CodeScan plugs into the truly excellent and free SonarQube server. The package applies a set of quality rules. When a rule is broken, SonarQube creates an issue that can be assigned and resolved (or marked “Won’t Fix”). Through the SonarQube user interface, developers can drill-down and see each issue in the context of our source code. By analyzing the size of our code base and the extent of found issues, SonarQube determines our technical debt and generates an overall quality score.
With CodeScan and a BitBucket plugin (also available for GitHub), we are able to scan each new pull request as it comes down the pipeline. In this way, we can focus first on the new code that we write, and ultimately circle back to issues in the pre-existing code.
But, wait, there’s more
In additional to conventional scanning, CodeScan also offers a more Salesforce-y approach. The plugin can pull the source directly from the org for analysis, so you don’t have to have Git in play. You can also analyze the code, run Apex tests, and commit the changes to Git all at once.
You do need to standup your own SonarQube server to use CodeScan (for the time being). If you are used to doing everything in the cloud, this task might be an impediment. If you have any questions about CodeScan, or Salesforce DevOps, feel free to ping me in the DreamOps Success Group.
Ted Husted is a Kaizen Squad developer on the Nimble AMS product crew. “We make the good changes that create a great product.”