sfdx-codescan-plugin
Advanced tools
Run CodeScan or SonarQube jobs from sfdx
To install the plugin use sfdx plugins:install sfdx-codescan-plugin.
You'll be prompted that this plugin is not signed by Salesforce, type y to continue.
Check the installation using sfdx plugins.
sfdx help codescan:run to view a list of parameters and flags. $ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p
<string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-k, --projectkey=projectkey sonar.projectKey - the project key
to create.
-o, --organization=organization CodeScan Organization Id. Only
required when connecting to CodeScan
Cloud
-p, --password=password SonarQube password (token is
preferred)
-s, --server=server SonarQube server. Defaults to
CodeScan Cloud
(https://app.codescan.io)
-t, --token=token SonarQube token (preferred)
-u, --username=username SonarQube username (token is
preferred)
--javahome=javahome JAVA_HOME to use
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
--nofail Don't fail if sonar-scanner fails
--noqualitygate Don't wait until the SonarQube
background task is finished and
return the build Quality Gate
--qgtimeout=qgtimeout Timeout in seconds to wait for
Quality Gate to complete (default
300)
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key -Dsonar.verbose=true
-D can be used for passing any sonar-scanner definition
-X will be passed as a jvm arg
$ sfdx codescan:run ... -X
Verbose output
FAQs
Run CodeScan or SonarQube jobs from sfdx
The npm package sfdx-codescan-plugin receives a total of 597 weekly downloads. As such, sfdx-codescan-plugin popularity was classified as not popular.
We found that sfdx-codescan-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."