Skip to main content

Code Reviews

The code review and analysis platform for Salesforce

10 authors172 articles
Getting a Salesforce org health check from Pipelines
Automated Code Reviews in pipelines
How to Edit the Maximum Number of Decisions

Code Reviews Rule Documentation

Code reviews rule: Use of @future method in loop
Code reviews rule: Flow Record-Triggered Max Per Object
Code reviews rule: Apex Send Email Restriction
Code reviews rule: Missing condition on record-triggered flows
Code reviews rule: Untested Lightning Web Components
Code reviews rule: Missing comment in test assertions
Code reviews rule: Insecure direct object references (DOR)
Code reviews rule: Apex User Registration Without Limit
Code reviews rule: Inconsistent naming Apex inner classes
Code reviews rule: Untested flows
Code reviews rule: Excessive number of custom fields
Code reviews rule: Test coverage padding method
Code reviews rule: Insecure JavaScript operations
Code reviews rule: Insecure contents
Code reviews rule: Multiple automation on the same object
Code reviews rule: Hardcoded secrets
Code reviews rule: Excessive nesting of conditional statements
Code reviews rule: Insecure endpoint callouts
Code reviews rule: Missing exception handling in database operations
Code reviews rule: Business logic in triggers
Code reviews rule: Hardcoded IDs in code
Code reviews rule: Excessive code complexity
Code reviews rule: Missing output assignment for Agentforce customer verification
Code reviews rule: Visualforce Cross-Site Scripting (XSS)
Code reviews rule: Use of deprecated: AccountInsights and OpportunityInsights settings
Code reviews rule: Missing custom metadata description
Code reviews rule: Dynamic imports for platformResourceLoader
Code reviews rule: Access to Session ID in flows
Code reviews rule: Insufficient number of assertions
Code reviews rule: Flow naming conventions
Code reviews rule: Hardcoded IDs in flow
Code reviews rule: Insecure serialization and deserialization for Visualforce pages
Code reviews rule: User password set programmatically
Code reviews rule: Use of outdated API version for ICU locale
Code reviews rule: Breaking change in LWC host access
Code reviews rule: Invalid RestResponse headers
Code reviews rule: Use of Session storage and Local storage
Code reviews rule: Inactive flows
Code reviews rule: Excessive number of method arguments
Code reviews rule: Constructor with side effects
Code reviews rule: Missing messages in Visualforce page
Code reviews rule: Missing custom fields description
Code reviews rule: Missing fault path in flows
Code reviews rule: Method with global visibility
Code reviews rule: Use native ZIP functions over Zippex
Code reviews rule: Multiple forms in Visualforce page
Code reviews rule: Hardcoded callouts authentication
Code reviews rule: Vulnerable code to SOQL/SOSL injections
Code reviews rule: Inconsistent naming Apex triggers
Code reviews rule: Incorrect sharing clauses
Code reviews rule: Apex Use of Salesforce Function
Code reviews rule: Untested Apex method
Code reviews rule: Missed opportunity: Safe navigation operator
Code reviews rule: Untested Agentforce action
Code reviews rule: Unspecified JavaScript cookie accessibility
Code reviews rule: Use of deprecated instance URL
Code reviews rule: Apex Leftover Debug Statement
Code reviews rule: Vulnerable third-party dependency
Code reviews rule: Multiple triggers on the same object
Code reviews rule: Excessive number of methods in class
Code reviews rule: Apex CRUD/FLS
Code reviews rule: Excessive data access privileges
Code reviews rule: Incorrect Agentforce settings
Code reviews rule: Excessive number of Agentforce topics
Code reviews rule: Visualforce Tags not supported by Salesforce1
Code reviews rule: Use of deprecated: SiteSettings
Code reviews rule: Inline Cascading Style Sheets (CSS)
Code reviews rule: Untested Agentforce topic
Code reviews rule: Use of the lightning/uiGraphQLApi module
Code reviews rule: Insufficient length of instructions in Agentforce topic
Code reviews rule: LWC Sensitive Object Field Import
Code reviews rule: Untested Agentforce agent
Code reviews rule: Inconsistent naming Aura controller properties
Code reviews rule: Missing data factory in test methods
Code reviews rule: Exposure of sensitive information in logs
Code reviews rule: Inefficient calls to Schema.getGlobalDescribe().get()
Code reviews rule: Inefficient JavaScript loading
Code reviews rule: Missing customer verification in Agentforce agent
Code reviews rule: Undocumented Apex methods
Code reviews rule: Use template strings rather than string concatenation for dynamic formulas
Code reviews rule: Missing invocation target for Agentforce action
Code reviews rule: Data access or manipulation in loops
Code reviews rule: Missing annotation @IsTest in test methods
Code reviews rule: Excessive flow complexity
Code reviews rule: Update roleAndSubordinates to roleAndSubordinatesInternal
Code reviews rule: Inline JavaScript
Code reviews rule: Missing entry in Apex documentation
Code reviews rule: Use of Session IDs in Visualforce
Code reviews rule: Inactive validation rules
Code reviews rule: Use of spaces in attribute class selectors
Code reviews rule: Apex Interface Unused
Code reviews rule: Test methods with full data access
Code reviews rule: Use of deprecated Streaming API versions
Code reviews rule: Inconsistent naming Apex test classes (inner classes)
Code reviews rule: Insecure reference to external resources
Code reviews rule: Unbound SOQL statement
Code reviews rule: Use of sendEmail in loops
Code reviews rule: Inconsistent naming Apex variables
Code reviews rule: Apex Not Using My Domain Login URL
Code reviews rule: Insecure sharing to external users
Code reviews rules summary