Salesforce Code Scanner
This Visual Studio Code extension empowers you to analyze your Salesforce Apex and Lightning Web Components (LWC) code, ensuring adherence to best practices and identifying potential pitfalls. By integrating PMD for robust Apex static analysis and incorporating custom rules for LWC best practices, the extension delivers comprehensive code quality insights. The results are presented in an interactive webview, enhanced with DataTables for seamless sorting, searching, and data export.

Usage
Running Scans
Key Features
Apex Code Scanning:
- Leverages PMD to meticulously scan Apex classes for coding standard violations.
- Offers the flexibility to analyze local
.cls
files or retrieve classes directly from your Salesforce organization.
- Generates detailed and informative reports, including the file path, line number, column number, violated rule, and a clear description of the issue.
LWC Best Practices:
- Proactively identifies common LWC issues, such as missing
DeveloperName
, usage of outdated API versions, or the absence of descriptive information.
- Intelligently queries LWC metadata directly from your connected Salesforce organization.
Interactive Results:
- Presents scan findings in a user-friendly webview, enriched with the power of DataTables.js.
- Provides intuitive controls for sorting columns, performing quick searches, and navigating through results with pagination.
- Offers direct export functionality from the results table to various formats:
- CSV (Comma Separated Values)
- Excel (XLSX)
- PDF (Portable Document Format)
- Clipboard (for easy pasting)
- Print
Configurable Authentication:
- Supports flexible Salesforce authentication options to suit your workflow:
- Username and password-based authentication.
- Authentication via a JSON configuration file containing
accessToken
and instanceUrl
.
Context Menu Integration:
- Streamlines the scanning process with convenient context menu options directly within the VS Code Explorer.
- Initiate scans effortlessly for individual Apex (
.cls
) files and LWC component files (.js
, .html
).
Customizable Settings:
- Offers a range of configurable settings to tailor the extension to your specific needs:
- Define custom paths to your PMD installation.
- Specify the PMD rulesets you want to apply during analysis.
- Configure the desired output directory for scan reports.
- Manage your Salesforce authentication details.
Configuration
- Set up the extension in VS Code Settings (Ctrl+, or Cmd+,):
- Open Settings (UI or JSON) and configure the following under salesforceScanner:
{
"salesforceScanner.username": "your.salesforce.username@example.com",
"salesforceScanner.pmdBinPath": "/path/to/pmd-bin-7.13.0/bin/",
"salesforceScanner.ruleSetPath": "/path/to/pmd-bin-7.13.0/quickstart.xml",
"salesforceScanner.accessJsonPath": "/path/to/access.json",
"salesforceScanner.outputDir": "/path/to/output"
}
Configuration Details:
salesforceScanner.username (optional): Salesforce username for org authentication. Required if accessJsonPath is not set.
salesforceScanner.pmdBinPath (required for Apex): Path to the PMD binary directory (e.g., /Users/username/pmd-bin-7.13.0/bin/).
salesforceScanner.ruleSetPath (required for Apex): Path to the PMD ruleset XML file (e.g., /Users/username/pmd-bin-7.13.0/quickstart.xml).
salesforceScanner.accessJsonPath (optional): Path to a JSON file containing accessToken and instanceUrl for Salesforce authentication. Example:
{
"accessToken": "your-access-token",
"instanceUrl": "https://your-instance.salesforce.com"
}
Required if username is not set.
salesforceScanner.outputDir (required): Directory for scan results and temporary files (e.g., /tmp or /Users/username/scans).