Key software abilities and qualities comprise of the following properties: availability, reliability, safety, integrity and maintainability. Thus, the implementation of a profound code analysis technique contributes highly to assuring code quality and reliability by checking if recommended or common programming practices are violated.

Meaningful Software Metrics are needed to point out weaknesses in code and to improve overall quality. Examples are:

  • Code Complexity Measures (e.g. Lines of Code, Nesting Level, Code Clones)
  • Dynamic Related Measures (e.g. Code Coverage, Bugs per Line of Code, Feature Usage)
  • Organizational Measures (e.g. Number of Engineers, Edit Frequency)

For Saleforce Apex, the freeware PMD is a recommended tool to carry out Static Code Analysis. It provides an easy to use Plug-in for Eclipse and comes with a prebuilt ruleset which is deployable right after installation:

ApexUnit:        These rules deal with different problems that can occur with Apex unit tests. (Rules: ApexUnitTestClassShouldHaveAsserts, ApexUnitTestShouldNotUseSeeAllDataTrue)

Braces:            The Braces ruleset contains rules regarding the use and placement of braces. (Rules: IfStmtsMustUseBraces, WhileLoopsMustUseBraces, IfElseStmtsMustUseBraces, ForLoopsMustUseBraces)

Complexity:    The Complexity ruleset contains rules that find problems related to code size or complexity. (Rules: AvoidDeeplyNestedIfStmts, ExcessiveParameterList, ExcessiveClassLength, NcssMethodCount, NcssTypeCount, NcssConstructorCount, StdCyclomaticComplexity, TooManyFields, ExcessivePublicCount)

Performance: The Performance ruleset contains a collection of good practices which should be followed. (Rules: AvoidSoqlInLoops, AvoidDmlStatementsInLoops)

Security:          These rules deal with different security problems that can occur within Apex. (Rules: ApexSharingViolations, ApexOpenRedirect, ApexInsecureEndpoint, ApexXSSFromURLParam, ApexXSSFromEscapeFalse, ApexBadCrypto, ApexCSRF, ApexSOQLInjection, ApexCRUDViolation, ApexDangerousMethods, ApexSuggestUsingNamedCred)

The rules are coded in Java or in XPath, are open source and therefore can be enhanced further with own rulesets. Sourceforce suggests using XPath and the PMD Designer, a simple and useful utility runnable from a script in bin, to create rules. However, the capabilities to write XPath rules for Apex are very limited in comparison e.g. to Java due to limited AST Compilation Units that exist. A ruleset can be imported into Eclipse and also exported to be modified. The xml file structure to be used looks like this, but it can also contain multiple rules:

In Eclipse, the violation of rules is shown via arrows at the beginning of each line of code. The arrows may have different colors to demonstrate priority. Pop-ups give the according description of violation occurring.

General information on PMD and the rules available for APEX: