| Description | Severity | Area of impact |
|---|
| Avoid maintaining legacy code with outdated API versions | Warning | Performance |
| Avoid using outdated API versions in new code | Warning | Performance |
| Avoid hardcoded urls | Medium | Manageability |
Avoid using function SObjectType.getDescribe in FLS checks | Low | Performance |
| Apex unit tests should include at least one assertion | High | Manageability |
| Apex unit tests should not use @isTest(seeAllData=true) | Medium | Manageability |
| Avoid using if statements without using braces to surround the code block | Medium | Manageability |
| Avoid using “while” statements without using braces to surround the code block | Medium | Manageability |
| Avoid using if..else statements without using surrounding braces | Medium | Manageability |
| Avoid using “for” statements without using surrounding braces | Medium | Manageability |
| Avoid creating deeply nested if-then statements | Medium | Manageability |
| Methods with numerous parameters should not be used | Medium | Manageability |
| Avoid excessive class file lengths | Medium | Manageability |
| Avoid methods with excessive Lines of Code count | Medium | Manageability |
| Avoid types with excessive Lines of Code count | Medium | Manageability |
| Avoid constructors with excessive Lines of Code count | Medium | Manageability |
| Avoid excessive cyclomatic complexity | Medium | Manageability |
| Avoid classes with too many fields | Medium | Scalability |
| Avoid classes with too many public methods | Medium | Manageability |
| Avoid SOQL inside loops | High | Performance |
| Avoid DML statements inside loops | High | Performance |
| Classes should explicitly declare a sharing mode if DML methods are used | High | Security |
| Redirects to user-controlled locations should be avoided | High | Security |
| Accessing endpoints over unencrypted http should be avoided | High | Security |
| Calls to addError with disabled escaping should be avoided | High | Security |
| Randomly generated IVs and keys should be used for Crypto calls | High | Security |
| Avoid using DML operations in Apex class constructor/init method | High | Security |
| Avoid using untrusted / unescaped variables in DML queries | High | Security |
| Avoid System.debug and Configuration.disableTriggerCRUDSecurity() | High | Security |
| Avoid hardcoded credentials used in requests to an endpoint | High | Security |
| Variable names should start with a Lowercase character | Medium | Manageability |
| Method names should always begin with a Lower case character, and should not contain underscores | Medium | Manageability |
| Class names should always begin with an upper case character | Medium | Manageability |
| Non-constructor methods should not have the same name as the enclosing class | Medium | Manageability |
| The Global modifier should be avoided | Medium | Manageability |
| Access permissions should be checked before a SOQL/SOSL/DML operation | Medium | Manageability |
| Avoid hardcoding IDs | Medium | Manageability |
| Avoid empty block statements | Medium | Manageability |
| Final variables should be fully capitalized and non-final variables should not include underscores | Medium | Manageability |
| Avoid empty Catch Block | Medium | Manageability |
| Avoid Empty If Statements | Medium | Manageability |
| Avoid empty try or finally blocks | Medium | Manageability |
| Avoid Sosl calls within loops | Medium | Manageability |
| Avoid empty while statements | Medium | Manageability |
| Avoid excessive standard cyclomatic complexity | Medium | Manageability |
| Avoid processing unescaped URL parameters | Medium | Manageability |
| Missing ApexDoc comment | Medium | Manageability |
| Missing ApexDoc @description | Medium | Manageability |
| Avoid declaring multiple variables in a single line | Low | Manageability |
| Possible extra-sensitive PII usage in configuration element – Gender | High | Security |
| Possible extra-sensitive PII usage in configuration element – Religion | High | Security |
| Possible PII usage in configuration element – Email | Warning | Security |
| Possible PII usage in configuration element – Address | Warning | Security |
| Possible PII usage in configuration element – Nationality | Warning | Security |
| Possible PII usage in configuration element – Passport | Warning | Security |
