Pipeline Operation: PMD Code Scan

The Code Scan operation analyzes your Salesforce metadata to identify code quality issues before deployment. It ensures that Apex classes, triggers, and components meet defined coding standards and thresholds.

This operation uses Apex PMD for static analysis and reports issues by severity (Blocker, Critical, Major, Minor, Info). The scan results are displayed in the pipeline job logs and can also be reviewed in detail through the Code Scan Result page.

Configuration Options

When creating or editing a pipeline step, configure the following:

• Name: Any descriptive label (e.g., PMD CodeScan).

• Operation: Code Scan.

• Check type: Apex PMD.

• Description: Short summary of what this scan performs (e.g., Running CodeScan PMD).

• Severity threshold: Defines the minimum severity level that will cause a failure (Blocker, Critical, Major, Minor, Info).

• Next step (On pass / On fail): Choose what the pipeline does next if the scan passes or fails.

Creating a Code Scan Step

1. Go to Pipelines → Create or Edit an existing pipeline.

2. Click the + icon between Start and Stop.

3. In the configuration panel, set the following fields:

   • Name: PMD CodeScan

   • Operation: Code Scan

   • Check Type: Apex PMD

   • Description: Running CodeScan PMD

   • Severity Threshold: Info

   • Next Step: On pass → Stop, On fail → Stop

4. Click Add to save the configuration.

Your pipeline now includes a Code Scan step, as shown below:

Running a Pipeline

1. Click Run Pipeline from the top-right corner.

2. The Code Scan operation executes automatically on all Apex classes and triggers in your connected branch.

3. A real-time banner appears showing the current status (In Progress, Completed, or Exception).

4. When finished, the job status appears as:

   • Completed: No violations found above the threshold.

   • Exception: Violations detected beyond the selected severity.

Viewing Results

After execution, navigate to Code → Branch → Activities → Pipelines.

Each job shows key details such as:

• Type: Code Scan

• Status: Completed / Exception

• Duration: Total runtime

• Created By: User who initiated the scan

Click the job name to open detailed logs.

Logs and Exceptions

When viewing a failed or completed job, select the PMD CodeScan step to review its output.

The log includes:

• Code Analyzer started

• Salesforce project retrieved

• Analysis completed

• Result summary by severity

Example log output:

[Info] Job started  
[Info] Retrieve Salesforce project started  
[Info] Retrieve Salesforce components completed  
[Info] Code analyzer started  
[Info] Code analyzer completed  
[Error] Job failed: Code scan exceeded allowed threshold

Code Scan Result Page

When you click See result, the system redirects to the Code Scan Result page showing a visual summary of issues grouped by severity:

• Critical – Must-fix issues that block deployment

• High / Medium – Warnings for potential problems

• Low / Minor – Informational or stylistic issues

Each file lists the number of issues and their categories (e.g., performance, security, maintainability).

Example:

Files scanned:

• force-app/main/default/classes/RevvyDemo.cls – 9 issues

• force-app/main/default/classes/RevvyDemoTest.cls – 10 issues

File-Level Result View

Clicking a file name (e.g., RevvyDemo.cls) opens a line-level detail view showing every violation with rule, message, and location.

For each issue, the following information is displayed:

• Rule: The PMD rule violated (e.g., ApexDoc).

• Message: Description of the violation (e.g., Missing ApexDoc @description).

• Line / Column: Exact location of the issue in the source file.

Best Practices

• Run Code Scans automatically before every deployment.

• Set severity thresholds based on CI/CD rules (e.g., fail on Critical).

• Regularly review the Code Scan Result and fix recurring issues.

• Combine Code Scan with Manual Step for review and approval before production.

• Maintain consistent rule configurations across all environments.