Automated Code Reviews helps you identify, block and fix security and quality issues across code and configuration in Pull Requests (PRs) in your pipeline. It does this with a configurable ruleset, aligned to Salesforce's Well-Architected framework and OWASP top 10 vulnerabilities.
β
Getting setup with Automated Code Reviews
Depending on your VCS provider, you can get started either directly in Pipelines or through the Code Reviews app:
For Github and Github Enterprise Cloud, you can configure this directly in Pipelines following the steps below.
For all other providers, please follow the setup instructions here. Once complete, you will get quality & security scanning on new PRs in your Pipeline.
Automated Code Reviews is currently available only on team-shared pipelines.
To enable Automatic Code Reviews, go to your Pipeline and open an existing PR. Open see the Automated Code Reviews section and click Get Started. This will create your Code Reviews workspace and kick off a one-time baseline scan of your repository.
One-time baseline scan: Code Reviews needs to do a single baseline scan before it can start giving you feedback on PRs. This initial scan will start automatically and might take a while depending on how big your repository is. We'll send an email and an in-product notification when it's done and ready to go, so you don't need to wait for this to complete.
How it works
Once the baseline scan has finished, Code Reviews will automatically scan any new PRs - or any new commits to PRs - that you promote to your chosen pipelines environment. When it's done, you'll see a summary of any issues found.
Automated Code Review
You'll see a quick overview of the scan on the pipelines environment screen. This shows you the total number of issues found in each PR, broken down by Critical, Error, and Warning.
Want to see more details? Just click the View report button. That'll take you to a new screen with a full list of everything the scan found.
A closer look at the scan
This new screen in pipelines gives you a list of every issue found in the PR, grouped by the rules they relate to. You can expand a rule to see the individual issues, and clicking on an issue shows you a preview of where it is in the code.
To narrow down the list, use the filters on the left side of the screen. You can filter by severity level to show just the issues that matter most to you.
Need to see even more? You can always visit the main Code Reviews app for the full picture. Just click View in app to open that in a new tab.
For further reading on understanding scan results in the Code Reviews app read this guide.
How to dismiss issues
You can dismiss issues by clicking on the Dismiss button and you'll then be able to select which issues you'd like to dismiss:
Once the issue has been selected, click on Dismiss issues , select the reason for dismissal from the drop down menu and then click again on Dismiss issues to confirm your action.
Once this is done, you should see the issue disappearing from your PR scan results.
How to create an Autofix PR
You can click on Autofix to see the list of rules available for auto fix.
Select the rule and then click on Create Autofix PR . You'll then see the summary of the rules and issues that will be fixed:
If everything looks good, you can go ahead to Create Autofix PR.
The Autofix PR will then be generated and you'll see an Autofix Bot icon in pipelines next to your original developer sandbox. You can click on it to check its details and Apply fixes:
For more info about how the Autofix in pipelines work read this guide.