sfdx-codescan-plugin
Advanced tools
Run CodeScan or SonarQube jobs from sfdx
$ npm install -g sfdx-codescan-plugin
$ sfdx COMMAND
running command...
$ sfdx (-v|--version|version)
sfdx-codescan-plugin/1.0.1 linux-x64 node-v8.11.3
$ sfdx --help [COMMAND]
USAGE
$ sfdx COMMAND
...
sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p <string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]runs a SonarQube analysis
USAGE
$ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p
<string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-k, --projectkey=projectkey sonar.projectKey - the project key
to create
-o, --organization=organization CodeScan Organization Id. Only
required when connecting to CodeScan
Cloud
-p, --password=password SonarQube password (token is
preferred)
-s, --server=server SonarQube server. Defaults to
CodeScan Cloud
(https://app.codescan.io)
-t, --token=token SonarQube token (preferred)
-u, --username=username SonarQube username (token is
preferred)
--javahome=javahome JAVA_HOME to use
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
--nofail Don't fail if sonar-scanner fails
--noqualitygate Don't wait until the SonarQube
background task is finished and
return the build Quality Gate
--qgtimeout=qgtimeout Timeout in seconds to wait for
Quality Gate to complete (default
300)
EXAMPLES
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key -Dsonar.verbose=true
-D can be used for passing any sonar-scanner definition
-X will be passed as a jvm arg
$ sfdx codescan:run ... -X
Verbose output
See code: src/commands/codescan/run.ts
We recommend using the Visual Studio Code (VS Code) IDE for your plugin development. Included in the .vscode directory of this plugin is a launch.json config file, which allows you to attach a debugger to the node process when running your commands.
To debug the hello:org command:
If you linked your plugin to the sfdx cli, call your command with the dev-suspend switch:
$ sfdx hello:org -u myOrg@example.com --dev-suspend
Alternatively, to call your command using the bin/run script, set the NODE_OPTIONS environment variable to --inspect-brk when starting the debugger:
$ NODE_OPTIONS=--inspect-brk bin/run hello:org -u myOrg@example.com
FAQs
Run CodeScan or SonarQube jobs from sfdx
The npm package sfdx-codescan-plugin receives a total of 547 weekly downloads. As such, sfdx-codescan-plugin popularity was classified as not popular.
We found that sfdx-codescan-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.