For users on Gearset's Enterprise tier, Gearset also includes automatic analysis of any Apex code being deployed to check for issues such as security vulnerabilities, code complexity, class naming best practices, and more.
Configuring your static code analysis ruleset
Your Gearset team owner will be able to configure your static code analysis rules from the
Static code analysis rule sets page within the app (accessible via the menu on the left-hand side).
Rules are displayed categorically by type, such as "Security", “Complexity” and “Performance” rules. A short description of the rule lets you understand what that specific rule will analyze for within your code, allowing you to fine tune the code analysis to match your development process.
To enable or disable specific rules entirely, simply click on the toggle to turn the rule on and off.
You can choose how you want to define the severity of a rule if a violation should be detected. More serious violations can be categorized and flagged as an error, while others are simply tagged as warnings in the results summary.
For other categories such as "Complexity", you can specify not only how you would like the rule categorized, but also specific values to determine the precise level at which the rule will fire.
For example, for complexity rule
ExcessiveClassLength you can specify the maximum length of class that can be allowed. Here the maximum class length is set to 1,000 lines.
You can configure the levels to find the right balance between warnings and errors to meet your team's needs.
Manage which packages and classes to exclude from your code analysis
Within Gearset, team owners can also exclude specific packages and classes. Once you exclude a package or class, it’ll be entirely ignored by the code analysis results and won’t trigger any rule violations.
To select which packages and classes you’d like to exclude, first navigate to the same Code analysis settings page. Under Exclude packages and classes, click the cog icon.
Next, type in the package or class name you wish to exclude and click
Add to list. Any packages or classes you choose to exclude will then be visible on the Code analysis settings page.
Viewing the results of the static code analysis during a deployment
The analysis of your apex code happens in parallel with our existing problem analyzer process. If no issues with the deployment package or any Apex code being deployed are detected, Gearset will automatically take you straight to the deployment summary page where you can then proceed to validate or deploy your changes.
If any issues are detected, Gearset will display the detected rule violations and group them within the class that they belong to. You can use the menu items on the left to view specific categories of violations or use the free text filter to narrow down to a specific class.
For any violation detected, Gearset will tell you which line of code the issue begins on and provide a description so you can easily understand why issues have been flagged in your Apex. For more detailed information on each specific rule, just click on the name of the rule and you’ll be taken to the PMD library for a more in-depth look at the individual rule and its Java implementation.