upgrade code analyzer to v5

.automation/generated/linter-links-previews.json

@@ -84,6 +84,21 @@
     "image": "https://opengraph.githubassets.com/bf0d187aea6f03a804178458080b2be18a5fd1bf8d8cc353ff3150743aae9805/greglook/cljstyle",
     "title": "GitHub - greglook/cljstyle: A tool for formatting Clojure code"
   },
+  "code-analyzer-apex": {
+    "description": "To get started scanning your code with Salesforce Code Analyzer, follow this developer workflow and choose resources that match your learning style.",
+    "image": null,
+    "title": "Get Started | Salesforce Code Analyzer | Salesforce Developers"
+  },
+  "code-analyzer-aura": {
+    "description": "To get started scanning your code with Salesforce Code Analyzer, follow this developer workflow and choose resources that match your learning style.",
+    "image": null,
+    "title": "Get Started | Salesforce Code Analyzer | Salesforce Developers"
+  },
+  "code-analyzer-lwc": {
+    "description": "To get started scanning your code with Salesforce Code Analyzer, follow this developer workflow and choose resources that match your learning style.",
+    "image": null,
+    "title": "Get Started | Salesforce Code Analyzer | Salesforce Developers"
+  },
   "coffeelint": {
     "description": "\n          CoffeeLint is a style checker that helps keep\n          CoffeeScript\n          code clean and consistent. CoffeeScript does a great job at\n          insulating programmers from many of\n          JavaScript's bad parts, but it won't help enforce a consistent style\n          across a code base. CoffeeLint can help with that.\n        ",
     "image": null,

.automation/generated/linter-versions.json

@@ -3,7 +3,7 @@
     "ansible-lint": "25.9.2",
     "arm-ttk": "0.0.0",
     "bandit": "1.8.6",
-    "bash-exec": "5.2.37",
+    "bash-exec": "5.1.4",
     "bicep_linter": "0.38.33",
     "black": "25.9.0",
     "cfn-lint": "1.40.2",
@@ -33,7 +33,7 @@
     "eslint-plugin-jsonc": "2.15.1",
     "flake8": "7.3.0",
     "gherkin-lint": "0.0.0",
-    "git_diff": "2.49.1",
+    "git_diff": "2.47.0",
     "gitleaks": "8.28.0",
     "golangci-lint": "2.5.0",
     "goodcheck": "3.1.0",
@@ -69,8 +69,8 @@
     "phplint": "9.6.2",
     "phpstan": "2.1.31",
     "pmd": "7.17.0",
-    "powershell": "7.5.4",
-    "powershell_formatter": "7.5.4",
+    "powershell": "5.1.26100",
+    "powershell_formatter": "5.1.26100",
     "prettier": "3.6.2",
     "proselint": "0.14.0",
     "protolint": "0.56.4",

.automation/generated/linters_matrix.json

@@ -94,6 +94,9 @@
   "rst_rstfmt",
   "ruby_rubocop",
   "rust_clippy",
+  "salesforce_code_analyzer_apex",
+  "salesforce_code_analyzer_aura",
+  "salesforce_code_analyzer_lwc",
   "salesforce_sfdx_scanner_apex",
   "salesforce_sfdx_scanner_aura",
   "salesforce_sfdx_scanner_lwc",

.eslintignore

@@ -0,0 +1 @@
+!.automation

CHANGELOG.md

@@ -87,6 +87,10 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [kics](https://www.kics.io) from 2.1.14 to **2.1.15** on 2025-10-26
   - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 9.2.1 to **9.2.2** on 2025-10-26
   - [terragrunt](https://terragrunt.gruntwork.io) from 0.91.1 to **0.91.5** on 2025-10-26
+  - [powershell_formatter](https://github.com/PowerShell/PSScriptAnalyzer) from 7.5.4 to **5.1.26100** on 2025-10-27
+  - [powershell](https://github.com/PowerShell/PSScriptAnalyzer) from 7.5.4 to **5.1.26100** on 2025-10-27
+  - [git_diff](https://git-scm.com) from 2.49.1 to **2.47.0** on 2025-10-27
+  - [bash-exec](https://www.gnu.org/software/bash/) from 5.2.37 to **5.1.4** on 2025-10-27
 <!-- linter-versions-end -->
 
