Analyze
sfp analyze
sfp analyzeUSAGE
$ sfp analyze [--json] [--repository <value>] [-e <value>] [-t <value>] [--sfp-server-url <value>] [-p
<value>... | -s <value> | -d <value>] [--exclude-linters duplicates|compliance|architecture|code-analyzer...]
[--fail-on duplicates|compliance|architecture|code-analyzer...] [--show-aliasfy-notes] [--fail-on-unclaimed]
[--output-format markdown|json|github|sarif] [--output-file <value>] [--report-dir <value>] [--compliance-rules
<value>] [--generate-compliance-config] [--changed-files <value>] [--base-ref <value>] [--head-ref <value>]
[--provider anthropic|openai|google|github-copilot] [--create-check] [--publish-results] [--code-analyzer-config
<value>] [--code-analyzer-engines <value>] [--duplicates-config <value>] [--commit-sha <value>] [--pr-number
<value>] [--base-branch <value>] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
FLAGS
-d, --domain=<value> The domain to analyse for duplicate packages
-e, --email=<value> Email address for authenticated user. Ignored if --application-token is provided.
Can be set via SFP_SERVER_USER env var.
-p, --package=<value>... The name of the package to analyse
-s, --source-path=<value> The path to the source file to analyse
-t, --application-token=<value> Application token for CI/CD authentication. Can be set via SFP_SERVER_TOKEN env
var (CLI flags take precedence over env vars).
--base-branch=<value> Target branch for branch rule matching (e.g., main, release/1.0). Used to resolve
server-side analyze config branch rules.
--base-ref=<value> Base commit/branch for git diff comparison (e.g., origin/main, abc123def)
--changed-files=<value> Analyze only specified changed files (comma-separated paths)
--code-analyzer-config=<value> Path to Code Analyzer config file (defaults to config/code-analyzer.yml)
--code-analyzer-engines=<value> Comma-separated list of Code Analyzer engines to run: pmd, cpd, eslint (default:
all)
--commit-sha=<value> Commit SHA for CI check creation (used with --pr-number to create checks without
CI env vars)
--compliance-rules=<value> Path to compliance rules YAML file (defaults to config/compliance-rules.yaml)
--create-check Create check/status on PR via server API (requires server connection)
--duplicates-config=<value> Path to duplicates config YAML file (default: config/duplicates.yaml)
--exclude-linters=<option>... [default: ] Comma-separated list of linters to exclude (e.g., duplicates,
architecture)
<options: duplicates|compliance|architecture|code-analyzer>
--fail-on=<option>... [default: ] Comma-separated list of linters that should fail the command if
issues are found
<options: duplicates|compliance|architecture|code-analyzer>
--[no-]fail-on-unclaimed Whether to fail when duplicates are found in unclaimed packages
--generate-compliance-config Generate a sample compliance rules configuration file
--head-ref=<value> [default: HEAD] Head commit/branch for git diff comparison (defaults to HEAD)
--loglevel=<option> [default: info] logging level for this command invocation
<options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>
--output-file=<value> Write output to file (useful with --output-format sarif)
--output-format=<option> [default: markdown] Format for the analysis output (markdown, json, github,
sarif)
<options: markdown|json|github|sarif>
--pr-number=<value> Pull request number for CI check association (used with --commit-sha)
--provider=<option> AI provider for architecture analysis (takes precedence over env var
auto-detection)
<options: anthropic|openai|google|github-copilot>
--publish-results Store analysis results to server for dashboards (requires server connection)
--report-dir=<value> Directory where analysis reports should be written
--repository=<value> The repository identifier. E.g `owner/repo` for GitHub/GitLab or
`org/project/repo` for Azure DevOps
--sfp-server-url=<value> URL of the SFP server. Can be set via SFP_SERVER_URL env var or config: sfp
config:set server-url
--[no-]show-aliasfy-notes Show aliasfy notes for packages that are aliasfied
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Analyse the project for various issues
ALIASES
$ sfp source analyze
$ sfp project analyze
EXAMPLES
$ sfp project:analyze
$ sfp project:analyze -p core,utils
$ sfp project:analyze -s ./custom-path
$ sfp project:analyze --fail-on-duplicates --json
$ sfp project:analyze --exclude-linters duplicates
$ sfp project:analyze --fail-on duplicates
$ sfp project:analyze --fail-on compliance
$ sfp project:analyze --compliance-rules config/my-rules.yaml
$ sfp project:analyze --generate-compliance-config
$ sfp project:analyze --changed-files "src/classes/MyClass.cls,src/triggers/MyTrigger.trigger"
$ # AI architecture analysis (requires AI provider auth):
$ ANTHROPIC_API_KEY=xxx sfp project:analyze
$ OPENAI_API_KEY=xxx sfp project:analyze --exclude-linters duplicates,compliance
$ # Explicit provider selection (takes precedence over env vars):
$ sfp project:analyze --provider github-copilot
$ sfp project:analyze --provider anthropic
$ # Local analysis with custom git refs:
$ sfp project:analyze --base-ref origin/main
$ sfp project:analyze --base-ref abc123 --head-ref def456
$ # Use external OpenCode server for testing:
$ sfp project:analyze --opencode-server http://127.0.0.1:19999
$ # Server integration - create check on PR:
$ sfp project:analyze --create-check
$ # Server integration - create check and store results for dashboards:
$ sfp project:analyze --create-check --publish-results
$ # Code analyzer - run all engines (PMD, CPD, ESLint):
$ sfp project:analyze
$ # Code analyzer - run only PMD for Apex:
$ sfp project:analyze --code-analyzer-engines pmd
$ # Code analyzer - run PMD and ESLint:
$ sfp project:analyze --code-analyzer-engines pmd,eslint
$ # Code analyzer - with custom config:
$ sfp project:analyze --code-analyzer-config ./my-rules.ymlLast updated
Was this helpful?