A VS Code extension that automatically resolves SCA (Software Composition Analysis) violations in Apex code.
Features
Automatic Detection: Uses PMD to detect SCA violations in Apex code
Auto-fixing: Automatically fixes common violations including:
Unused variables and imports
Empty catch blocks
CRUD/FLS violations
User-selectable Fix Levels: Choose which violation levels to fix (1-5)
Custom PMD Rulesets: Support for custom PMD ruleset XML files
Fix Preview: Preview fixes before applying them
Batch Fixing: Fix all violations of the same type or all violations in a file
Sidebar Integration: Dedicated sidebar panel for managing violations
Requirements
Java 11 or higher (required for PMD)
VS Code 1.101.0 or higher
Installation
Install the extension from the VS Code marketplace
Ensure Java 11+ is installed and available in your PATH
Open an Apex (.cls) file to activate the extension
Usage
Running SCA Analysis
Open an Apex file (.cls)
Use the Command Palette (Ctrl+Shift+P) and run "Apex SCA Autofix: Run SCA Analysis"
Or right-click in the editor and select "Run SCA Analysis"
View violations in the sidebar panel
Fixing Violations
Fix Individual Violation: Click "Fix This Violation" button in the sidebar
Fix All of Same Type: Click "Fix All of This Type" button for a violation group
Fix All Violations: Click "Fix All Violations" button in the sidebar
Custom Rulesets
Use "Apex SCA Autofix: Select Custom Ruleset" command
Choose your custom PMD ruleset XML file
The extension will use your custom rules for future analyses
Fix Level Selection - supoorted in next relase
Use the checkboxes in the sidebar to select which violation levels to include:
Level 1 (Critical)
Level 2 (High)
Level 3 (Medium)
Level 4 (Low)
Level 5 (Info)
Supported Violations
Unused Variables/Imports
Automatically removes unused local variables
Removes unused import statements
Empty Catch Blocks
Adds appropriate logging statements to empty catch blocks
CRUD/FLS Violations
Adds Schema.sObjectType permission checks before DML operations
Inserts appropriate access checks for SOQL queries
Configuration
The extension includes a default PMD ruleset but supports custom rulesets. Place your custom ruleset XML file anywhere and select it using the "Select Custom Ruleset" command.
Known Limitations
CRUD/FLS fixes use simplified logic and may require manual adjustment
Complex code structures may need manual review after auto-fixing
The extension requires Java to be installed for PMD execution
Contributing
This extension is open source. Feel free to contribute improvements and additional auto-fixers.