Detect unsafe contexts, queries in loops, hardcoded IDs, and more to optimize Salesforce Flows
Lightning Flow Scanner CLI is plug-and-play. Open any project with flows and run sf flow:scan; all default rules and thresholds are applied automatically.
sf flow:scan [options]Customize the scan behavior using the following options:
| Flag | Alias | Description | Example |
|---|---|---|---|
--config |
-c |
Path to the configuration file | -c ./dir/flow-scanner.json |
--directory |
-d |
Directory to scan recursively | -d ./force-app/main/ |
--threshold |
-f |
Fail the run on errors of this level or higher (error|warn|info) |
--threshold warn |
--files |
-p |
Space-separated list of specific flow files to scan | -p "flow1.flow-meta.xml" "flows/flow2.flow-meta.xml" |
--sarif |
-s |
Output results in SARIF format to stdout | --sarif > results.sarif |
--betamode |
-z |
Enable experimental beta rules | --betamode |
--json |
Output results as pretty-printed JSON | --json |
|
--loglevel |
Logging verbositytrace | debug | info | warn | error | fatal [default: warn] |
--loglevel debug |
Privacy: Zero user data collected. All processing is client-side. → See Data Handling in our Security Policy.
Quick local scan with JSON output
sf flow:scan -d ./flows --json
CI/CD ready with SARIF
sf flow:scan -d src/flows --sarif > report.sarif
Scan only two specific flows including beta rules
sf flow:scan -p "flows/Opportunity_Auto_Approve.flow-meta.xml" "flows/Case_Escalation.flow-meta.xml" -z --json
It is recommended to set up a .flow-scanner.yml and define:
- The rules to be executed.
- The severity of violating any specific rule.
- Rule properties such as REGEX expressions.
- Any known exceptions that should be ignored during scanning.
{
"rules": {
// Your rules here
},
"exceptions": {
// Your exceptions here
},
"betamode": false // Enable beta rules
}Using the rules section of your configurations, you can specify the list of rules to be run. Furthermore, you can define the severity and configure expressions of rules. Below is a breakdown of the available attributes of rule configuration:
{
"rules": {
"<RuleName>": {
"severity": "<Severity>",
"expression": "<Expression>"
}
}
}Note: if you prefer JSON format, you can create a .flow-scanner.json file using the same format. For a more on configurations, review the scanner documentation.
lightning-flow-scanner-cli is published to npm only.
| Install with sf (Salesforce CLI) | Install globally with npm |
|---|---|
sf plugins install lightning-flow-scanner |
npm install -g lightning-flow-scanner |
This project optionally uses Volta to manage Node.js versions. Install Volta with:
curl https://get.volta.sh | bashVolta will automatically use the Node.js version defined in
package.json.
- Clone the repository
git clone https://github.com/Flow-Scanner/lightning-flow-scanner-cli.git- Install Dependencies
npm install- Build Executables
npm run build- Run Tests
npm run test- Linking SF CLI Plugin to test changes in your local CLI run:
sf plugins link .- Linking Core Module (Optional)
If you’re developing or testing updates to the core module, you can link it locally:
- In the core module directory, run:
npm run link
- In this CLI project directory, run:
npm link @flow-scanner/lightning-flow-scanner-core
Want to help improve Lightning Flow Scanner? See our Contributing Guidelines