sfdx-scanner-aura
sfdx-scanner is a sfdx plugin scanning apex and triggers using Apex PMD, and javascript using eslint
If your root folder is not force-app, please set variable SALESFORCE_SFDX_SCANNER_AURA_DIRECTORY
You can select categories and single rules by defining custom arguments (example: SALESFORCE_SFDX_SCANNER_ARGUMENTS: -c "Best Practices,Security")
See more details in Help
Workaround: Restricted to Aura
sfdx-scanner-aura documentation
- Version in MegaLinter: 3.8.0
- Visit Official Web Site
- See How to configure sfdx-scanner-aura rules
- See How to disable sfdx-scanner-aura rules in files
- See Index of problems detected by sfdx-scanner-aura
Configuration in MegaLinter
- Enable sfdx-scanner-aura by adding
SALESFORCE_SFDX_SCANNER_AURAin ENABLE_LINTERS variable - Disable sfdx-scanner-aura by adding
SALESFORCE_SFDX_SCANNER_AURAin DISABLE_LINTERS variable
| Variable | Description | Default value |
|---|---|---|
| SALESFORCE_SFDX_SCANNER_AURA_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
| SALESFORCE_SFDX_SCANNER_AURA_PRE_COMMANDS | List of bash commands to run before the linter | None |
| SALESFORCE_SFDX_SCANNER_AURA_POST_COMMANDS | List of bash commands to run after the linter | None |
| SALESFORCE_SFDX_SCANNER_AURA_CONFIG_FILE | sfdx-scanner-aura configuration file nameUse LINTER_DEFAULT to let the linter find it |
--eslintconfig |
| SALESFORCE_SFDX_SCANNER_AURA_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
| SALESFORCE_SFDX_SCANNER_AURA_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
| SALESFORCE_SFDX_SCANNER_AURA_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
| SALESFORCE_DIRECTORY | Directory containing SALESFORCE files | force-app |
IDE Integration
Use sfdx-scanner-aura in your favorite IDE to catch errors before MegaLinter !
| IDE | Extension Name | Install | |
|---|---|---|---|
| Visual Studio Code | Salesforce Extension Pack |  |
MegaLinter Flavours
This linter is available in the following flavours
| Flavor | Description | Embedded linters | Info | |
|---|---|---|---|---|
 |
all | Default MegaLinter Flavor | 112 |   |
| salesforce | Optimized for Salesforce based projects | 50 |   |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
force-appis found. (directory name can be overridden withSALESFORCE_DIRECTORY) - If this linter is active, all files will always be linted
How the linting is performed
sfdx-scanner-aura is called once on the whole project directory (project CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using sfdx-scanner-aura configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: falsedoes not make sfdx-scanner-aura analyze only updated files
Example calls
sfdx scanner:run
Help content
scan a codebase with a selection of rules
USAGE
$ sfdx scanner run -t <array> [-f csv|html|json|junit|sarif|table|xml]
[-o <string>] [-s <integer> | --json] [--normalize-severity] [-p <array>]
[-c <array>] [-r <array>] [-e <array>] [--tsconfig <string>] [--eslintconfig
<string>] [--pmdconfig <string>] [--env <string>] [--verbose-violations]
[--verbose] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
FLAGS
-c, --category=<value>
one or more categories of rules to run
-e, --engine=<value>
specify which engines to run
-f, --format=(csv|html|json|junit|sarif|table|xml)
specify results output format
-o, --outfile=<value>
write output to a file
-p, --projectdir=<value>
provide root directory of project
-r, --ruleset=<value>
[deprecated] rulesets to run
-s, --severity-threshold=<value>
throw an error when a violation threshold is reached, the
--normalize-severity is invoked, and severity levels are reset to the
baseline
-t, --target=<value>
(required) source code location
--env=<value>
[deprecated] override ESLint's default environment variables, in
JSON-formatted string
--eslintconfig=<value>
specify the location of eslintrc config to customize eslint engine
--json
format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATA
L)
[default: warn] logging level for this command invocation
--normalize-severity
return normalized severity 1 (high), 2 (moderate), and 3 (low), and the
engine-specific severity
--pmdconfig=<value>
specify location of PMD rule reference XML file to customize rule selection
--tsconfig=<value>
location of tsconfig.json file
--verbose
emit additional command output to stdout
--verbose-violations
return retire-js violation message details
COMMANDS
scanner run dfa scan codebase with all DFA rules
WARNING: We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at https://research.net/r/SalesforceCA
NAME LANGUAGES CATEGORIES RULESETS [DEP] ENGINE
────────────────────────────────────────────────────── ─────────── ───────────────────── ──────────────────────────────────────────────── ─────────────────
VfCsrf visualforce Security Basic VF pmd
