Code Analysis | sfp server

Get code analysis for a branch

get

Retrieves code analysis results for a specific repository branch.

Three-state response pattern:

available: Analysis data exists and is returned in the data field
pending: No data exists; a new analysis has been triggered. Poll using the returned jobId
error: An error occurred (e.g., project not found)

Auto-trigger behavior:

If no analysis exists, automatically triggers a Windmill flow to run the analysis
Creates a daily schedule (3 AM UTC) for the project if one doesn't exist

Tools used: Salesforce Code Analyzer (PMD, ESLint, regex, retire-js, cpd)

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

branchstringRequired

Git branch name to get analysis for

Example: main

commitIdstringOptional

Specific commit SHA. If omitted, returns the latest analyzed commit.

Responses

200

Analysis data or pending/error status

application/json

statusstring · enumRequired

Response status indicating data availability

Example: availablePossible values:

jobIdstringOptional

Windmill job ID for tracking (present when status is "pending")

Example: 019b7251-ec8f-a661-2b2a-8d2699a64569

messagestringOptional

Human-readable status message or error description

Example: Analysis started. Job ID: 019b7251-ec8f-a661-2b2a-8d2699a64569. Schedule created.

400

Missing required query parameters

401

Unauthorized - invalid or missing token

403

Forbidden - Requires role: member, owner, application

get

/sfp/api/testreports/code-analysis

GET /sfp/api/testreports/code-analysis?repositoryIdentifier=flxbl-io%2Fsf-core&branch=main HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "status": "available",
  "data": {
    "repositoryIdentifier": "flxbl-io/sf-core",
    "branch": "main",
    "commitId": "bfffb1da08589734f2781e3a4b5f4d4105efac72",
    "analyzedAt": "2025-12-31T02:16:46.000Z",
    "duration": 43,
    "summary": {
      "totalIssues": 49,
      "issuesByLevel": {
        "error": 23,
        "warning": 26,
        "note": 0,
        "none": 0
      },
      "issuesByRule": [
        {
          "ruleId": "ApexCRUDViolation",
          "ruleName": "Apex CRUD Violation",
          "count": 15,
          "level": "error"
        }
      ],
      "toolsUsed": [
        {
          "name": "code-analyzer",
          "version": "5.0.0"
        }
      ],
      "filesAffected": 34,
      "analysisSuccessful": true
    },
    "metadata": {
      "triggeredBy": "schedule",
      "windmillJobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
      "scheduledRun": true,
      "tools": [
        "code-analyzer"
      ]
    },
    "sarif": {}
  },
  "jobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
  "message": "Analysis started. Job ID: 019b7251-ec8f-a661-2b2a-8d2699a64569. Schedule created."
}

Force refresh code analysis

post

Triggers a new code analysis regardless of whether data already exists.

Behavior:

If branch is specified: Analyzes only that branch
If branch is omitted: Analyzes all branches configured in the project's configuration.branches (defaults to ["main"])

Returns: A pending response with the Windmill job ID to track progress.

Use cases:

Force re-analysis after code changes
Trigger analysis for all branches at once

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

branchstringOptional

Specific branch to analyze. If omitted, analyzes all configured branches.

Responses

200

Analysis refresh triggered

application/json

statusstring · enumRequired

Response status indicating data availability

Example: availablePossible values:

jobIdstringOptional

Windmill job ID for tracking (present when status is "pending")

Example: 019b7251-ec8f-a661-2b2a-8d2699a64569

messagestringOptional

Human-readable status message or error description

Example: Analysis started. Job ID: 019b7251-ec8f-a661-2b2a-8d2699a64569. Schedule created.

