Testing Center Bridge
SquireX bridges static security analysis with Salesforce's native dynamic testing pipeline.
The Full Pipelineโ
squirex scan โ SARIF violations
โ
squirex generate-tests โ Agentforce DX test YAML
โ
sf agent test run โ Salesforce Testing Center
The generate-tests command converts each SARIF violation into an Agentforce DX test specification โ a YAML file that sf agent test run can execute against a connected Salesforce org.
Why This Mattersโ
Static analysis (SARIF) tells you what metadata looks wrong. Dynamic testing (Testing Center) tells you whether the exploit actually works at runtime. Together they give you defense-in-depth:
| Layer | Tool | What it catches |
|---|---|---|
| Static | squirex scan | Configuration errors, pattern matches |
| Dynamic | Testing Center | Runtime behavior, response validation |
Quick Exampleโ
# One-shot: scan + generate + validate + push
squirex generate-tests -d ./force-app --validate --push --target-org my-sandbox
See generate-tests Command โ for all flags.