Back to Blog
Mistakes to avoid with commercial code scanners

Mistakes to avoid with commercial code scanners

Claudia Orecchioni

Code scanners are powerful instruments to help engineering teams run successfully. Yet, finding the right tool may be tricky.

But you can avoid these mistakes.

🎯 These are only a few things to keep in mind when approaching a commercial scanner.

Automating what you don't care about.

Instead of comparing tools based on the number of rules they provide, consider the value each rule brings. Ask yourself: "Is this something we'd have to fix?". More importantly, think about the rules that aren't there: blind spots mean more code review burden on your developers.

Expecting devs to check their code before they commit.

Developers are busy solving complex problems, they typically don't like when tools get in their way. Find a tool that fits their workflow well, and make sure it adds value without changing their habits.

Not thinking that developers may use flows too.

Salesforce teams build using both low-code to pro-code tools. Pick a solution that supports the tools, paradigms, and frameworks you need for your developments. Do you use flows? Are you planning to move from Aura to LWC? Pick your tool accordingly.

Underestimating noise.

The accuracy of your tool determines the amount of noise to your developers. An inaccurate tool will cause distractions and is more likely to be ignored by developers. Experience dealing with false positives before making your decision.

Paying for the wrong things.

Some tools may have hidden cost components such as extra software license fees, compute charges, upgrade costs. Find a cost structure that works well for you, is aligned to the value you get, and that scales well as your usage grows.

Share on social media: 

Get ahead.

Join 1000+ Salesforce professionals who receive critical reading, insights and expertise written just for them, from the team at Clayton. Once a week.
Unsubscribe with one click.

More from the Blog

TrailblazerDX Diary. Well-Architected and Auto-Fix: our two days in a nutshell.

Read more about Brian’s blog on how Clayton aligns with Salesforce’s well-architected framework, enables auto-fix for remediation scale, and ensures insecure code never gets to production. 

Read Story

Watch the Video - Optimize your Apex code with the new Null Coalescing Operator

A 30-minute education session to learn the essential Spring '24 features for Architects and Developers.

Read Story

Watch the Video - The State of Salesforce Development in 2024

Watch the recording of our recent webinar, with Clayton's team and experts from Silverline exploring data and benchmarks for the State of Salesforce Development heading into 2024.

Read Story