npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sf-cat

v1.0.4

Published

Transform Salesforce Code Analyzer reports into SonarQube generic issue data format.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mcarvinmcarvin

Keywords

forcesalesforcesalesforcedxsfsf-pluginsfdxsfdx-pluginsonarqubeapexconvertertransformercodequality

Readme

sf-cat

NPM Downloads/week License Maintainability Code Coverage

sf-cat is a Salesforce CLI plugin that converts output from Salesforce Code Analyzer into SonarQube-compatible format. This enables development teams to suface Salesforce-specific code quality results from multiple scanning engines directly within 1 SonarQube project.

Install

sf plugins install [email protected]

Why Use This Plugin?

Salesforce Code Analyzer is a tool for developers to maintain high standards of code quality and efficiency by identifying issues such as security vulnerabilities, performance bottlenecks, and violations of coding best practices. It leverages various scanning engines like PMD, ESLint, RetireJS, and Salesforce Graph Engine, to analyze code in Apex, Visualforce, Flows, and Lightning components.

But SonarQube is often used as a central platform to consolidate code quality results across repositories and languages — including CI pipelines, pull request gating, and dashboards.

Unfortunately, Salesforce Code Analyzer output is not directly compatible with SonarQube.

That’s where sf-cat comes in:
✅ Converts Salesforce Code Analyzer JSON to SonarQube's Generic Issue Data format
✅ Enables seamless inclusion in sonar-scanner reports
✅ Allows teams to view Salesforce-specific quality violations in the same place as other code and integrate it into DevOps platforms — enabling a unified view of code quality across the entire stack

Notes on Column Data

Salesforce Code Analyzer output sometimes contains startColumn and endColumn values that exceed the actual length of the line in the source file.

SonarQube enforces strict bounds on these values and will fail the scan if a column offset exceeds the line length.

To prevent such failures, sf-cat automatically removes column values (startColumn, endColumn) from all issues reported by the Salesforce Code Analyzer. This ensures compatibility with SonarQube while preserving line-level highlighting.

How to Use

Step 1: Run Salesforce Code Analyzer in JSON format

sf code-analyzer run --workspace "./force-app/main/default/" --rule-selector Recommended -f "output.json"

Step 2: Convert to SonarQube format

sf cat transform -j "output.json" -r "results.json"

Step 3: Run SonarQube scan with converted issues

In your sonar-project.properties:

sonar.externalIssuesReportPaths=results.json

Or pass it via CLI:

sonar-scanner -Dsonar.externalIssuesReportPaths=results.json

Command

sf cat transform

USAGE
  $ sf cat transform -i <value> [-o <value>] [--json]

FLAGS
  -i, --input-file=<value>             Path to the JSON file created by the Salesforce Code Analyzer plugin.
  -o, --output-file=<value>            Path to the output created by this plugin.
                                       [default: "output.json"]

GLOBAL FLAGS
  --json  Format output as json.

EXAMPLES

    $ sf cat transform -i "salesforce-code-analyzer.json" -o "sonar.json"

Issues

If you encounter any issues or would like to suggest features, please create an issue.

License

This project is licensed under the MIT license. Please see the LICENSE file for details.