A Python-based CLI tool for analyzing Salesforce org health, security, and automation complexity.
The tool connects to Salesforce using the Salesforce CLI and retrieves data via the Salesforce REST API and Tooling API to evaluate operational risks, system limits, and automation patterns.
This project was created as part of my journey into Python development, building on my experience as a Salesforce Developer.
The goal was to combine practical Salesforce knowledge with Python to create a useful tool for analyzing org health, security, and automation complexity.
Rather than being a generic Python exercise, this project focuses on real-world scenarios and problems commonly encountered in Salesforce environments.
Full technical documentation is available in the Wiki:
https://github.com/andreic07/salesforce-org-health-scanner/wiki
Current version: v0.2.0
This version introduces multiple health checks, modular architecture, and advanced analysis using Salesforce REST and Tooling APIs.
- Salesforce CLI authentication
- Direct Salesforce REST API querying
- System Administrator users analysis
- ORG LIMITS usage analysis
- Active Flows analysis
Identifies active users with System Administrator profile and evaluates risk based on count.
The scanner retrieves limits from the Salesforce Limits API and evaluates current usage with warning thresholds.
Features:
- Retrieves limits via REST API
- Calculates usage percentage
- Displays warning and critical thresholds
The scanner analyzes Salesforce Flows using the Tooling API to provide insights into automation complexity and flow usage.
Features:
- Retrieves flow definitions and versions via Tooling API
- Identifies active and inactive flows
- Calculates total number of versions per flow
- Displays last modified date in user-friendly format
- Provides overview of flows by process type
- Evaluates automation complexity based on number of active flows
Project structure:
sf_health_scanner/ auth.py # Salesforce CLI authentication api.py # Salesforce API communication checks/ system_admin_check.py # Admin analysis limits_check.py # ORG LIMITS analysis flows_check.py # Flow analysis
main.py # CLI entry point
This modular structure allows adding new health checks easily without modifying the core logic.
- Python 3.10+
- Salesforce CLI
- Access to a Salesforce org
Create a virtual environment:
python -m venv .venv
source .venv/bin/activate
Install dependencies:
pip install httpx
Authorize your Salesforce org using Salesforce CLI:
sf org login web
Run the scanner from the project root:
python main.py
You will be prompted to enter the Salesforce org alias.
The scanner provides structured CLI output including:
- Organization details
- Security checks (System Administrators)
- Limits usage with thresholds
- Flow analysis with version tracking and timestamps
Upcoming features:
- Dangerous permissions detection
- Custom fields explosion detection
- Configurable thresholds
- HTML report generation
- Automated org health scoring
- Flow object mapping (advanced analysis)
The goal of this project is to provide a lightweight, extensible tool for Salesforce developers and administrators to quickly assess the health, security, and automation complexity of a Salesforce org.
MIT License