Salesforce DevSecOps in your favorite IDE
Secure Salesforce development is more convenient than ever. With the new S4 VS-Code plugin, Salesforce developers can now leverage S4 directly from their favorite integrated development environment (IDE).
Full-spectrum application security scanning streamlines the development process by eliminating the need to fix Salesforce vulnerabilities later, saving time and money. Shifting security left in the CI/CD pipeline accelerates development while reducing risk.
The S4 VS Code plugin can be called through an SFDX command. Once installed, developers can set up their VS Code environment and use S4 from VS Code using the following command:
sfdx digitsec:s4The results look like the following:
Checking scan status ...[ { status: 'completed', version: 'Summer 2021 v 99', autoscan: false, Findings_new: false, _id: '6064f07b463afa5b0d83cd6b', Org_Id: '5f454f9593a0272c26dcf33d', Created_date: '2021-03-31T21:58:19.704Z', Initiated_Scan_date: '2021-03-31T21:58:19.704Z', __v: 0, size: 13890241, Critical: 3, High: 36, Medium: 11, Low: 20 }]Scan completed ...Generating report ...S4 Scanning ... \Report downloaded ...View Results Online at S4 ...https://s4.digitsec.com/index#scan/6064f07b463afa5b0d83cd6bYou can review the S4 VS Code Plugin documentation here for installation instructions.
