Configuring static code analysis

Gearset's automatic static code analysis allows you to examine your Apex code for issues during your deployment

Stephen Chambers avatar
Written by Stephen Chambers
Updated over a week ago

For users on Gearset's Enterprise tier, Gearset includes automatic analysis of any Apex code being deployed to check for issues such as security vulnerabilities, code complexity, class naming best practices, and more. For a general introduction to static code analysis, see our support article.

Configuring your static code analysis rule set

Your Gearset team owner(s) can configure your static code analysis rules. First click on the Gearset icon in the top right, and then My Account.

Then click on Static code analysis rule sets on the left.

Rules are displayed in categories, such as Security, Code Style and Performance rules. A short description explains what each rule will analyze within your code, allowing you to fine-tune the code analysis to match your development process. 

To enable or disable specific rules entirely, simply click on the toggle to turn the rule on and off.

You can choose how you want to define the severity of a rule, should a violation be detected. More serious violations can be flagged as an error, while others are simply tagged as warnings in the results summary.

For some rules, you can specify not only the issue severity, but also specific values to determine the precise level at which the rule will fire.

For example, for the design rule ExcessiveClassLength, you can specify the maximum length of class that is allowed. Here the maximum class length is set to 1,000 lines.

You can configure the levels to find the right balance between warnings and errors to meet your team's needs.

Manage which packages and classes to exclude from your code analysis

Within Gearset, team owners can also exclude specific packages and classes. Once you exclude a package or class, it’ll be entirely ignored by the code analysis results and won’t trigger any rule violations.

To select which packages and classes you’d like to exclude, first navigate to the same Static code analysis rule sets page. Under Exclude packages and classes, click the cog icon.

Next, type in the package or class name you wish to exclude and click Add to list. Any packages or classes you choose to exclude will then be visible on the Static code analysis rule sets page.

Viewing the results of the static code analysis when preparing a deployment

The analysis of your Apex code happens in parallel with our problem analyzer process. This applies to source environments regardless if it's an org or a git branch. If no issues with the deployment package or any Apex code being deployed are detected, Gearset will automatically take you straight to the deployment summary page where you can then proceed to validate or deploy your changes.

If any issues are detected, Gearset will display the detected rule violations and group them within the class that they belong to. You can use the menu items on the left to view specific categories of violations or use the free text filter to narrow down to a specific class.

For any violation detected, Gearset will tell you which line of code the issue begins on and provide a description, so you can easily understand why issues have been flagged in your Apex. For more detailed information on each specific rule, just click on its name and you’ll be taken to the PMD library for a more in-depth look at the individual rule and its Java implementation.

Did this answer your question?