 ## [v9.1.0] - 2025-10-07

Dockerfile

@@ -338,6 +338,8 @@ ARG GEM_RUBOCOP_RAILS_VERSION=2.33.4
 ARG GEM_RUBOCOP_RAKE_VERSION=0.7.1
 # renovate: datasource=rubygems depName=rubocop-rspec
 ARG GEM_RUBOCOP_RSPEC_VERSION=3.7.0
+# renovate: datasource=npm depName=@salesforce/plugin-code-analyzer
+ARG SALESFORCE_CODE_ANALYZER_VERSION=5.5.0
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
 ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
 # renovate: datasource=pypi depName=snakemake
@@ -1102,6 +1104,23 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOS
 #
 # rubocop installation
 #
+# code-analyzer-apex installation
+    && sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+    && (npm cache clean --force || true) \
+    && rm -rf /root/.npm/_cacache \
+#
+# code-analyzer-aura installation
+# Next line commented because already managed by another linter
+# RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+#     && (npm cache clean --force || true) \
+#     && rm -rf /root/.npm/_cacache
+#
+# code-analyzer-lwc installation
+# Next line commented because already managed by another linter
+# RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+#     && (npm cache clean --force || true) \
+#     && rm -rf /root/.npm/_cacache
+#
 # sfdx-scanner-apex installation
     && sf plugins install @salesforce/sfdx-scanner@${SALESFORCE_SFDX_SCANNER_VERSION} \
     && (npm cache clean --force || true) \

TEMPLATES/apex.yml

@@ -0,0 +1,71 @@
+# ======================================================================
+# CODE ANALYZER CONFIGURATION
+# To learn more about this configuration, visit:
+#   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/config-custom.html
+# ======================================================================
+# Level at which to log messages to log files.
+# Possible values are:
+#   1 or 'Error' - Includes only error messages in the log.
+#   2 or 'Warn' - Includes warning and error messages in the log.
+#   3 or 'Info' - Includes informative, warning, and error messages in the log.
+#   4 or 'Debug' - Includes debug, informative, warning, and error messages in the log.
+#   5 or 'Fine' - Includes fine detail, debug, informative, warning, and error messages in the log.
+# If unspecified, or if specified as null, then the 'Debug' log level will be used.
+log_level: 4
+
+# Engine specific custom configuration settings of the format engines.{engine_name}.{property_name} = {value} where:
+#   {engine_name} is the name of the engine containing the setting that you want to override.
+#   {property_name} is the name of a property that you would like to override.
+# Each engine may have its own set of properties available to help customize that particular engine's behavior.
+engines:
+  # ======================================================================
+  # PMD ENGINE CONFIGURATION
+  # To learn more about this configuration, visit:
+  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-pmd.html#pmd-configuration-reference
+  # ======================================================================
+  pmd:
+
+    # Whether to turn off the 'pmd' engine so that it is not included when running Code Analyzer commands.
+    disable_engine: false
+
+    # Specifies the list of file extensions to associate to each rule language.
+    # The rule(s) associated with a given language will run against all the files in your workspace containing one of
+    # the specified file extensions. Each file extension can only be associated to one language. If a specific language
+    # is not specified, then a set of default file extensions for that language will be used.
+    file_extensions:
+      apex:
+        - .cls
+        - .trigger
+      html:
+        - .html
+        - .htm
+        - .xhtml
+        - .xht
+        - .shtml
+        - .cmp
+      javascript:
+        - .js
+        - .cjs
+        - .mjs
+      typescript:
+        - .ts
+      visualforce:
+        - .page
+        - .component
+      xml:
+        - .xml
+
+    # List of xml ruleset files containing custom PMD rules to be made available for rule selection.
+    # Each ruleset must be an xml file that is either:
+    #   - on disk (provided as an absolute path or a relative path to 'config_root')
+    #   - or a relative resource found on the Java classpath.
+    # Not all custom rules can be fully defined within an xml ruleset file. For example, Java based rules may be defined in jar files.
+    # In these cases, you will need to also add your additional files to the Java classpath using the 'java_classpath_entries' field.
+    # See https://pmd.github.io/pmd/pmd_userdocs_making_rulesets.html to learn more about PMD rulesets.
+    custom_rulesets: [
+      ./apex-pmd-ruleset.xml
+    ]
+
+# ======================================================================
+# END OF CODE ANALYZER CONFIGURATION
+# ======================================================================

docs/descriptors/salesforce_sfdx_scanner_apex.md

@@ -401,7 +401,7 @@ RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACK
 ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
 # Linter install
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
-ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
+ARG SALESFORCE_SFDX_SCANNER_VERSION=5.5.0
 RUN sf plugins install @salesforce/sfdx-scanner@${SALESFORCE_SFDX_SCANNER_VERSION} \
     && (npm cache clean --force || true) \
     && rm -rf /root/.npm/_cacache

docs/descriptors/salesforce_sfdx_scanner_aura.md

@@ -398,7 +398,7 @@ RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACK
 ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
 # Linter install
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
-ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
+ARG SALESFORCE_SFDX_SCANNER_VERSION=5.5.0
 RUN sf plugins install @salesforce/sfdx-scanner@${SALESFORCE_SFDX_SCANNER_VERSION} \
     && (npm cache clean --force || true) \
     && rm -rf /root/.npm/_cacache

docs/descriptors/salesforce_sfdx_scanner_lwc.md

@@ -399,7 +399,7 @@ RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACK
 ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
 # Linter install
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
-ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
+ARG SALESFORCE_SFDX_SCANNER_VERSION=5.5.0
 RUN sf plugins install @salesforce/sfdx-scanner@${SALESFORCE_SFDX_SCANNER_VERSION} \
     && (npm cache clean --force || true) \
     && rm -rf /root/.npm/_cacache

