Apex Code Quality Tools for Force.com

This guide will get a fully functional 30 day Multi-Sandbox evaluation version of the enterprise CodeScan running on your own server.

For more information about Multi-Sandbox and Single-Sandbox licences, visit the FAQ.

If you want to use our quickstart bundler please go to our bundler instructions page.


  • Ant 1.9+
  • SonarQube (recommended version: 5.6)
  • Java 8+ (1.8+)
  • Windows / Mac / Linux


  • Download the latest version from here
  • Extract the zip file. It contains the SonarQube plugin and an ant based tool to run an analysis with.

Plugin installation

  • Delete any existing salesforce plugins from your installation
  • Copy sonar-salesforce-plugin-XXX.jar into your SonarQube installation at /extensions/plugins/

Note: you may need to edit /runner/antbuild.xml if appropriate

For more instructions on how to setup the SonarQube ant plugin, see https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Ant you should check the steps that the ant script takes are appropriate for your requirements.

Configure the CodeScan license:

SonarQube version after 6.2:

  • When you receive your license, enter it by logging into SonarQube and go to Administrator at the top right again then click on Configuration then Licenses
  • Click Update next to the ‘CodeScan license’
  • Currently you may receive the following message. If the Product or Server is red then you can safely ignore this error

SonarQube version before 6.2:

  • When you receive your license, enter it by logging into SonarQube and go to Administrator at the top right again then click on ‘General Settings’ on the right
  • Click on CodeScan (Salesforce in older versions) on the list of Categories
  • Enter your license in the text box labeled ‘sf.license.secured’
  • Click save at the bottom of the page

Setting up a project

  • Create a copy of the ‘sonar-project-template’ folder in the runner directory of this folder and put it in the same project. Let’s call it /runner/my-project
  • Set sonar.projectKey=myproject
  • Set sonar.projectName=My Project
  • Set salesforce.username and salesforce.password to your salesforce username/password(plus token). This is not necessary if you want to analyse static content (see running offline). Please use a system administrator user profile for this otherwise you may experience strange errors when downloading the code or executing tests.
  • Open a command prompt and navigate into /runner/my-project
  • Run this command. See Ant Configuration for a list of default commands
    ant -f ../antbuild.xml analyse

NOTE: If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the sonar.forceAuthentication property is set to true), the credentials of a user having been granted Execute Analysis permission have to be provided through the sonar.login and sonar.password properties.

Having trouble?

  • Read the tutorials
  • Check the troubleshooting section
  • Find information in the other resources section
  • Contact support
CodeScan documentation

Copyright © Village Chief Pty Ltd – 2014-2017. ABN: 11 153 295 571