400

Missing required query parameters

401

Unauthorized - invalid or missing token

403

Forbidden - Requires role: member, owner, application

404

Project not found

post

/sfp/api/testreports/code-analysis/refresh

POST /sfp/api/testreports/code-analysis/refresh?repositoryIdentifier=flxbl-io%2Fsf-core HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "status": "available",
  "data": {
    "repositoryIdentifier": "flxbl-io/sf-core",
    "branch": "main",
    "commitId": "bfffb1da08589734f2781e3a4b5f4d4105efac72",
    "analyzedAt": "2025-12-31T02:16:46.000Z",
    "duration": 43,
    "summary": {
      "totalIssues": 49,
      "issuesByLevel": {
        "error": 23,
        "warning": 26,
        "note": 0,
        "none": 0
      },
      "issuesByRule": [
        {
          "ruleId": "ApexCRUDViolation",
          "ruleName": "Apex CRUD Violation",
          "count": 15,
          "level": "error"
        }
      ],
      "toolsUsed": [
        {
          "name": "code-analyzer",
          "version": "5.0.0"
        }
      ],
      "filesAffected": 34,
      "analysisSuccessful": true
    },
    "metadata": {
      "triggeredBy": "schedule",
      "windmillJobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
      "scheduledRun": true,
      "tools": [
        "code-analyzer"
      ]
    },
    "sarif": {}
  },
  "jobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
  "message": "Analysis started. Job ID: 019b7251-ec8f-a661-2b2a-8d2699a64569. Schedule created."
}

Store code analysis results

post

Stores SARIF analysis results from an external source (typically Windmill flows).

Duplicate handling: If results already exist for the given commit, the request is ignored (same commit = same results).

Data processing:

Extracts summary metrics from SARIF (issues by severity, by rule, files affected)
Applies retention policy (keeps last 10 runs per branch)

Note: This endpoint is primarily used by Windmill flows, not direct API consumers.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

branchstringRequired

Git branch name

Example: main

commitIdstringRequired

Git commit SHA

Example: abc123def456789

analyzedAtstringRequired

Analysis timestamp in ISO 8601 format

Example: 2025-01-01T12:00:00.000Z

durationnumberRequired

Analysis duration in seconds

Example: 45

sarifobjectRequired

Raw SARIF 2.1.0 document from code analyzer

Example: {"version":"2.1.0","runs":[]}

Responses

201

Result stored successfully

application/json

400

Invalid request body

401

Unauthorized - invalid or missing token

403

Forbidden - Requires role: owner, application

post

/sfp/api/testreports/code-analysis/results

POST /sfp/api/testreports/code-analysis/results HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 319

{
  "repositoryIdentifier": "flxbl-io/sf-core",
  "branch": "main",
  "commitId": "abc123def456789",
  "analyzedAt": "2025-01-01T12:00:00.000Z",
  "duration": 45,
  "sarif": {
    "version": "2.1.0",
    "runs": []
  },
  "metadata": {
    "triggeredBy": "schedule",
    "windmillJobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
    "scheduledRun": true,
    "tools": [
      "code-analyzer"
    ]
  }
}

{
  "success": true
}

Get analysis history for a branch

get

Returns the last N analysis runs for a specific branch, ordered by analysis date (newest first).

Use cases:

Display trend charts
Compare analysis results over time
Track code quality improvements

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

branchstringRequired

Git branch name

Example: main

Query parameters

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

limitnumberOptional

Maximum number of results (default: 10, max: 100)

Example: 10

Responses

200

Analysis history for the branch

application/json

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

branchstringRequired

Git branch name that was analyzed

Example: main

commitIdstringRequired

Full Git commit SHA that was analyzed (used as document key)

Example: bfffb1da08589734f2781e3a4b5f4d4105efac72

analyzedAtstring · date-timeRequired

Timestamp when analysis was performed (ISO 8601 format)

Example: 2025-12-31T02:16:46.000Z

durationnumberRequired

Total analysis duration in seconds (clone + analyze + store)

Example: 43

sarifobjectOptional

Full SARIF 2.1.0 document (only included in detail views, omitted in lists)

400

Missing required query parameters

401

Unauthorized - invalid or missing token

403

Forbidden - Requires role: member, owner, application

get

/sfp/api/testreports/code-analysis/history/{branch}

GET /sfp/api/testreports/code-analysis/history/{branch}?repositoryIdentifier=flxbl-io%2Fsf-core HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