docs/standalone-linters.md

@@ -101,10 +101,13 @@
 | RST_RSTFMT                        | ghcr.io/oxsecurity/megalinter-only-rst_rstfmt:beta                        |            ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-rst_rstfmt/beta)             |
 | RUBY_RUBOCOP                      | ghcr.io/oxsecurity/megalinter-only-ruby_rubocop:beta                      |           ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-ruby_rubocop/beta)            |
 | RUST_CLIPPY                       | ghcr.io/oxsecurity/megalinter-only-rust_clippy:beta                       |            ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-rust_clippy/beta)            |
+| SALESFORCE_CODE_ANALYZER_APEX     | ghcr.io/oxsecurity/megalinter-only-salesforce_code_analyzer_apex:beta     |   ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_code_analyzer_apex/beta)   |
+| SALESFORCE_CODE_ANALYZER_AURA     | ghcr.io/oxsecurity/megalinter-only-salesforce_code_analyzer_aura:beta     |   ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_code_analyzer_aura/beta)   |
+| SALESFORCE_CODE_ANALYZER_LWC      | ghcr.io/oxsecurity/megalinter-only-salesforce_code_analyzer_lwc:beta      |   ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_code_analyzer_lwc/beta)    |
+| SALESFORCE_LIGHTNING_FLOW_SCANNER | ghcr.io/oxsecurity/megalinter-only-salesforce_lightning_flow_scanner:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_lightning_flow_scanner/beta) |
 | SALESFORCE_SFDX_SCANNER_APEX      | ghcr.io/oxsecurity/megalinter-only-salesforce_sfdx_scanner_apex:beta      |   ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_sfdx_scanner_apex/beta)    |
 | SALESFORCE_SFDX_SCANNER_AURA      | ghcr.io/oxsecurity/megalinter-only-salesforce_sfdx_scanner_aura:beta      |   ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_sfdx_scanner_aura/beta)    |
 | SALESFORCE_SFDX_SCANNER_LWC       | ghcr.io/oxsecurity/megalinter-only-salesforce_sfdx_scanner_lwc:beta       |    ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_sfdx_scanner_lwc/beta)    |
-| SALESFORCE_LIGHTNING_FLOW_SCANNER | ghcr.io/oxsecurity/megalinter-only-salesforce_lightning_flow_scanner:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-salesforce_lightning_flow_scanner/beta) |
 | SCALA_SCALAFIX                    | ghcr.io/oxsecurity/megalinter-only-scala_scalafix:beta                    |          ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-scala_scalafix/beta)           |
 | SNAKEMAKE_LINT                    | ghcr.io/oxsecurity/megalinter-only-snakemake_lint:beta                    |          ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-snakemake_lint/beta)           |
 | SNAKEMAKE_SNAKEFMT                | ghcr.io/oxsecurity/megalinter-only-snakemake_snakefmt:beta                |        ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-snakemake_snakefmt/beta)         |

flavors/salesforce/Dockerfile

@@ -163,6 +163,8 @@ ARG REPOSITORY_SYFT_VERSION=1.34.2
 ARG REPOSITORY_TRIVY_VERSION=0.67.2
 # renovate: datasource=github-tags depName=aquasecurity/trivy
 ARG REPOSITORY_TRIVY_SBOM_VERSION=0.67.2
+# renovate: datasource=npm depName=@salesforce/plugin-code-analyzer
+ARG SALESFORCE_CODE_ANALYZER_VERSION=5.5.0
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
 ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
 # renovate: datasource=pypi depName=snakemake
@@ -492,6 +494,23 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
 # trufflehog installation
 # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
 #
+# code-analyzer-apex installation
+    && sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+    && (npm cache clean --force || true) \
+    && rm -rf /root/.npm/_cacache \
+#
+# code-analyzer-aura installation
+# Next line commented because already managed by another linter
+# RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+#     && (npm cache clean --force || true) \
+#     && rm -rf /root/.npm/_cacache
+#
+# code-analyzer-lwc installation
+# Next line commented because already managed by another linter
+# RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
+#     && (npm cache clean --force || true) \
+#     && rm -rf /root/.npm/_cacache
+#
 # sfdx-scanner-apex installation
     && sf plugins install @salesforce/sfdx-scanner@${SALESFORCE_SFDX_SCANNER_VERSION} \
     && (npm cache clean --force || true) \

flavors/salesforce/flavor.json

@@ -44,6 +44,9 @@
         "REPOSITORY_TRIVY",
         "REPOSITORY_TRIVY_SBOM",
         "REPOSITORY_TRUFFLEHOG",
+        "SALESFORCE_CODE_ANALYZER_APEX",
+        "SALESFORCE_CODE_ANALYZER_AURA",
+        "SALESFORCE_CODE_ANALYZER_LWC",
         "SALESFORCE_SFDX_SCANNER_APEX",
         "SALESFORCE_SFDX_SCANNER_AURA",
         "SALESFORCE_SFDX_SCANNER_LWC",