S4 VS Code Plugin Integrates with SFDX

Salesforce DevSecOps in your favorite IDE

Secure Salesforce development is more convenient than ever. With the new S4 VS-Code plugin, Salesforce developers can now leverage S4 directly from their favorite integrated development environment (IDE).

Full-spectrum application security scanning streamlines the development process by eliminating the need to fix Salesforce vulnerabilities later, saving time and money.  Shifting security left in the CI/CD pipeline accelerates development while reducing risk.

The S4 VS Code plugin can be called through an SFDX command. Once installed, developers can set up their VS Code environment and use S4 from VS Code using the following command:

sfdx digitsec:s4

The results look like the following:

Checking scan status ...
    status: 'completed',
    version: 'Summer 2021 v 99',
    autoscan: false,
    Findings_new: false,
    _id: '6064f07b463afa5b0d83cd6b',
    Org_Id: '5f454f9593a0272c26dcf33d',
    Created_date: '2021-03-31T21:58:19.704Z',
    Initiated_Scan_date: '2021-03-31T21:58:19.704Z',
    __v: 0,
    size: 13890241,
    Critical: 3,
    High: 36,
    Medium: 11,
    Low: 20
Scan completed ...
Generating report ...
S4 Scanning ... \
Report downloaded ...
View Results Online at S4 ...

You can review the S4 VS Code Plugin documentation here for installation instructions.

Picture of digitsec



DigitSec brings four scans to protect Salesforce: Source Code Analysis, Custom Runtime Testing, Software Composition Analysis, & Cloud Security Configuration Review. #DevOps

Recent Posts

Sign up for our Newsletter

Get security tips sent to your inbox.

Sign up to get updates and security insights from DigitSec