Request A Demo
Back to All Blog Articles

Analyze a Salesforce Code Base Using PMD as Part of the CI/CD Process

FlexDeploy’s s rich DevOps features, flexibility in controlling release automation, and integrated Salesforce support provide a highly efficient solution for your enterprise. If you are looking for an introduction to FlexDeploy’s support for Salesforce, start with this blog series.

In this blog, we’ll cover how to integrate PMD source code analyzer for apex classes, visual force pages, and JavaScript into your release pipelines. PMD scans help you find common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and more.

After a quick configuration, you’ll be ready to execute PMD scans as part of your pipeline in FlexDeploy.

Configure the PMD Scan in FlexDeploy:

  1. Install PMD: Download the PMD installation file and install it on the FlexDeploy server. If you already have a PMD installed host, use that endpoint to connect and execute the scan.
  2. Tie to FlexDeploy: After installation, if PMD is not in the path, provide the path in the FlexDeploy configuration screen. Go to the Topology -> Environments ->PropertiesConfigure PMD Scan in the FlexDeploy topology.
  3. Add to a Workflow: To include the PMD rules evaluation as part of the CI/CD process, create a workflow and include the PMD evaluation as a step.Include PMD rules evaluation as part of the CI/CD process in FlexDeploy.
    • The PMD plugin component is just a drag and drop. You can insert the scan before a build if you are sourcing files from SCM or after the build and before deployment.
    • Optionally, specify a custom rule file on the plugin configuration. This gives you full control over what you want to check and scan in your code. This also eliminates a lot of manual review work.

Configure the PMD scan to execute as part of a FlexDeploy workflow.

Execute the PMD Scan:

  • Execute the build (create package) manually or as part of a CI trigger. After the build execution completes, errors or non-compliant code from the to-be-deployed package are captured and displayed on the summary screen and reports tab. This report can be sent as an email to the desired audience.  Integrate a PMD code analysis scan as part of the Build process.

Insert a PMD code analysis scan as part of a requirement to move a package to a future environment.

  • View the summary of the scan execution. It will show the count of Critical, High, and Medium results found.The PMD scan execution summary will show the count of Critical, High, and Medium results found.
  • You can view the full report in the Reports tab. You can also download the report from this tab. View the full PMD scan report in the Reports tab, or download the report from this tab.
  • You can add a quality gate in your pipeline that will take automated action based on the results of a scan. If needed, fail the build when critical issues are found or as per your threshold level.


The PMD source code analysis toolset helps achieve and enforce industry best practices, and makes your code more stable and less vulnerable from the security standpoint. This integration is another great example of FlexDeploy’s extensive support for Salesforce. You can seamlessly integrate PMD and other scanning tools into your CI/CD pipeline and drive the DevSecOps journey of your organization using FlexDeploy. This will help deliver high-quality code into production fast.

Realted Resources

Join DevOps leaders across the globe who recieve analysis, tips, and trends in their inbox