Monitoring home
- Monitor your Salesforce org with sfdx-hardis
- How does it work ?
- All Monitoring Commands
- Metadata Backup
- Apex tests
- Quality Checks with MegaLinter
- Detect suspect setup actions in major org
- Detect calls to deprecated API versions
- Detect custom elements with no access rights defined in permission sets
- Detect unused licenses
- Detect custom labels and custom permissions that are not in use
- Detect inactive metadata
- Detect missing attributes
Monitor your Salesforce org with sfdx-hardis
This feature worked yesterday in production, but today it crashes, what happened ?
Salesforce provide Audit Trail to trace configuration updates in production or sandbox orgs.
You can know who updated what, but not with details (before / after).
Sfdx-hardis monitoring provides a simple way to know the exact state of your orgs metadatas everyday, or even several times a day, and provides an exact and detailed comparison with the previous metadata configuration (using git commits comparison)
Installation and usage are admin-friendly, and notifications can be sent via Slack or Microsoft Teams.
Example of a monitoring git repository
Example notifications with Slack
Extra features are also available, like:
- Run apex tests (and soon flow tests)
- Analyze the quality and the security of your metadatas with MegaLinter
- Check if you have deprecated api versions called
- Custom command lines that you can define in
.sfdx-hardis.yml
You don't need to work in CI/CD to use Monitoring, it is compliant with any API enabled org :)
How does it work ?
Every night (or even more frequently, according to your schedule), a CI job will be triggered.
It will extract all the metadatas of your org, then push a new commit in the monitoring repository in case there are updates since the latest metadata backup.
Example workflow with GitHub actions
Example diff visualization with GitLens
The list of updated metadatas will be sent via notification to a Slack and/or Microsoft Teams channel.
After the metadata backup, other jobs will be triggered (Apex tests, Code Quality, Legacy API checks + your own commands), and their results will be stored in job artifacts and sent via notifications.
Are you ready ? Configure the monitoring on your orgs !
All Monitoring Commands
The following checks are active out of the box.
In order to avoid to overflow channels of notifications, some commands are run everyday whereas less critical ones are run weekly (on saturday).
You can force the daily run of all commands by defining env var MONITORING_IGNORE_FREQUENCY=true
.
Metadata Backup
Adds a new commit in the git branch with the newest updates since latest monitoring run.
Sfdx-hardis command: sfdx hardis:org:monitor:backup
Apex tests
Runs all local test classes of the org and calculate coverage.
Sfdx-hardis command: sfdx hardis:org:test:apex
Quality Checks with MegaLinter
Will check if best practices are applied for:
- Apex with PMD
- LWC & Aura with eslint
- Flows with Lightning Flow Scanner
- Security with checkov, gitleaks, secretlint, trivy...
Full list in MegaLinter Documentation
Detect suspect setup actions in major org
Will extract from audit trail all actions that are considered as suspect, excepted the ones related to the deployment user and a given list of users, like the release manager.
Sfdx-hardis command: sfdx hardis:org:diagnose:audittrail
Key: AUDIT_TRAIL
Detect calls to deprecated API versions
Will check if legacy API versions are called by external tools.
Sfdx-hardis command: sfdx hardis:org:diagnose:legacyapi
Key: LEGACY_API
Detect custom elements with no access rights defined in permission sets
If there are elements that nobody has access to, maybe they should be removed !
Sfdx-hardis command: sfdx hardis:lint:access
Key: LINT_ACCESS
Detect unused licenses
When you assign a Permission Set to a user, and that this Permission Set is related to a Permission Set License, a Permission Set License Assignment is automatically created for the user.
But when you unassign this Permission Set from the user, the Permission Set License Assignment is not deleted.
This leads that you can be charged for Permission Set Licenses that are not used !
This command detects such useless Permission Set Licenses Assignments and suggests to delete them.
Many thanks to Vincent Finet for the inspiration during his great speaker session at French Touch Dreamin '23, and his kind agreement for reusing such inspiration in this command :)
Sfdx-hardis command: sfdx hardis:org:diagnose:unusedlicenses
Key: UNUSED_LICENSES
Detect custom labels and custom permissions that are not in use
If there are elements that are not used by anything, maybe they should be removed !
Sfdx-hardis command: sfdx hardis:lint:unusedmetadatas
Key: UNUSED_METADATAS
Detect inactive metadata
Are you sure this inactive flow should be inactive ?
Sfdx-hardis command: sfdx hardis:lint:metadatastatus
Key: METADATA_STATUS
Detect missing attributes
Follow best practices by documenting your data model !
Sfdx-hardis command: sfdx hardis:lint:missingattributes
Key: MISSING_ATTRIBUTES