New
We have updated our Terms of Service. Review.
Back to Blog
Mistakes to avoid with commercial code scanners

Mistakes to avoid with commercial code scanners

Claudia Orecchioni

Code scanners are powerful instruments to help engineering teams run successfully. Yet, finding the right tool may be tricky.

But you can avoid these mistakes.

🎯 These are only a few things to keep in mind when approaching a commercial scanner.

Automating what you don't care about.

Instead of comparing tools based on the number of rules they provide, consider the value each rule brings. Ask yourself: "Is this something we'd have to fix?". More importantly, think about the rules that aren't there: blind spots mean more code review burden on your developers.

Expecting devs to check their code before they commit.

Developers are busy solving complex problems, they typically don't like when tools get in their way. Find a tool that fits their workflow well, and make sure it adds value without changing their habits.

Not thinking that developers may use flows too.

Salesforce teams build using both low-code to pro-code tools. Pick a solution that supports the tools, paradigms, and frameworks you need for your developments. Do you use flows? Are you planning to move from Aura to LWC? Pick your tool accordingly.

Underestimating noise.

The accuracy of your tool determines the amount of noise to your developers. An inaccurate tool will cause distractions and is more likely to be ignored by developers. Experience dealing with false positives before making your decision.

Paying for the wrong things.

Some tools may have hidden cost components such as extra software license fees, compute charges, upgrade costs. Find a cost structure that works well for you, is aligned to the value you get, and that scales well as your usage grows.

Share on social media: 

Get ahead.

Join 1000+ Salesforce professionals who receive critical reading, insights and expertise written just for them, from the team at Clayton. Once a week.
Unsubscribe with one click.

More from the Blog

Free dev-first security for Salesforce

Calling all Salesforce Developers! We are introducing a new tier that gives Salesforce Devs up to 60 minutes of free security scanning for their CI/CD.

Read Story

We are now ISO 27001 certified.

We’re happy to announce that we have achieved the ISO/IEC 27001:2017 certification, the global standard for information security management.

Read Story

Clayton is named as a finalist in the 2022 DevOps Excellence Awards

We're excited to be named a 2022 DevOps Excellence Awards Finalist and wanted to share the good news with you.

Read Story