impacted Modules: EZ-Commit. Support Case #129643

• Review Artifact Enhancement: The "Review Artifact" option now correctly displays the package.xml and its corresponding data for commits, deployments, and merges. Additionally, SearchCustomization now functions as expected for both SFDX and non-DX environments, supporting merging, CI jobs, and deployments. Impacted Modules: EZ-Commit, Merge. Support Case #130173

• SFDX Package Naming Support: Special characters such as @ and . can now be used in SFDX package version names, resolving previous naming limitations. Impacted Modules: SFDX, Unlocked Packages. Support Case #130459

Upgrades and Enhancements

• Third-Party Library Updates: OpenJDK, Tomcat, Salesforce CLI, Sonar Scanner, and Local DynamoDB have been updated to their latest versions for improved performance, security, and compatibility.

• Linux Upgrade: The underlying Linux environment has been upgraded, strengthening security and optimizing system performance.

nCino Improvements

Release Date 23 February 2025

To configure CodeScan for use in a network with a proxy, you will need to set the following settings in your antbuild.properties file (version 3.6-RC3+) or as parameters of your Jenkins job.

http.proxyHost, http.proxyPort and optionally http.proxyUser and http.proxyPassword

Older versions require you to set the above parameters and the following parameters in -DANT_OPTS:

https.proxyHost, https.proxyPort and optionally https.proxyUser and https.proxyPassword

Also, if your SonarQube™ server is not localhost and your proxy doesn’t resolve internally, you’ll need to add the SonarQube™ server host to http.nonProxyHosts to ensure that contacting the SonarQube™ server doesn’t go through the proxy. The value in http.nonProxyHosts MUST match the sonar.host.url value in the antbuild.xml file (minus the port number) or it will not connect.

For example, antbuild.xml

and antbuild.properties

ARM Release Notes 25.1.2

Release Date: 09 March 2025

This release introduces Checkmarx One Integration, enabling users to perform security scans within ARM using Checkmarx One alongside existing Static Code Analysis tools.

Additionally, we have addressed multiple bug fixes and enhancements, including improved support for PLATFORMEVENTCHANNELMEMBER in destructive commits, enhanced merge conflict detection for layouts, and more reliable duplicate resolution for profiles. Security and stability improvements include fully hiding API tokens after creation, ensuring correct project mapping for CodeScan in CI jobs, and providing consistent permission set deployments in Commit Label deployments.

New Feature

• Checkmarx One Integration

  Users can now integrate Checkmarx One as a Static Code Analysis tool within ARM. This allows security scans to be performed using Checkmarx One alongside other existing tools, providing a scalable and fully managed security solution for cloud-native and DevOps teams.

Bug Fixes and Improvements

• Improved Support for PLATFORMEVENTCHANNELMEMBER in Destructive Commits

  ARM supports the destructive commit of PLATFORMEVENTCHANNELMEMBER metadata, ensuring seamless deletion and replacement of platform events without file diff errors. Impacted Modules: Destructive changes, VC, Deployments, CI Jobs. Support Case #131023

• Enhanced Merge Conflict Detection for Layouts

  ARM reliably detects merge conflicts for layout metadata, including files with special characters in their names, ensuring a smoother and more accurate merge process. Impacted Module: EZ-Merge. Support Case: #130985

• Improved Duplicate Resolution for Profiles

  ARM ensures stable conflict resolution for profiles by preventing errors caused by commented code on a new line. Users can click on files in the resolve duplicate screen without encountering IndexOutOfBounds exceptions. Impacted Module: EZ-Merge duplicates resolution scenario. Support Case #130975

• Improved Security for API Tokens

  API tokens are now fully hidden after their initial creation and display, ensuring they are no longer exposed in network requests. This enhances security by preventing unauthorized access through browser developer tools. Impacted Module: API Token creation. Support Case #131377

• Correct Project Mapping for CodeScan in CI Jobs

  ARM ensures that CodeScan projects are correctly linked to the scanned Salesforce org in CI jobs. The mapping issue causing a null project name has been resolved, ensuring accurate project creation and association. Impacted Module: CI Job Build Logs. Support Case: #132391

• Improved Commit Label Deployment for Permission Sets

  ARM ensures consistent and accurate deployment of permission sets during Commit Label deployments. The Ignore Missing Visibility setting behaves as expected, and redeployments correctly generate a new deployment package instead of reusing the initial one. Impacted Module: Commit Label. Support Case: #131711

nCino + Data Loader Improvements

Release Date: 9 March 2025

See the Release Notes for nCino + Data Loader improvements.

ARM Release Notes 24.4.1

Release Date: 27 October 2024

Enhancements

Manageable-State Selection for Branching Baseline A new option has been added to select the Salesforce org's manageable state when initiating or re-running a branching baseline. This option is available only when the retrieval type is set to Salesforce, ensuring greater control over the data types included in the process.

1. Consistent Manageable-State Dropdown Across Modules The manageable-state dropdown is now consistently available across several modules, streamlining the user experience. It can be found in the following areas:

   • Branching Baseline

   • CI Job (Org to Org deployment)

   • EZ Commit

   • My Account (Save Global Settings for Admins)

   • Static Code Analysis

   • Org Synchronization History

2. Global Settings Migration for Manageable State Global settings for manageable state, previously configured in the "My Account → Admin" section, are now automatically retrieved and applied across relevant modules, ensuring consistency across the platform.

3. Database Support for Manageable State The database schema has been updated to support the manageable-state dropdown in CI Job, EZ-Commit, and Branching Baseline modules. This ensures that user selections are properly saved and retrieved, maintaining data integrity across sessions.

Conditional Abort Functionality for Branching Baseline The "Abort" button is now only clickable when the branching baseline process is actively in progress. The abort functionality behaves as follows:

• If the process is in the retrieval stage, clicking "Abort" will stop the operation.

• If the process is in the committing stage, clicking "Abort" will cancel the process.

• If the revision has already been generated or committed, the "Abort" button will be disabled to prevent unnecessary actions.

1. Enhancement: Updated Actions in Branching Baseline The actions available for each branching baseline iteration now include "Run," "Abort," and "Delete," providing clear and accessible options based on the process state.

2. Enhancement: Combined Revision and Info Section in Iterations The "Revision" and "Info" columns in the branching baseline iterations section have been merged into a single "Revision Info" column. This section is now a clickable hyperlink, allowing users to view detailed information for each specific revision easily.