VfHtmlStyleTagXss visualforce Security pmd
VfUnescapeEl visualforce Security Basic VF pmd
ApexAssertionsShouldIncludeMessage apex Best Practices pmd
ApexUnitTestClassShouldHaveAsserts apex Best Practices Default ruleset...,quickstart,ApexUnit pmd
ApexUnitTestClassShouldHaveRunAs apex Best Practices quickstart pmd
ApexUnitTestMethodShouldHaveIsTestAnnotation apex Best Practices pmd
ApexUnitTestShouldNotUseSeeAllDataTrue apex Best Practices Default ruleset...,quickstart,ApexUnit pmd
AvoidGlobalModifier apex Best Practices Style,Default ruleset...,quickstart pmd
AvoidLogicInTrigger apex Best Practices Style,Default ruleset...,quickstart pmd
DebugsShouldUseLoggingLevel apex Best Practices quickstart pmd
UnusedLocalVariable apex Best Practices pmd
AvoidDebugStatements apex Performance pmd
AvoidDmlStatementsInLoops apex Performance Default ruleset...,Performance pmd
AvoidSoqlInLoops apex Performance Default ruleset...,Performance pmd
AvoidSoslInLoops apex Performance Default ruleset...,Performance pmd
EagerlyLoadedDescribeSObjectResult apex Performance pmd
OperationWithLimitsInLoop apex Performance quickstart pmd
ApexBadCrypto apex Security Security,Default ruleset...,quickstart pmd
ApexCRUDViolation apex Security Security,Default ruleset...,quickstart pmd
ApexCSRF apex Security Security pmd
ApexDangerousMethods apex Security Security,Default ruleset...,quickstart pmd
ApexInsecureEndpoint apex Security Security,Default ruleset...,quickstart pmd
ApexOpenRedirect apex Security Security,Default ruleset...,quickstart pmd
ApexSharingViolations apex Security Security,Default ruleset...,quickstart pmd
ApexSOQLInjection apex Security Security,Default ruleset...,quickstart pmd
ApexSuggestUsingNamedCred apex Security Security,Default ruleset...,quickstart pmd
ApexXSSFromEscapeFalse apex Security Security,Default ruleset...,quickstart pmd
ApexXSSFromURLParam apex Security Security,Default ruleset...,quickstart pmd
ClassNamingConventions apex Code Style Style,Default ruleset...,quickstart pmd
IfElseStmtsMustUseBraces apex Code Style Braces,Default ruleset...,quickstart pmd
IfStmtsMustUseBraces apex Code Style Braces,Default ruleset...,quickstart pmd
FieldDeclarationsShouldBeAtStart apex Code Style pmd
FieldNamingConventions apex Code Style quickstart pmd
ForLoopsMustUseBraces apex Code Style Braces,Default ruleset...,quickstart pmd
FormalParameterNamingConventions apex Code Style quickstart pmd
LocalVariableNamingConventions apex Code Style quickstart pmd
MethodNamingConventions apex Code Style Style,Default ruleset...,quickstart pmd
OneDeclarationPerLine apex Code Style Default ruleset...,quickstart pmd
PropertyNamingConventions apex Code Style quickstart pmd
VariableNamingConventions apex Code Style Style,Default ruleset... pmd
WhileLoopsMustUseBraces apex Code Style Braces,Default ruleset...,quickstart pmd
AvoidDeeplyNestedIfStmts apex Design Complexity,Default ruleset...,quickstart pmd
CyclomaticComplexity apex Design Default ruleset...,quickstart,Metrics tempora... pmd
CognitiveComplexity apex Design pmd
ExcessiveClassLength apex Design Complexity,Default ruleset...,quickstart pmd
ExcessiveParameterList apex Design Complexity,Default ruleset...,quickstart pmd
ExcessivePublicCount apex Design Complexity,Default ruleset...,quickstart pmd
NcssConstructorCount apex Design Complexity,Default ruleset...,quickstart pmd
NcssMethodCount apex Design Complexity,Default ruleset...,quickstart pmd
NcssTypeCount apex Design Complexity,Default ruleset...,quickstart pmd
StdCyclomaticComplexity apex Design Complexity,Default ruleset...,quickstart pmd
TooManyFields apex Design Complexity,Default ruleset...,quickstart pmd
ApexDoc apex Documentation Default ruleset...,quickstart pmd
ApexCSRF apex Error Prone Default ruleset...,quickstart pmd
AvoidDirectAccessTriggerMap apex Error Prone Style,Default ruleset...,quickstart pmd
AvoidHardcodingId apex Error Prone Style,Default ruleset...,quickstart pmd
AvoidNonExistentAnnotations apex Error Prone Default ruleset...,quickstart pmd
EmptyCatchBlock apex Error Prone Empty Code,Default ruleset...,quickstart pmd
EmptyIfStmt apex Error Prone Empty Code,Default ruleset...,quickstart pmd
EmptyStatementBlock apex Error Prone Empty Code,Default ruleset...,quickstart pmd
EmptyTryOrFinallyBlock apex Error Prone Empty Code,Default ruleset...,quickstart pmd
EmptyWhileStmt apex Error Prone Empty Code,Default ruleset...,quickstart pmd
InaccessibleAuraEnabledGetter apex Error Prone pmd
MethodWithSameNameAsEnclosingClass apex Error Prone Style,Default ruleset...,quickstart pmd
OverrideBothEqualsAndHashcode apex Error Prone pmd
TestMethodsMustBeInTestClasses apex Error Prone pmd
constructor-super javascript problem problem eslint
for-direction javascript problem problem eslint
getter-return javascript problem problem eslint