[
  {
    "repositoryIdentifier": "flxbl-io/sf-core",
    "branch": "main",
    "commitId": "bfffb1da08589734f2781e3a4b5f4d4105efac72",
    "analyzedAt": "2025-12-31T02:16:46.000Z",
    "duration": 43,
    "summary": {
      "totalIssues": 49,
      "issuesByLevel": {
        "error": 23,
        "warning": 26,
        "note": 0,
        "none": 0
      },
      "issuesByRule": [
        {
          "ruleId": "ApexCRUDViolation",
          "ruleName": "Apex CRUD Violation",
          "count": 15,
          "level": "error"
        }
      ],
      "toolsUsed": [
        {
          "name": "code-analyzer",
          "version": "5.0.0"
        }
      ],
      "filesAffected": 34,
      "analysisSuccessful": true
    },
    "metadata": {
      "triggeredBy": "schedule",
      "windmillJobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
      "scheduledRun": true,
      "tools": [
        "code-analyzer"
      ]
    },
    "sarif": {}
  }
]

Get branch dashboard with trends

get

Returns a comprehensive dashboard view for a specific branch including:

Latest analysis: Full analysis result with summary
History: Last 10 analysis runs (for trend charts)
Trends: Issue count trend direction (up/down/stable)

Trend calculation: Compares average issues in the last 3 runs vs previous 3 runs.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

branchstringRequired

Git branch name

Example: main

Query parameters

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

Responses

200

Branch dashboard with latest analysis, history, and trends

application/json

repositoryIdentifierstringRequired

Repository identifier in org/repo format

Example: flxbl-io/sf-core

branchstringRequired

Git branch name

Example: main

400

Missing required query parameters

401

Unauthorized - invalid or missing token

403

Forbidden - Requires role: member, owner, application

get

/sfp/api/testreports/code-analysis/dashboard/{branch}

GET /sfp/api/testreports/code-analysis/dashboard/{branch}?repositoryIdentifier=flxbl-io%2Fsf-core HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "repositoryIdentifier": "flxbl-io/sf-core",
  "branch": "main",
  "latestAnalysis": {
    "repositoryIdentifier": "flxbl-io/sf-core",
    "branch": "main",
    "commitId": "bfffb1da08589734f2781e3a4b5f4d4105efac72",
    "analyzedAt": "2025-12-31T02:16:46.000Z",
    "duration": 43,
    "summary": {
      "totalIssues": 49,
      "issuesByLevel": {
        "error": 23,
        "warning": 26,
        "note": 0,
        "none": 0
      },
      "issuesByRule": [
        {
          "ruleId": "ApexCRUDViolation",
          "ruleName": "Apex CRUD Violation",
          "count": 15,
          "level": "error"
        }
      ],
      "toolsUsed": [
        {
          "name": "code-analyzer",
          "version": "5.0.0"
        }
      ],
      "filesAffected": 34,
      "analysisSuccessful": true
    },
    "metadata": {
      "triggeredBy": "schedule",
      "windmillJobId": "019b7251-ec8f-a661-2b2a-8d2699a64569",
      "scheduledRun": true,
      "tools": [
        "code-analyzer"
      ]
    },
    "sarif": {}
  },
  "history": [
    {
      "commitId": "bfffb1da08589734",
      "analyzedAt": "2025-12-31T02:16:46.000Z",
      "totalIssues": 49,
      "errors": 23,
      "warnings": 26
    }
  ],
  "trends": {
    "issuesTrend": "down"
  }
}

Good afternoon

hashtagGet code analysis for a branch

hashtagForce refresh code analysis

hashtagStore code analysis results

hashtagGet analysis history for a branch

hashtagGet branch dashboard with trends

Get code analysis for a branch

Force refresh code analysis

Store code analysis results

Get analysis history for a branch

Get branch dashboard with trends