Monitoring home

• Monitor your Salesforce org with sfdx-hardis
• How does it work ?
• All Monitoring Commands
  • Metadata Backup
  • Apex tests
  • Quality Checks with MegaLinter
  • Detect suspect setup actions in major org
  • Detect calls to deprecated API versions
  • Detect custom elements with no access rights defined in permission sets
  • Detect unused licenses
  • Detect custom labels and custom permissions that are not in use
  • Detect inactive metadata
  • Detect missing attributes

Monitor your Salesforce org with sfdx-hardis

This feature worked yesterday in production, but today it crashes, what happened ?

Salesforce provide Audit Trail to trace configuration updates in production or sandbox orgs.

You can know who updated what, but not with details (before / after).

Sfdx-hardis monitoring provides a simple way to know the exact state of your orgs metadatas everyday, or even several times a day, and provides an exact and detailed comparison with the previous metadata configuration (using git commits comparison)

Installation and usage are admin-friendly, and notifications can be sent via Slack or Microsoft Teams.

Example of a monitoring git repository

Example notifications with Slack

Extra features are also available, like:

• Run apex tests (and soon flow tests)
• Analyze the quality and the security of your metadatas with MegaLinter
• Check if you have deprecated api versions called
• Custom command lines that you can define in .sfdx-hardis.yml

You don't need to work in CI/CD to use Monitoring, it is compliant with any API enabled org :)

How does it work ?

Every night (or even more frequently, according to your schedule), a CI job will be triggered.

It will extract all the metadatas of your org, then push a new commit in the monitoring repository in case there are updates since the latest metadata backup.

Example workflow with GitHub actions

Example diff visualization with GitLens

The list of updated metadatas will be sent via notification to a Slack and/or Microsoft Teams channel.

After the metadata backup, other jobs will be triggered (Apex tests, Code Quality, Legacy API checks + your own commands), and their results will be stored in job artifacts and sent via notifications.

Are you ready ? Configure the monitoring on your orgs !

All Monitoring Commands

The following checks are active out of the box.

In order to avoid to overflow channels of notifications, some commands are run everyday whereas less critical ones are run weekly (on saturday).

You can force the daily run of all commands by defining env var MONITORING_IGNORE_FREQUENCY=true.

Metadata Backup

Adds a new commit in the git branch with the newest updates since latest monitoring run.

Sfdx-hardis command: sfdx hardis:org:monitor:backup

Apex tests

Runs all local test classes of the org and calculate coverage.

Sfdx-hardis command: sfdx hardis:org:test:apex

Quality Checks with MegaLinter

Will check if best practices are applied for:

• Apex with PMD
• LWC & Aura with eslint
• Flows with Lightning Flow Scanner
• Security with checkov, gitleaks, secretlint, trivy...

Full list in MegaLinter Documentation

Detect suspect setup actions in major org

Will extract from audit trail all actions that are considered as suspect, excepted the ones related to the deployment user and a given list of users, like the release manager.

Sfdx-hardis command: sfdx hardis:org:diagnose:audittrail

Key: AUDIT_TRAIL

Detect calls to deprecated API versions

Will check if legacy API versions are called by external tools.

Sfdx-hardis command: sfdx hardis:org:diagnose:legacyapi

Key: LEGACY_API

Detect custom elements with no access rights defined in permission sets

If there are elements that nobody has access to, maybe they should be removed !

Sfdx-hardis command: sfdx hardis:lint:access

Key: LINT_ACCESS

Detect unused licenses

When you assign a Permission Set to a user, and that this Permission Set is related to a Permission Set License, a Permission Set License Assignment is automatically created for the user.

But when you unassign this Permission Set from the user, the Permission Set License Assignment is not deleted.

This leads that you can be charged for Permission Set Licenses that are not used !

This command detects such useless Permission Set Licenses Assignments and suggests to delete them.

Many thanks to Vincent Finet for the inspiration during his great speaker session at French Touch Dreamin '23, and his kind agreement for reusing such inspiration in this command :)

Sfdx-hardis command: sfdx hardis:org:diagnose:unusedlicenses

Key: UNUSED_LICENSES

Detect custom labels and custom permissions that are not in use

If there are elements that are not used by anything, maybe they should be removed !

Sfdx-hardis command: sfdx hardis:lint:unusedmetadatas

Key: UNUSED_METADATAS

Detect inactive metadata

Are you sure this inactive flow should be inactive ?

Sfdx-hardis command: sfdx hardis:lint:metadatastatus

Key: METADATA_STATUS

Detect missing attributes

Follow best practices by documenting your data model !

Sfdx-hardis command: sfdx hardis:lint:missingattributes

Key: MISSING_ATTRIBUTES