We are excited to announce a significant update for Apex language analysis on SonarQube Cloud, bringing a fresh set of rules to enhance code quality and security, alongside a nice performance improvement for existing checks!
This update is now live on SonarQube Cloud and applies to all your Apex projects.
Performance Improvement
We’ve carefully optimized our rules. We are thrilled to report a 50% performance boost on our reference tests for all existing Apex rules. This means faster analysis times and quicker feedback loops for your development teams.
New Apex Rules for SonarQube Cloud
This release includes 23 new rules designed to help you catch common pitfalls, adhere to best practices, and secure your Apex code against Salesforce governor limits and vulnerabilities.
Here is the full list of new rules:
Rule Key Description
S7972 Apex cursor fetch should use small chunk sizes to avoid governor limits
S8130 Retired Salesforce API versions should not be used
S8125 Field-level permissions should be checked before accessing fields
S8044 FormulaEval.FormulaBuilder should be properly configured with null checks, type safety, and return type
S8041 Apex callouts should implement retry logic for reliability
S8035 Change Data Capture event objects should follow the correct naming convention
S8032 Database.Stateful should only be used when state retention is needed
S8028 Future methods should not be called from batch or queueable contexts
S8020 Server actions that retrieve data should be marked as cacheable
S8008 Encryption keys should not be hardcoded
S8001 SOQL LIKE clauses should not use leading wildcards
S8000 Test classes should create required test data within the test
S7999 Email operations should include proper error handling
S7994 AuraEnabled methods should be static when they don’t require instance state
S7965 Future methods should not accept sObjects or custom objects as parameters
S7951 Database.SaveResult objects should be checked for errors
S1213 The members of an interface or class declaration should appear in a pre-defined order
S1659 Multiple variables should not be declared on the same line
S8451 Schema describe operations should not be called inside loops
S8452 Classes should override both equals and hashCode or neither
S8453 Test assertions should include descriptive messages
S8455 SObject describe calls should use deferred loading
S8456 Annotations should use PascalCase naming convention
We encourage you to check out the new issues in your Apex projects and update your quality gates accordingly.
Next Steps and Feedback
Start using these new features today on SonarQube Cloud!
If you have any questions or feedback on these new rules or the performance improvements, please join the discussion below, and don’t forget to share your comment when reporting False Positives, as it helps us quickly course correct on ou rules. We’re always eager to hear from the community.
Happy analyzing!
Denis