date: 2018-05-03 linktitle: Scanning from SFDX menu: onprem: parent: tutorials notoc: true title: Scanning from SFDX weight: 119 description: This is a guide to setting up CodeScan to scan your SFDX projects. layout: onprem — –>

Scanning SFDX Projects

Currently, scanning SFDX projects is a little different than scanning code from your Salesforce Org.
This guide will run you through the steps to get this set up.

Prerequisites

• CodeScan version 4.0.9+
• SFDX Project

Setup

• We need the access token from SFDX. this can be fetched using: sfdx force:org:display -u TARGETUSERNAME --json >somewhere.safe.oauth.json

• Next we need to create/edit a config file for the project.

  • This file should be called sonar-project.properties and be placed in the directory you’ll run the codescan job from.
  • The contents should be minimal, but can include any other standard analysis parameter. The basic contents should be as follows:

    # A typical sonar.project.properties file
      sonar.projectKey=my-project
      sonar.projectName=My Project
      codescan.oauthFile=somewhere.safe.oauth.json

• Now run the analysis with: ant -f /path/to/codescan/antbuild.xml sonar

• If all goes according to plan, you will see your project appear on your SonarQube dashboard.

Please Note

The oauth refresh token can’t be used so any long-running unit testing may fail. You can run the tests through another mechanism if the oauth credentials are likely to time out - and then add “sf.testmode=history” to the sonar-project.properties file to only fetch the coverage data, rather than running the unit tests.