npx claudepluginhub bhanu91221/claude-sfdx-iq --plugin claude-sfdx-iqRun PMD static analysis (via Salesforce Code Analyzer) on Apex classes and triggers to detect code quality issues.
Check tool availability
sf scanner --versionsf plugins install @salesforce/sfdx-scannerDetermine scan scope
.cls and .trigger files in the project--file specified, scan only that file--changed-only, scan only files changed in git: git diff --name-only --diff-filter=ACM HEADRun the scanner
sf scanner run \
--target "force-app/**/*.cls,force-app/**/*.trigger" \
--engine pmd \
--format json \
--severity-threshold 3
Parse and categorize results Map PMD severity to action level:
| PMD Severity | Level | Action |
|---|---|---|
| 1 (Blocker) | 🔴 CRITICAL | Must fix before commit |
| 2 (Critical) | 🟠HIGH | Must fix before PR |
| 3 (Major) | 🟡 MEDIUM | Should fix |
| 4 (Minor) | 🔵 LOW | Nice to have |
| 5 (Info) | ⚪ INFO | Informational |
Report findings Group by file, then severity:
AccountService.cls:
🔴 Line 42: Avoid SOQL queries inside loops (ApexCRUDViolation)
🟡 Line 15: Method 'processRecords' has cyclomatic complexity of 12 (CyclomaticComplexity)
Suggest fixes For each finding, provide a concrete fix suggestion based on the rule violated.
| Rule | What It Catches |
|---|---|
ApexCRUDViolation | Missing CRUD/FLS checks |
AvoidSoqlInLoops | SOQL inside for loops |
AvoidDmlStatementsInLoops | DML inside for loops |
CyclomaticComplexity | Methods too complex (>10 paths) |
ApexUnitTestClassShouldHaveAsserts | Test methods without assertions |
ApexUnitTestShouldNotUseSeeAllDataTrue | Tests using SeeAllData=true |
AvoidHardcodingId | Hardcoded Salesforce record IDs |
| Flag | Description |
|---|---|
--file | Scan specific file only |
--changed-only | Scan only git-changed files |
--severity | Minimum severity (1-5, default: 3) |
--ruleset | Custom PMD ruleset XML file path |
/pmd-scan
/pmd-scan --file force-app/main/default/classes/AccountService.cls
/pmd-scan --changed-only --severity 2