Static code analysis (SCA) is a method developers use to detect errors and issues with their code - in our case, Apex. While nobody's opposed to improving the quality of their code, too often SCA tools generate long lists of code violation warnings that make it difficult for teams to focus on areas to improve, or even know what to start with!
Gearset's SCA feature already helps users to focus on specific problem areas in their codebase by allowing them to customize the rulesets that determine how code violations are displayed. We think it's much easier to start with the ruleset that matters most to you, and to track violations of important rules before expanding your ruleset once you get those violations under control. So we've added some user-friendly visualization to help you get a better overview of the quality of your code and track trends over time.
What's static code analysis?
The majority of Salesforce environments will include some customizations in the form of Apex classes. These Apex classes contain proprietary business logic and are integral to the functionality you expose to your Salesforce users. Given the importance of these customizations to your business processes, it's a good idea to to make sure that your Apex classes are well structured and working as intended. Having a full suite of tests is obviously key. But it's also important not to overlook the benefits of static analysis - there are lots of common defects that can be checked for and flagged automatically. Doing so can help you dramatically improve the quality of your codebase, and reduce the likelihood of show-stopping bugs.
As a developer, you can use SCA results to evaluate the quality of the code that you've written. If you're managing a team, you might use the SCA results as a way of checking that your developers are writing clean, good quality code. While some devs on your team probably run linters locally to check their code 'as they write', they could be checking against different sets of rules and standards.
One advantage of SCA is that you can specify which global quality standards you want the team to meet. Keeping track of possible security vulnerabilities is a further common use case for code analysis. For a more detailed overview of the benefits of using SCA, check out our whitepaper on Static code analysis for Apex.
Tracking trends in code violations
If you're working with a large codebase, it can be difficult to filter through and analyze a flood of code violation warnings. As any of us would do in this situation, you ignore the warnings - you know there are loads of violations, but you just don't have time to fix them all. Perhaps you're working with a large amount of legacy code - you're hardly going to stop what you're doing to refactor 100,000+ lines of code!
But that doesn't mean there's no point to checking your SCA results. Tracking trends in the quality of your code over time is a meaningful way to determine whether you're improving. In effect, tracking trends gives you a way to check that the new code you're adding meets your team's standards.
Customizing SCA rulesets
Gearset's SCA feature, which draws on the (awesome!) open source PMD code analyzer, helps team owners in our Enterprise tier to manage code quality by performing code analysis automatically during manual deployments and periodically in change monitoring jobs.
Gearset allows you to enable/disable individual SCA rules within the categories Design, Performance, Error Prone, Best Practices, Code Style, Security and Documentation. As part of each change monitoring run, Gearset uses SCA to check if any of the rules that you've enabled have been violated.
A graph that says it all
We decided to add more visualization to Gearset's SCA feature after recently asking for feedback from users. As the SCA results are stored on each change monitoring run, Gearset can show you a visual summary of the trends in your SCA results over time for each job. The code violations are presented in a graph and table like in this image:
We're hoping that the stacked graph showing the trends for each of the SCA categories gives you an easier way of seeing patterns and a better, more immediate idea of how well you're doing. To view the visual summary for one of your change monitoring jobs, select the relevant row on the Monitoring jobs page. Then click on the Static code visualization link that appears below it.
Improving the visuals
We're adding filters to the data behind the graphs, so that you only see the violations for rules and categories you care about. For each change monitoring job that you run, we're planning to make it possible for you to enable/disable individual SCA rules. But as our work on the visualization is still ongoing, we'd very much welcome your suggestions. Would you like to run static code analysis jobs separately from change monitoring? What code violations do you want to know about at all costs? We'd love to hear your thoughts.
Want to know more about SCA?
Static code analysis is part of the Gearset Enterprise subscription. If you're on the Pro tier and would like to try it out, please get in touch via the live in-app chat or at [email protected] for a free trial of the Enterprise tier. Alternatively, you can leave us a feature request on our feedback forum.