no-async-promise-executor javascript problem problem eslint
no-case-declarations javascript suggestion suggestion eslint
no-class-assign javascript problem problem eslint
no-compare-neg-zero javascript problem problem eslint
no-cond-assign javascript problem problem eslint
no-const-assign javascript problem problem eslint
no-constant-condition javascript problem problem eslint
no-control-regex javascript problem problem eslint
no-debugger javascript problem problem eslint
no-delete-var javascript suggestion suggestion eslint
no-dupe-args javascript problem problem eslint
no-dupe-class-members javascript problem problem eslint
no-dupe-else-if javascript problem problem eslint
no-dupe-keys javascript problem problem eslint
no-duplicate-case javascript problem problem eslint
no-empty javascript suggestion suggestion eslint
no-empty-character-class javascript problem problem eslint
no-empty-pattern javascript problem problem eslint
no-ex-assign javascript problem problem eslint
no-extra-boolean-cast javascript suggestion suggestion eslint
no-extra-semi javascript suggestion suggestion eslint
no-fallthrough javascript problem problem eslint
no-func-assign javascript problem problem eslint
no-global-assign javascript suggestion suggestion eslint
no-import-assign javascript problem problem eslint
no-inner-declarations javascript problem problem eslint
no-invalid-regexp javascript problem problem eslint
no-irregular-whitespace javascript problem problem eslint
no-loss-of-precision javascript problem problem eslint
no-misleading-character-class javascript problem problem eslint
no-mixed-spaces-and-tabs javascript layout layout eslint
no-new-symbol javascript problem problem eslint
no-nonoctal-decimal-escape javascript suggestion suggestion eslint
no-obj-calls javascript problem problem eslint
no-octal javascript suggestion suggestion eslint
no-prototype-builtins javascript problem problem eslint
no-redeclare javascript suggestion suggestion eslint
no-regex-spaces javascript suggestion suggestion eslint
no-self-assign javascript problem problem eslint
no-setter-return javascript problem problem eslint
no-shadow-restricted-names javascript suggestion suggestion eslint
no-sparse-arrays javascript problem problem eslint
no-this-before-super javascript problem problem eslint
no-undef javascript problem problem eslint
no-unexpected-multiline javascript problem problem eslint
no-unreachable javascript problem problem eslint
no-unsafe-finally javascript problem problem eslint
no-unsafe-negation javascript problem problem eslint
no-unsafe-optional-chaining javascript problem problem eslint
no-unused-labels javascript suggestion suggestion eslint
no-unused-vars javascript problem problem eslint
no-useless-backreference javascript problem problem eslint
no-useless-catch javascript suggestion suggestion eslint
no-useless-escape javascript suggestion suggestion eslint
no-with javascript suggestion suggestion eslint
require-yield javascript suggestion suggestion eslint
use-isnan javascript problem problem eslint
valid-typeof javascript problem problem eslint
for-direction typescript problem problem eslint-typescript
no-async-promise-executor typescript problem problem eslint-typescript
no-case-declarations typescript suggestion suggestion eslint-typescript
no-class-assign typescript problem problem eslint-typescript
no-compare-neg-zero typescript problem problem eslint-typescript
no-cond-assign typescript problem problem eslint-typescript
no-constant-condition typescript problem problem eslint-typescript
no-control-regex typescript problem problem eslint-typescript
no-debugger typescript problem problem eslint-typescript
no-delete-var typescript suggestion suggestion eslint-typescript
no-dupe-else-if typescript problem problem eslint-typescript
no-duplicate-case typescript problem problem eslint-typescript
no-empty typescript suggestion suggestion eslint-typescript
no-empty-character-class typescript problem problem eslint-typescript
no-empty-pattern typescript problem problem eslint-typescript
no-ex-assign typescript problem problem eslint-typescript
no-extra-boolean-cast typescript suggestion suggestion eslint-typescript
no-fallthrough typescript problem problem eslint-typescript
no-global-assign typescript suggestion suggestion eslint-typescript
no-inner-declarations typescript problem problem eslint-typescript
no-invalid-regexp typescript problem problem eslint-typescript
no-irregular-whitespace typescript problem problem eslint-typescript
no-misleading-character-class typescript problem problem eslint-typescript
no-mixed-spaces-and-tabs typescript layout layout eslint-typescript
no-nonoctal-decimal-escape typescript suggestion suggestion eslint-typescript
no-octal typescript suggestion suggestion eslint-typescript
