Friday, 7 July 2017

CodeScan Plugin integration with Salesforce Sandbox

Written By: Mandar Gogate

# Need:-
Good quality code is a critical aspect of developing and maintaining a Salesforce organisation.
CodeScan is a plugin for SonarQube and runs over 160 different checks on your Apex and VisualForce code. We can control the quality of our Salesforce project and get straightforward, unbiased, real-time progress reports. Knowledge is security and with CodeScan, knowledge is always at your fingertips.

# Prerequisites:-
You have to make sure that Java 1.8+ is present on your system else install it.

# Steps:-

i) We’re going to use All-in-one CodeScan bundler for downloading,installing and configuring
  bundler. For that go to and click “Free 30 Day trial”. Then you will be
  directed to the next page as:-

The CodeScan Bundler packages all required processes into one easy to use download.
The bundler prepares the following environment:
a) SonarQube running on port 59001
b) Jenkins for running jobs on port 59003
c) CodeScan configured and guides you through the trial license setup
d) A pre configured Jenkins Template which will download your Salesforce code and analyse it for displaying SonarQube.
ii) Further use below link to download and run all required components in one. This will
   download  a .jar file named “codescan-bundler-3.7.5”    

iii) Execute that .jar file by double clicking it and it will download ant,sonarqube,jenkins..etc as shown in below image. Please note that it’ll take some time to download all the prerequisites and setting up an environment. So wait till the downloading part gets over.


Meanwhile it’ll take you to the licensing page where we’ve to provide our details. After providing all the details click “Request Trial License” button and you will receive a mail which will contain license.

iv) Once the installation is completed we’ll get below interface for executing “Jenkins” and
    “SonarQube” like :-

v) Further run the sonarqube by clicking “Launch SonarQube” button and you’ll redirected to the sonarqube  page as :-

vi) Here click on the “Login” and you will again redirected to the Login Page where we’ve to provide  
    Username and password.By default username and password is “admin/admin”.

Once you logged in by using above credentials, you’ll get directed to the dashboard of Sonarqube.

vii) Next, run the jenkins by clicking “Launch Jenkins” button and you’ll redirected to the Jenkins page as:-

Here, we’ll find one by default configured parameterized project.

viii) Now it is always a good practise to create a new project as per our requirements by copying it from  
default project for further changes. For that :-

  1. Go to New Item → Select Freestyle Project →  Enter Appropriate Project Name.
  2. Further at bottom select drop down option in front of “copy from” and select “CodeScan Template - Salesforce Download”  and click “OK”.

c) Go to General section where we’ll find 7 parameters which needed to be passed with correct values.
  They’re namely :-

  1. sonar.projectVersion
  2. Salesforce.username
  3. Salesforce.password
  4. Salesforce.url
  5. sonar.projectKey
  6. sonar.projectName

d) Further we’ve to provide values to each above mentioned parameters.
# sonar.projectVersion:-

 It is used to provide a version to our project. By setting this value it is is easy to track them.

# Salesforce.username:-

Here we are going to provide username of our sandbox as we’re going to retrieve the code from our sandbox.

# Salesforce.password:-

     Similarly, provide password of the sandbox from which we’re going to retrieve our project code.

# Salesforce.url:-
   Here we’ve provided “” to URL value as we’re using sandbox credentials.

# sonar.projectKey :-

The project key that is unique for each project. The directory/folder where the project code will get downloaded will have same name.Here provide the name as per your requirement.
# sonar.projectName:-
Name of the project that will be displayed on the web interface which will be shown to us when we access our project via http://localhost:59001/projects  in browser. Provide an unique name for your project.

Here we’ve to provide an URL which using which we’ll get access to our project via browser i.e “http://localhost:59001”.

e) Next in “Source Code Management” section select radio button “None” and in “Build Triggers” section leave it as it is without selecting any choices.

f) Further, in “Build” section we’ve to invoke ant and provide our antbuild.xml file to get invoked.
Here at first Ant ”Invokes” download of the code from salesforce and in the second part it’ll run the Sonar.
i) Provide Ant Version as “CodeScan Bundled Ant”
ii)In Targets provide “deletesrc” and “download”.
iii)In “Build File” provide whole path to our antbuild.xml file which will get executed by jenkins.
iv) In properties provide values “user.dir”={WORKSPACE} as our workespace.
v) Leave Java Options empty.

