Setting Up Code Scan Tools with Jenkins for Salesforce Development

For development teams focused on maintaining high code quality within Salesforce projects, integrating automated code scanning into your Continuous Integration (CI) pipeline is crucial. This guide outlines how to set up Jenkins to work seamlessly with code scan tools, specifically focusing on enhancing your workflow with tools like CodeScan. By automating code analysis, you can ensure consistent code quality, identify potential bugs early, and improve overall software reliability.

This tutorial assumes you have the following prerequisites in place:

• Jenkins Installation: You have a working Jenkins server environment.
• Jenkins Plugins: The Ant Plugin and Git Plugin are installed in your Jenkins instance. These plugins are essential for building and managing your Salesforce projects and interacting with code repositories.

Let’s walk through the steps to create a Jenkins project that leverages code scan tools to analyze your Salesforce code.

Creating a Jenkins Freestyle Project for Code Scanning

1. Initiate a New Freestyle Project:
   Begin by creating a new Freestyle project within your Jenkins dashboard. This project type offers the flexibility needed to configure our code scanning process.

2. Define Project Version Parameter:
   Add a String Parameter to your project configuration.

   • Name: sonar.projectVersion
   • Default Value: 1
     This parameter helps manage project versions within your code scanning tool, allowing you to track changes and improvements over time.

3. Salesforce Username Parameter:
   Incorporate another String Parameter to securely manage your Salesforce credentials.

   • Name: salesforce.username
   • Default Value: Enter your Salesforce username (e.g., [email protected]). Ensure this user has the necessary permissions to access the Salesforce organization you intend to scan.

4. Salesforce Password Parameter:
   Add a Password Parameter for secure password handling.

   • Name: salesforce.password
   • Default Value: Input your Salesforce password concatenated with your Salesforce security token (e.g., passwordsecuritytoken). Using a password parameter ensures that your credentials are encrypted within Jenkins.

5. Salesforce Instance URL Parameter:
   Configure a String Parameter to specify your Salesforce instance URL.

   • Name: salesforce.url
   • Default Value: Set to https://login.salesforce.com for production or https://test.salesforce.com for sandbox environments. This URL directs the code scan tool to the correct Salesforce instance.

6. Project Key Parameter for SonarQube:
   Define a String Parameter for your SonarQube project key.

   • Name: sonar.projectKey
   • Default Value: Set a unique project key, such as project1. This key identifies your project within SonarQube, allowing for proper result association.

7. Project Name Parameter for SonarQube Display:
   Include a String Parameter to name your project as it will appear in SonarQube.

   • Name: sonar.projectName
   • Default Value: Choose a descriptive name for your project, which will be displayed in the SonarQube interface.

8. SonarQube Host URL Parameter:
   Specify the URL for your SonarQube instance using a String Parameter.

   • Name: sonar.host.url
   • Default Value: Enter the URL of your SonarQube server. If running locally, the default is http://localhost:9000. This ensures Jenkins knows where to send the code analysis results.

9. Add the First Ant Build Step (Delete and Download):
   In the ‘Build’ section, click ‘Add Build Step’ and select ‘Invoke Ant’.

   • Targets: Enter deletesrc download. These Ant targets are custom commands defined within your antbuild.xml file to prepare the workspace and download necessary source code.
   • Build File: Specify the path to your antbuild.xml file. This file is typically located in the runner folder of your CodeScan installation (e.g., C:/great-tools/sonar-salesforce-plugin3.x/runner/antbuild.xml).
   • Properties: Add user.dir=${WORKSPACE}. This property sets the working directory for the Ant build to the Jenkins workspace.
   • Java Options: Leave this field blank for this step.

10. Add the Second Ant Build Step (Sonar Analysis):
    Add another ‘Invoke Ant’ build step.

    • Targets: Enter sonar. This target in antbuild.xml initiates the code analysis process using SonarQube.
    • Build File: Again, specify the path to your antbuild.xml file (e.g., C:/great-tools/sonar-salesforce-plugin3.x/runner/antbuild.xml).
    • Properties: Add user.dir=${WORKSPACE}.
    • Java Options: Include the path to your temporary directory (e.g., -Djava.io.tmpdir=C:\Users\some-guy\AppData\Local\Temp). Optionally, you can allocate memory for the Java process by adding -Xmx1024m to the end of the Java options field.

Once you have configured these steps, save your Jenkins project.

Running Your Code Scan and Viewing Results

Click ‘Build with Parameters’ to start the code analysis process. Jenkins will execute the defined Ant tasks, pulling your Salesforce code, running the code scan using the specified tool, and pushing the results to your SonarQube instance.

After the build completes successfully, you can access SonarQube to view the detailed analysis of your Salesforce code, including identified code smells, bugs, and security vulnerabilities. This integration allows for continuous monitoring of your code quality, directly within your CI/CD pipeline, fostering a proactive approach to code improvement and issue resolution.

By following these steps, you’ve successfully integrated code scan tools into your Jenkins pipeline, enhancing your Salesforce development process with automated code quality checks. This setup ensures that every code change is automatically assessed, contributing to more robust and reliable Salesforce applications.