Merge pull request #1231 from forcedotcom/dev

RELEASE: @W-14381328@: Merging dev to release for v3.18.0

Author: jfeingold35

.github/ISSUE_TEMPLATE/0scanner_run_bug.md

@@ -0,0 +1,67 @@
+---
+name: Report a Bug with scanner:run
+about: Report an issue with the scanner:run command.
+title: "[BUG]"
+labels: ''
+assignees: ''
+---
+<!--
+### Try These Steps to Resolve Issues with `scanner:run`
+
+Oftentimes, you can resolve `scanner:run` issues on your own. Follow these steps.
+
+1. Read the error message.
+2. Read [Salesforce Code Analyzer](https://forcedotcom.github.io/sfdx-scanner/) documentation.
+3. Double-check the command that you ran. Ensure that items like file names, method names, and category names are correctly spelled and cased.
+4. Verify that your code is syntactically valid.
+5. Verify that the error is reproducible on another machine.
+6. Attempt to reproduce the error by running against that engine directly instead of via the Code Analyzer. If you can reproduce the error, create an issue on that engine's repo instead of on Code Analyzer's repo.
+7. Check open and closed [issues](https://github.com/forcedotcom/sfdx-scanner/issues) to see if your issue is already logged.
+
+### Prepare for an AppExchange Security Review
+
+If you're listing a managed package on AppExchange, prepare for the security review by following the instructions in the [Scan Your Solution with Salesforce Code Analyzer](https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_code_analyzer_scan.htm) section of the ISVforce Guide.
+
+### Log a `scanner:run` Issue
+If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner:run` issue.
+
+1. Fill out the `scanner:run` Issue Template.
+2. Attach your code with your issue.
+3. If you can't publicly share the code that causes the issue, reproduce it in code that you can publicly share. Attach this substitute code to your issue.
+4. Give your issue a clear and specific title. Example: "InternalExecutionError when scanning XYZ code".
+-->
+### `scanner:run` Issue Template
+
+Fill out this template to submit your Code Analyzer issue.
+
+**Description**:
+<!--Provide a clear and concise description of what the bug is.-->
+
+**Documentation**:
+<!--Attach any documentation, such as a clean log.-->
+
+**Steps To Reproduce**:
+<!--List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.-->
+
+**Expected Behavior**:
+<!--Provide a clear and concise description of what you expected to happen.-->
+
+**Screenshots**:
+<!--If applicable, add screenshots to help explain your problem.-->
+
+**Desktop**:
+<!--
+Provide these details:
+- Operating System. Example: Ventura 13.5
+- Code Analyzer version. Example: v3.16.0
+- Salesforce CLI version. Example: @salesforce/cli/2.0.2
+-->
+
+**Additional Context**:
+<!--Add any other context about the problem.-->
+
+**Workaround**:
+<!--What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?-->
+
+**Urgency**:
+<!--What is the severity of the problem?-->

.github/ISSUE_TEMPLATE/1scanner_run_dfa_bug.md

@@ -0,0 +1,72 @@
+---
+name: Report a Bug with scanner:run:dfa
+about: Report an issue with the scanner:run:dfa command.
+title: "[BUG]"
+labels: ''
+assignees: ''
+---
+<!--
+### Try These Steps to Resolve Issues with `scanner:run:dfa`
+
+Oftentimes, you can resolve `scanner:run:dfa` issues on your own. Follow these steps.
+
+1. Read the error message.
+2. Read [Salesforce Graph Engine](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/introduction/) documentation.
+3. Read our guide for [troubleshooting Graph Engine errors](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/troubleshooting/#issues-using-salesforce-graph-engine).
+4. Read our guidelines to resolve [LimitReached errors](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/working-with-sfge/#understand-limitreached-errors) and [path evaluation timeouts](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/troubleshooting/#issues-using-salesforce-graph-engine).
+5. Read our [Guide to Writing Graph Engine-Friendly Code](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/graph-engine-recommendations/).
+6. Double-check the command that you entered. Ensure that items like file names, method names, and category names are correctly spelled and cased.
+7. Verify that your code is syntactically valid.
+8. Verify that the error is reproducible on another machine.
+9. Check open and closed [issues](https://github.com/forcedotcom/sfdx-scanner/issues) to see if your issue is already logged.
+10. If there's no existing issue that covers your situation, log a new issue.
+
+### Prepare for an AppExchange Security Review
+
+If you're listing a managed package on AppExchange, prepare for the security review by following the instructions in the [Scan Your Solution with Salesforce Code Analyzer](https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_code_analyzer_scan.htm) section of the ISVforce Guide.
+
+**Note: In your scan report, if you see an InternalExecutionError or a LimitReached error, you can still submit for AppExchange security review. These errors aren't blockers.**
+
+### Log a `scanner:run:dfa` Issue
+If you're still having trouble after following the troubleshooting steps and checking that there's no existing issue that covers your situation, log a new `scanner:run:dfa` issue.
+
+1. Fill out the `scanner:run:dfa` Issue Template.
+2. Attach your code with your issue.
+3. If you can't publicly share the code that causes the issue, reproduce it in code that you can publicly share. Attach this substitute code to your issue.
+4. Give your issue a clear and specific title. Example: InternalExecutionError when scanning XYZ code.
+-->
+### `scanner:run:dfa` Issue Template
+
+Fill out this template to submit your Code Analyzer issue.
+
+**Description:**
+<!--Provide a clear and concise description of what the bug is.-->
+
+**Documentation:**
+<!--Attach a clean log, which can be found in `~/.sfdx-scanner/sfge.log`. List the affected file. If the error message mentions a specific graph vertex, check its DefiningType and BeginLine properties and include the code at that line.-->
+
+**Steps To Reproduce:**
+<!--List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.-->
+
+**Expected Behavior:**
+<!--Provide a clear and concise description of what you expected to happen.-->
+
+**Screenshots:**
+<!--If applicable, add screenshots to help explain your problem.-->
+
+**Desktop:**
+<!--
+Provide these details:
+- Operating System. Example: Ventura 13.5
+- Code Analyzer version. Example: v3.16.0
+- Salesforce CLI version. Example: @salesforce/cli/2.0.2
+-->
+
+**Additional Context:**
+<!--Add any other context about the problem.-->
+
+**Workaround:**
+<!--What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?-->
+
+**Urgency:**
+<!--What is the severity of the problem?-->

