Prerequisites: To properly configure Salesforce Analyzer Code Scan in pipelines, you must first configure a Salesforce Analyzer Code Scan tool and a Jenkins tool in the Tool Registry.
Salesforce Analyzer Code Scan Tool Registry Configuration
Create a new tool with Tool Type: Salesforce Code Analyzer.
Navigate to the Validation Rules tab to add a new scan rule.
Click + New SFDX Scan Rule and complete the form:
Name - Provide a unique name for the Scan Rule
Category - Select a Category. Choose from the following: Security, Best Practices, Performances, Code Style, Design, Documentation, Error Prone, ECMAScript6, Possible Errors, Variables, or Stylistic Issues.
Threshold - Provide a number for threshold to be used against the Category selected. During the scan, if the number of vulnerabilities is higher than the threshold, the pipeline step will fail.
Quality Gates - Select a Rule and Threshold/Count. If there are more vulnerabilities than the Threshold in the particular Rule, the Quality Gate will fail.Click Create to save the form.
Jenkins Tool Registry Configuration
Navigate to a properly configured Jenkins tool and navigate to the Jobs tab.
Click + New Jenkins Job and make the following selections in the form:
Name - Provide a unique name for the job to be fetched in the Salesforce Code Analyzer. This will be fetched in the pipeline step.
Job Type - Select Salesforce Code Analyzer from the drop-down list.Click Create to save the job.
Pipeline Configuration
Create a new pipeline step and select Tool Type: Salesforce Code Analyzer. Save the step and then click the gear icon to configure it.
In Step Configuration, make the following selections to configure the step:
Step Tool - Select the configured Jenkins tool containing the Salesforce Code Analyzer job.
Job - Select the Salesforce Code Analyzer job.
Build/Package Step - Choose the pipeline step you wish to scan.
Select Salesforce Scan Tool - Select the configured Salesforce Code Analyzer job.
Quality Gates -Once the pipeline is configured properly, it can be triggered.
Pipeline Logs
To view the results from the scan, view the Pipeline Activity Logs.
Locate the column containing the Sfdx Code Scan Report and click it.
View Summary and Execution details to analyze Quality Gates.
...