no-prototype-builtins typescript problem problem eslint-typescript
no-regex-spaces typescript suggestion suggestion eslint-typescript
no-self-assign typescript problem problem eslint-typescript
no-shadow-restricted-names typescript suggestion suggestion eslint-typescript
no-sparse-arrays typescript problem problem eslint-typescript
no-unexpected-multiline typescript problem problem eslint-typescript
no-unsafe-finally typescript problem problem eslint-typescript
no-unsafe-optional-chaining typescript problem problem eslint-typescript
no-unused-labels typescript suggestion suggestion eslint-typescript
no-useless-backreference typescript problem problem eslint-typescript
no-useless-catch typescript suggestion suggestion eslint-typescript
no-useless-escape typescript suggestion suggestion eslint-typescript
no-var typescript suggestion suggestion eslint-typescript
no-with typescript suggestion suggestion eslint-typescript
prefer-const typescript suggestion suggestion eslint-typescript
prefer-rest-params typescript suggestion suggestion eslint-typescript
prefer-spread typescript suggestion suggestion eslint-typescript
require-yield typescript suggestion suggestion eslint-typescript
use-isnan typescript problem problem eslint-typescript
@typescript-eslint/adjacent-overload-signatures typescript suggestion suggestion eslint-typescript
@typescript-eslint/await-thenable typescript problem problem eslint-typescript
@typescript-eslint/ban-ts-comment typescript problem problem eslint-typescript
@typescript-eslint/ban-types typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-array-constructor typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-empty-function typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-empty-interface typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-explicit-any typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-extra-non-null-assertion typescript problem problem eslint-typescript
@typescript-eslint/no-extra-semi typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-floating-promises typescript problem problem eslint-typescript
@typescript-eslint/no-for-in-array typescript problem problem eslint-typescript
@typescript-eslint/no-implied-eval typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-inferrable-types typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-loss-of-precision typescript problem problem eslint-typescript
@typescript-eslint/no-misused-new typescript problem problem eslint-typescript
@typescript-eslint/no-misused-promises typescript problem problem eslint-typescript
@typescript-eslint/no-namespace typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-non-null-asserted-optional-chain typescript problem problem eslint-typescript
@typescript-eslint/no-non-null-assertion typescript problem problem eslint-typescript
@typescript-eslint/no-this-alias typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-unnecessary-type-assertion typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-unnecessary-type-constraint typescript suggestion suggestion eslint-typescript
@typescript-eslint/no-unsafe-argument typescript problem problem eslint-typescript
@typescript-eslint/no-unsafe-assignment typescript problem problem eslint-typescript
@typescript-eslint/no-unsafe-call typescript problem problem eslint-typescript
@typescript-eslint/no-unsafe-member-access typescript problem problem eslint-typescript
@typescript-eslint/no-unsafe-return typescript problem problem eslint-typescript
@typescript-eslint/no-unused-vars typescript problem problem eslint-typescript
@typescript-eslint/no-var-requires typescript problem problem eslint-typescript
@typescript-eslint/prefer-as-const typescript suggestion suggestion eslint-typescript
@typescript-eslint/prefer-namespace-keyword typescript suggestion suggestion eslint-typescript
@typescript-eslint/require-await typescript suggestion suggestion eslint-typescript
@typescript-eslint/restrict-plus-operands typescript problem problem eslint-typescript
@typescript-eslint/restrict-template-expressions typescript problem problem eslint-typescript
@typescript-eslint/triple-slash-reference typescript suggestion suggestion eslint-typescript
@typescript-eslint/unbound-method typescript problem problem eslint-typescript
insecure-bundled-dependencies javascript Insecure Dependencies retire-js
ApexFlsViolationRule apex Security sfge
UnusedMethodRule apex Performance sfge
Installation on mega-linter Docker image
- Dockerfile commands :
# Parent descriptor install
ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
RUN echo y|sfdx plugins:install sfdx-hardis \
&& npm cache clean --force || true \
&& rm -rf /root/.npm/_cacache
# Linter install
RUN sfdx plugins:install @salesforce/sfdx-scanner \
&& npm cache clean --force || true \
&& rm -rf /root/.npm/_cacache