Static Code Analysis Overview

Updated 3 months ago by Copado Solutions

Static code analysis (SCA) allows you to detect code inefficiencies, errors and bad habits before they grow into expensive problems. You can use code analysis to automatically monitor developers’ code and enforce implementation best practices. Once you have the results, you can review them and prioritize rules depending on your business needs as well as decide whether code can be moved to an upper environment or not.

In Copado, you can use this powerful quality gate throughout the release management process with Copado Continuous Delivery and from different records such as Org Credential (Run static code analysis on all code across an org), User Story (on specific code added to a particular User Story) or Scheduled Job.

Copado currently uses two tools to perform code review:

  • PMD: PMD is an open source static code analysis tool. When using PMD with Copado, you can use the default RuleSet as well as contribute with your own custom rules.
  • CodeScan: CodeScan is a code quality tool for SonarQube that allows you to create custom rules, run tests during the night or create alerts with timelines to review changes over time. CodeScan provides a self-hosted, cloud product and plugin for multiple IDEs.
If you come from an old version of Copado and you are upgrading to Copado v12 or later, make sure you assign the CodeScan and PMD record types and the corresponding page layout assignments of the Static Code Analysis Settings, Static Code Analysis Results and Static Code Analysis Violations objects to the profiles or permission sets that are using static code analysis.

To get started with code analysis, check out the articles below:

If you are using PMD:

PMD SCA Settings

If you are using CodeScan:

CodeScan SCA Settings

How did we do?