As of version 4.4.2, CodeScan has a set of Metadata rules.
These allow you to scan your settings to make sure that your Org is secure and clean.
To enable downloading metadata for your Salesforce project, you will need to change some settings in your project settings. Keep in mind that the following will only work with code being pulled from Salesforce. Chances
First, open your Salesforce project and open the Administration > General Settings menu.
Next, click the CodeScan tab on the left to open the CodeScan specific settings and access the CodeScan Cloud Download Types.
The default values will be ApexClass, ApexComponent, ApexPage, ApexTrigger and AuraDefinitionBundle. To download all metadata currently checked, you will need to add the following:
After you have added these, click the Save button and re-run the analysis from the Administration>Project Analysis menu. Your metadata files will download and the ruleset will be applied.