Last Updated on March 22, 2022 by Rakesh Gupta
Salesforce.com Inc. is a global cloud computing company headquartered in San Francisco, California. Salesforce.com is best known for its customer relationship management (CRM) products like Sales Cloud, Service Cloud, Chatter, etc. These days companies are using it to streamline their Sales or service process.
To Implement Salesforce sometimes does require writing Apex and Lightning Web Component code. In this article, I will discuss how a customer, Project manager, administrator, and developer make sure whether the code written for their uses are followed the Apex coding standard as well as avoid vulnerabilities Security issues. This article will also help Salesforce ISV partners to ensure that the app they are developing for AppExchange will pass a security review in the first attempt. Below are a few ways to review/scan the code
- Peer reviewing
- Hire a technical expert for code review
- Use some automated tool like Checkmarx
Now follow the below instruction to use Ckeckmarx
Create Checkmarx account
It’s very easy to create a Checkmarx account, to do that open the link on your browser and then click on the Signup link as shown in the following screenshot
To know more about enterprise use and pricing contact Checkmarx Sales representative.
How to Use Checkmarx
To use this app follow the below instructions
- Click on Create New Project button as shown in the following screenshot
- It will redirect you to a new window where you have to enter new project details (like Name. Scan Type etc) and click on the Next button
- On the next screen you will get the option to select your source code origin, In this demo, I will upload code in the zip file and click on Next as shown in the following screenshot
Note:- Zip file contains nothing but all code that you want to scan.
- On the next screen select the zip file and click on the Scan button to start the scan process.
- As soon as the scan is completed click on View Results link to view details, take help from the following screenshot
- On the detail results page, you will get options to open code viewer by clicking on the button Open Code Viewer, You will also get options to Delete Scan Details and Export options. You will also get the number of risks in this example #8 and other details like Start date, end date Scan risk, etc under the Scan Details section.
- Click on Export Report link and select PDF full to download the result in PDF format, so you can share this detailed result with your developer, customers, etc.
- PDF will contain a Detailed Vulnerability Description.
This tool is user-friendly and easy to use. If you are a project manager or system administrator and someone asks you to review code don’t get tens to use this tool #Adminrock 🙂
You can also use the Force.com Security Source Code Scanner tool powered by Checkmarx, It’s a free web-based tool. It’s required only Salesforce user name ( User must have Author Apex permission and The organization must contain less than 500,000 lines of code).
For the same source organization/username, scans will be automatically rejected if a scan request was submitted in the last 2hours or there is an outstanding scan request in the queue. For automated submissions of scans, please do not scan the same organization more than twice per week. If you want to run your own scanner then contact Checkmarx to purchase a license.
I want to hear from you!
What is one thing you learned from this post? How do you envision applying this new knowledge in the real world? Feel free to share in the comments below.