General approach to identifying code issues We’re much closer to bridging the gap between violations found locally versus what can be detected only during the AppExchange Security Review process. Copy-Paste Detector (CPD), which helps you detect large blocks of copy and pasted code, and also reminds you when your code is past due for refactoring.
RetireJS, which notifies you when your solution’s JavaScript dependency versions have known security vulnerabilities.In addition to PMD and ESLint, Code Analyzer now supports: In this blog post, we’re excited to share a preview of its great new features! What’s new in 3.x We’re now ready to launch Code Analyzer version 3.x, which brings together multiple open-source static application security testing (SAST) tools to help you write secure and clean code. It’s hard to believe, but it’s been two years since we shared the 2.0 release of our in-house, open-sourced, code quality and security tool, Salesforce Code Analyzer (originally named Salesforce CLI Scanner).
