Scanning Basics
The squirex scan command runs all security rules against your Salesforce project metadata and outputs SARIF v2.1.0.
Basic Scanโ
squirex scan -d ./force-app
SquireX discovers all supported metadata types under the directory recursively. On completion it prints a summary and the SARIF JSON to stdout.
Save to Fileโ
squirex scan -d ./force-app --sarif results.sarif
The --sarif flag writes results to a file instead of stdout, which is required for CI/CD upload steps.
Run Specific Rulesโ
# Single rule
squirex scan -d ./force-app --rules AGENTFORCE-1.1
# Comma-separated list
squirex scan -d ./force-app --rules AGENTFORCE-1.1,AGENTFORCE-9.1,AGENTFORCE-SC-01
Supported Metadata Typesโ
| Format | File Extensions |
|---|---|
| Agent Scripts | .agent |
| GenAiFunction | .genAiFunction-meta.xml |
| GenAiPlugin | .genAiPlugin-meta.xml |
| GenAiPlanner | .genAiPlannerBundle-meta.xml |
| PromptTemplate | .genAiPromptTemplate-meta.xml |
| PromptTemplateActv | .genAiPromptTemplateActv-meta.xml |
| JSON Schema | schema.json |
| Apex Classes | .cls |
| Flows | .flow-meta.xml |
| AiEvaluationDefinition | .aiEvaluationDefinition-meta.xml |
| Custom Field | .field-meta.xml |
| Apex Trigger | .trigger |
| LWC Component | .js (in lwc/ dirs) |
| Connected App | .connectedApp-meta.xml |
| Named Credential | .namedCredential-meta.xml |
| MCP Server Config | .mcp.json, .mcp-config.json |
| Agent Fabric | agent-network.yaml, agent-network.yml |
| Project Config | sfdx-project.json, package.xml |
Scan Outputโ
๐ SquireX Agent Capability Scan Results
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Files scanned: 24
Rules evaluated: (all)
Duration: 340ms
Violations: 3
๐จ Critical: 1
๐ด High: 2
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SCAN FAILED โ 3 violation(s) found
Exit Codesโ
| Code | Meaning |
|---|---|
0 | Scan passed โ no violations |
1 | Scan failed โ violations found |
2 | Scan error โ file discovery or parse failure |
Use exit code 1 to block CI pipelines on violations.
Next Stepsโ
- PR Integration โ โ scan only changed files
- SARIF Output โ โ upload to GitHub Advanced Security
- Security Rules โ โ full rule reference