Prior to about a week ago, if you went to this page and requested a Force.com Security Source Code Scan, you would have most likely gotten an error telling you that it could not be done and that you would need to submit a case.
Luckily, Salesforce has resolved this issue and you can now simply go to the link above, enter your credentials and you will be able to scan your org for security and quality rules. The scan will take a while to run (as in several hours or even days perhaps), but I promise it is worth the wait.
What you will get back is a very thorough report that scans your entire codebase for not only security issues (of which I am sure you will be amazed by how many critical violations it will find) but it will also evaluate whether you are utilizing best practices in your code to ensure good quality.
For example, it will scan your code to tell you where you have code that does the following:
- Queries With No Where Or Limit Clause
- Multiple Trigger On same sObject
- Hardcoded Ids
- DML Statements Inside Loops
- SOSL SOQL Statements Inside Loops
- Async Future Method Inside Loops
- Test Methods With No Assert
- Need to Bulkify Apex Methods Using Collections In Methods
I think everyone should take the time to have their orgs scanned and review the results. I suspect that even the most diligent of development shops will find some issue that needs to be addressed.