# For sonar provide :-
i) Provide Ant Version as “CodeScan Bundled Ant”
ii) In Targets provide “sonar”.
iii) In “Build File” provide whole path to our antbuild.xml file which will get executed by jenkins.
iv) In properties provide values “user.dir”={WORKSPACE} as our workspace.
v) In Java Options provide ”\Users\Crevise\AppData\Local\Temp\ -Xmx512m”

g) At last leave “Post-build Actions” as it is without changing it.
Important files:-
There are couple of important files which are used throughout the project are:-
  1. Antbuild.xml:-
This file will be used by ant for executing the job from jenkins or by CLI.
It has all the actions defined in it like “deletesrc”, “check-package.xml”, “download”.. etc which will get executed in certain sequence to accomplish the job.
2)  Package.xml:-
In this file we can define all the components that we want to retrieve from sandbox. This file will look like:-

   3) :-
This file will hold all the credentials for the salesforce like username,password,security token,project name, URL..etc.
Here please make sure that while providing values for “salesforce.password” we’ve to concatenate the password + security token and provide it combinely without any space.
4) After all the parameters and values are configured in Jenkins, Build the Job.
For that, Click the project → Select Build with Parameters → Here check all the passed values and click “Build”

5) Once the Job starts executing go to “Console Output” to check its details and wait till the job gets completely executed. At last we’ll notified once the job build successfully as below:-
6) When Job gets finished go to browser and open sonarqube and refresh the screen and there we’ll find our recently retrieved project. We will see detailed structure of it as per below:-
# CodeScan Home page:-
Here, we can see detailed code structure like Lines Of Code,Bugs,Vulnerabilities,Duplications..etc

# CodeScan Issues page:-
# CodeScan Maintainability page:-

# CodeScan Measure page:-

# CodeScan Security:-

# CodeScan Reliability:-


  1. Replies
    1. Great Article android based projects

      Java Training in Chennai

      Project Center in Chennai

      Java Training in Chennai

      projects for cse

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a Java developer learn from Java Training in Chennai. or learn thru Java Online Training from India . Nowadays Java has tons of job opportunities on various vertical industry.

  3. Thanks for sharing this useful post; Actually Salesforce crm cloud application provides special cloud computing tools for your client management problems. It’s a fresh technology in IT industries for the business management.
    Salesforce Training|Salesforce Course in Chennai

  4. Hmm, it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well as an aspiring blog writer, but I’m still new to the whole thing. Do you have any recommendations for newbie blog writers? I’d appreciate it.
    Advanced AWS Training in Bangalore | Best Amazon Web Services Training Institute in Bangalore
    Advanced AWS Training Institute in Pune | Best Amazon Web Services Training Institute in Pune
    Advanced AWS Online Training Institute in india | Best Online AWS Certification Course in india
    AWS training in bangalore | Best aws training in bangalore

  5. Very nice post here and thanks for it .I always like and such a super contents of these post.Excellent and very cool idea and great content of different kinds of the valuable information's. 
    microsoft azure training in bangalore
    rpa training in bangalore
    best rpa training in bangalore
    rpa online training

  6. Excellent blog, I wish to share your post with my folks circle. It’s really helped me a lot, so keep sharing post like this
    Best Devops online Training
    Online DevOps Certification Course - Gangboard

  7. Well somehow I got to read lots of articles on your blog. It’s amazing how interesting it is for me to visit you very often.
    Python Online certification training
    python Training institute in Chennai
    Python training institute in Bangalore

  8. This concept is a good way to enhance the knowledge.thanks for sharing. please keep it up salesforce certification

  9. This group will naturally embrace the new training they will soon receive, and will demonstrate to others in your company the results that can be achieved with the right development. Salesforce training in Chennai


Amazon EKS - Kubernetes on AWS

By Komal Devgaonkar Amazon Elastic Container Service for Kubernetes (Amazon EKS), which is highly available and scalable AWS service....