Skip to end of metadata
Go to start of metadata

Could not retrieve - Page not found.


SonarApex detects bugs, vulnerabilities and code smells in Apex code.

Additionally, coverage reports for Salesforce DX projects generated with Salesforce CLI can be imported. Users of PMD Apex can also optionally import its findings in SonarQube .

First Analysis of an Apex Project

  1. Install SonarQube Server (see Setup and Upgrade for more details)
  2. Install SonarQube Scanner and be sure your can call sonar-scanner from the directory where you have your source code
  3. Install SonarApex (see Installing a Plugin for more details)
  4. Run your analysis with the SonarQube Scanner by executing the following command from the root directory of the project:

    sonar-scanner -Dsonar.projectKey=xxx -Dsonar.sources=.
  5. Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI

Further Analyses

Assuming steps 1-3 above have already been completed, you'll want to encapsulate your analysis parameters in a file at the root of your project (see a sample project on GitHub: Then subsequent analyses can simply be run with:


Advanced Usage

With SonarApex, you can also:

  • No labels