CodeScan Plugin integration with Salesforce Sandbox

Written By: Mandar Gogate

# Need:-

Good quality code is a critical aspect of developing and maintaining a Salesforce organisation.

CodeScan is a plugin for SonarQube and runs over 160 different checks on your Apex and VisualForce code. We can control the quality of our Salesforce project and get straightforward, unbiased, real-time progress reports. Knowledge is security and with CodeScan, knowledge is always at your fingertips.

# Prerequisites:-

You have to make sure that Java 1.8+ is present on your system else install it.

# Steps:-

i) We’re going to use All-in-one CodeScan bundler for downloading,installing and configuring

  bundler. For that go to www.code-scan.com and click “Free 30 Day trial”. Then you will be

  directed to the next page as:-

The CodeScan Bundler packages all required processes into one easy to use download.

The bundler prepares the following environment:
a) SonarQube running on port 59001
b) Jenkins for running jobs on port 59003
c) CodeScan configured and guides you through the trial license setup
d) A pre configured Jenkins Template which will download your Salesforce code and analyse it for displaying SonarQube.

ii) Further use below link to download and run all required components in one. This will

   download  a .jar file named “codescan-bundler-3.7.5”    

   http://downloads.code-scan.com/codescan-bundler-3.7.5.jar

iii) Execute that .jar file by double clicking it and it will download ant,sonarqube,jenkins..etc as shown in below image. Please note that it’ll take some time to download all the prerequisites and setting up an environment. So wait till the downloading part gets over.

  

Meanwhile it’ll take you to the licensing page where we’ve to provide our details. After providing all the details click “Request Trial License” button and you will receive a mail which will contain license.

iv) Once the installation is completed we’ll get below interface for executing “Jenkins” and

    “SonarQube” like :-

v) Further run the sonarqube by clicking “Launch SonarQube” button and you’ll redirected to the sonarqube  page as :-

vi) Here click on the “Login” and you will again redirected to the Login Page where we’ve to provide  

    Username and password.By default username and password is “admin/admin”.

Once you logged in by using above credentials, you’ll get directed to the dashboard of Sonarqube.

vii) Next, run the jenkins by clicking “Launch Jenkins” button and you’ll redirected to the Jenkins page as:-

Here, we’ll find one by default configured parameterized project.

viii) Now it is always a good practise to create a new project as per our requirements by copying it from  

default project for further changes. For that :-

1. Go to New Item → Select Freestyle Project →  Enter Appropriate Project Name.
2. Further at bottom select drop down option in front of “copy from” and select “CodeScan Template - Salesforce Download”  and click “OK”.

c) Go to General section where we’ll find 7 parameters which needed to be passed with correct values.

  They’re namely :-

1. sonar.projectVersion
2. Salesforce.username
3. Salesforce.password
4. Salesforce.url
5. sonar.projectKey
6. sonar.projectName
7. sonar.host.url

d) Further we’ve to provide values to each above mentioned parameters.

# sonar.projectVersion:-

 It is used to provide a version to our project. By setting this value it is is easy to track them.

# Salesforce.username:-

Here we are going to provide username of our sandbox as we’re going to retrieve the code from our sandbox.

# Salesforce.password:-

     Similarly, provide password of the sandbox from which we’re going to retrieve our project code.

# Salesforce.url:-

   Here we’ve provided “https://test.salesforce.com” to URL value as we’re using sandbox credentials.

# sonar.projectKey :-

The project key that is unique for each project. The directory/folder where the project code will get downloaded will have same name.Here provide the name as per your requirement.

# sonar.projectName:-

Name of the project that will be displayed on the web interface which will be shown to us when we access our project via http://localhost:59001/projects  in browser. Provide an unique name for your project.

# sonar.host.url:-

Here we’ve to provide an URL which using which we’ll get access to our project via browser i.e “http://localhost:59001”.

e) Next in “Source Code Management” section select radio button “None” and in “Build Triggers” section leave it as it is without selecting any choices.

 

f) Further, in “Build” section we’ve to invoke ant and provide our antbuild.xml file to get invoked.

Here at first Ant ”Invokes” download of the code from salesforce and in the second part it’ll run the Sonar.

i) Provide Ant Version as “CodeScan Bundled Ant”

ii)In Targets provide “deletesrc” and “download”.

iii)In “Build File” provide whole path to our antbuild.xml file which will get executed by jenkins.

iv) In properties provide values “user.dir”={WORKSPACE} as our workespace.

v) Leave Java Options empty.

# For sonar provide :-

i) Provide Ant Version as “CodeScan Bundled Ant”

ii) In Targets provide “sonar”.

iii) In “Build File” provide whole path to our antbuild.xml file which will get executed by jenkins.

iv) In properties provide values “user.dir”={WORKSPACE} as our workspace.

v) In Java Options provide ”-Djava.io.tmpdir=C:\Users\Crevise\AppData\Local\Temp\ -Xmx512m”

g) At last leave “Post-build Actions” as it is without changing it.

Important files:-

There are couple of important files which are used throughout the project are:-

1. Antbuild.xml:-

This file will be used by ant for executing the job from jenkins or by CLI.

It has all the actions defined in it like “deletesrc”, “check-package.xml”, “download”.. etc which will get executed in certain sequence to accomplish the job.

   

2)  Package.xml:-

In this file we can define all the components that we want to retrieve from sandbox. This file will look like:-

   3) sonar-project.properties :-

This file will hold all the credentials for the salesforce like username,password,security token,project name, URL..etc.

Here please make sure that while providing values for “salesforce.password” we’ve to concatenate the password + security token and provide it combinely without any space.

4) After all the parameters and values are configured in Jenkins, Build the Job.

For that, Click the project → Select Build with Parameters → Here check all the passed values and click “Build”

5) Once the Job starts executing go to “Console Output” to check its details and wait till the job gets completely executed. At last we’ll notified once the job build successfully as below:-

6) When Job gets finished go to browser and open sonarqube and refresh the screen and there we’ll find our recently retrieved project. We will see detailed structure of it as per below:-

# CodeScan Home page:-

Here, we can see detailed code structure like Lines Of Code,Bugs,Vulnerabilities,Duplications..etc

# CodeScan Issues page:-

# CodeScan Maintainability page:-

# CodeScan Measure page:-

# CodeScan Security:-

# CodeScan Reliability:-