Run CodeScan or SonarQube jobs from sfdx
To install the plugin use sfdx plugins:install sfdx-codescan-plugin.
You'll be prompted that this plugin is not signed by Salesforce, type y to continue.
Check the installation using sfdx plugins.
- Use
sfdx help codescan:runto view a list of parameters and flags. - Visit Autorabit Knowledgebase for more information.
$ sfdx codescan:run [name=value...] [-s <string>] [-o <string>] [-k <string>] [-t <string>] [-u <string>] [-p
<string>] [--noqualitygate] [--javahome <string>] [--nofail] [--qgtimeout <integer>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-k, --projectkey=projectkey sonar.projectKey - the project key
to create.
-o, --organization=organization CodeScan Organization Id. Only
required when connecting to CodeScan
Cloud
-p, --password=password SonarQube password (token is
preferred)
-s, --server=server SonarQube server. Defaults to
CodeScan Cloud
(https://app.codescan.io)
-t, --token=token SonarQube token (preferred)
-u, --username=username SonarQube username (token is
preferred)
--javahome=javahome JAVA_HOME to use
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
--nofail Don't fail if sonar-scanner fails
--noqualitygate Don't wait until the SonarQube
background task is finished and
return the build Quality Gate
--qgtimeout=qgtimeout Timeout in seconds to wait for
Quality Gate to complete (default
300)
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key
$ sfdx codescan:run --token <token> --projectkey my-project-key --organization my-org-key -Dsonar.verbose=true
-D can be used for passing any sonar-scanner definition
-X will be passed as a jvm arg
$ sfdx codescan:run ... -X
Verbose output