.github/ISSUE_TEMPLATE/2scanner_run_false_result.md

@@ -0,0 +1,43 @@
+---
+name: Report a scanner:run False Result
+about: Report false results in scanner:run scan reports. If you’re submitting your managed package for AppExchange security review, include documentation of your false results with your submission.
+title: "[False Result]"
+labels: ''
+assignees: ''
+---
+### Salesforce Code Analyzer False Results Template
+
+**Description:**
+<!--Provide a clear and concise description of what the bug is.-->
+
+**Documentation:**
+<!--Attach a clean log, if available.-->
+
+**False Results Report:**
+<!--Explain why you believe this error is a false result.-->
+
+**Steps To Reproduce:**
+<!--List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.-->
+
+**Expected Behavior:**
+<!--Provide a clear and concise description of what you expected to happen.-->
+
+**Screenshots:**
+<!--If applicable, add screenshots to help explain your problem.-->
+
+**Desktop:**
+<!--
+Provide these details:
+- Operating System. Example: Ventura 13.5
+- Code Analyzer version. Example: v3.16.0
+- Salesforce CLI version. Example: @salesforce/cli/2.0.2
+-->
+
+**Additional Context:**
+<!--Add any other context about the problem. Provide any specific code or configuration details required to reproduce the problem.-->
+
+**Workaround:**
+<!--What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?-->
+
+**Urgency:**
+<!--What is the severity of the problem?-->

.github/ISSUE_TEMPLATE/3scanner_run_dfa_false_result.md

@@ -0,0 +1,43 @@
+---
+name: Report a scanner:run:dfa False Result
+about: Report false results returned in scanner:run:dfa scan reports. If you’re submitting for AppExchange security review, include documentation of your false results with your submission.
+title: "[False Result]"
+labels: ''
+assignees: ''
+---
+### `scanner:run:dfa` False Positives Template
+
+**Description:**
+<!--Provide a clear and concise description of what the bug is.-->
+
+**Documentation:**
+<!--Attach a clean log, which you can find in `~/.sfdx-scanner/sfge.log`, list the affected files and lines for the source and sink vertices.-->
+
+**False results Report:**
+<!--Explain why you believe this error is a false result.-->
+
+**Steps To Reproduce:**
+<!--List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.-->
+
+**Expected Behavior:**
+<!--Provide a clear and concise description of what you expected to happen.-->
+
+**Screenshots:**
+<!--If applicable, add screenshots to help explain your problem.-->
+
+**Desktop:**
+<!--
+Provide these details:
+- Operating System. Example: Ventura 13.5
+- Code Analyzer version. Example: v3.16.0
+- Salesforce CLI version. Example: @salesforce/cli/2.0.2
+-->
+
+**Additional Context:**
+<!--Add any other context about the problem. Provide any specific code or configuration details required to reproduce the problem.-->
+
+**Workaround:**
+<!--What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?-->
+
+**Urgency:**
+<!--What is the severity of the problem?-->

.github/ISSUE_TEMPLATE/4feature_request.md

@@ -0,0 +1,26 @@
+---
+name: Request a New Feature
+about: Request a new Salesforce Code Analyzer feature. Suggest a new rule or an additional engine.
+title: "[Feature Request]"
+labels: USER STORY
+assignees: ''
+---
+
+**Is your feature request related to an issue that you encountered with Salesforce Code Analyzer?**
+<!--Provide a clear and concise description of what the problem is. Example: When I run `scanner:run:describe`, I want to see a sorted list of commands.
+
+**Describe the solution that you want:**
+<!--Describe the clear and concise description of the result that you expect from your feature request.-->
+
+**Describe alternatives that you've considered:**
+<!--Describe any alternative solutions or features you've considered.-->
+
+**Additional Context:**
+<!--Give us any other context or screenshots about your feature request.-->
+
+**Workaround:**
+<!--Are there any current Code Analyzer or Graph Engine existing capabilities that match or are similar to your feature request?-->
+
+**Urgency:**
+<!--If we can implement your feature, how soon would you like to use this feature? Choose from: Nice to have, Highly Beneficial, or Can't Live Without It.-->
+

.github/ISSUE_TEMPLATE/bug_report.md

@@ -257,7 +257,7 @@ jobs:
       - run: mkdir test-results
       - name: Self-evaluation
         id: self-eval
-        run: bin/run scanner:run --target ./src --format junit --outfile ./test-results/src.xml --severity-threshold 3
+        run: bin/run.js scanner:run --target ./src --format junit --outfile ./test-results/src.xml --severity-threshold 3
       # TODO: In the future, we could replace this step with a JS-based one that uses `core.setFailed()` to set a failure
       #       message in the annotations.
       - name: Log results

.github/ISSUE_TEMPLATE/business-stopping-bug.md

@@ -147,6 +147,9 @@ build
 .project
 .settings
 
+# OCLIF lockfile auto-generated during publishing
+oclif.lock
+
 pmd-cataloger/bin
 
 sfge*.log.gz