README
¶
pmd-apex analyzer
pmd-apex performs SAST scanning on repositories containing code written for Apex projects.
The analyzer wraps pmd, a static code analyzer utilizing its Apex security rules, and is written in Go. It's structured similarly to other Static Analysis analyzers because it uses the shared command package.
The analyzer is built and published as a Docker image in the GitLab Container Registry associated with this repository. You would typically use this analyzer in the context of a SAST job in your CI/CD pipeline. However, if you're contributing to the analyzer or you need to debug a problem, you can run, debug, and test locally using Docker.
For instructions on local development, please refer to the README in Analyzer Scripts.
Using the analyzer
This analyzer looks for two specific files to determine if it should run against a repository.
sfdx-project.json- If this file exists, the analyzer will match and scan the project.
package.xml- If this file contains any nodes containing
<name>ApexClass</name>, the analyzer will match and scan the project.
- If this file contains any nodes containing
Versioning and release process
Please check the versioning and release process documentation.
Contributing
Contributions are welcome, see CONTRIBUTING.md for more details.
License
This code is distributed under the MIT Expat license, see the LICENSE file.
Documentation
¶
There is no documentation for this package.
Source Files
Directories