We have updated our Terms of Service. Review.
Back to Blog
Mistakes to avoid with commercial code scanners

Mistakes to avoid with commercial code scanners

Claudia Orecchioni

Code scanners are powerful instruments to help engineering teams run successfully. Yet, finding the right tool may be tricky.

But you can avoid these mistakes.

🎯 These are only a few things to keep in mind when approaching a commercial scanner.

Automating what you don't care about.

Instead of comparing tools based on the number of rules they provide, consider the value each rule brings. Ask yourself: "Is this something we'd have to fix?". More importantly, think about the rules that aren't there: blind spots mean more code review burden on your developers.

Expecting devs to check their code before they commit.

Developers are busy solving complex problems, they typically don't like when tools get in their way. Find a tool that fits their workflow well, and make sure it adds value without changing their habits.

Not thinking that developers may use flows too.

Salesforce teams build using both low-code to pro-code tools. Pick a solution that supports the tools, paradigms, and frameworks you need for your developments. Do you use flows? Are you planning to move from Aura to LWC? Pick your tool accordingly.

Underestimating noise.

The accuracy of your tool determines the amount of noise to your developers. An inaccurate tool will cause distractions and is more likely to be ignored by developers. Experience dealing with false positives before making your decision.

Paying for the wrong things.

Some tools may have hidden cost components such as extra software license fees, compute charges, upgrade costs. Find a cost structure that works well for you, is aligned to the value you get, and that scales well as your usage grows.

Share on social media: 

Get ahead.

Join 1000+ Salesforce professionals who receive critical reading, insights and expertise written just for them, from the team at Clayton. Once a week.
Unsubscribe with one click.

More from the Blog

Introducing Our Halloween Release

While everyone was getting ready for the spookiest weekend of the year, we had just shipped some exciting product updates.

Read Story

It's October, and it's Cybersecurity Awareness Month. Why it matters.

At Clayton, for this Cybersecurity Awareness Month, we are offering the first 3 months free to new customers signing up in October. Clayton is the fastest way to secure your Salesforce developments, and it’s up and running in minutes.

Read Story

Free dev-first security for Salesforce

Calling all Salesforce Developers! We are introducing a new tier that gives Salesforce Devs up to 60 minutes of free security scanning for their CI/CD.

Read Story