Code scanners are powerful instruments to help engineering teams run successfully. Yet, finding the right tool may be tricky.
But you can avoid these mistakes.
🎯 These are only a few things to keep in mind when approaching a commercial scanner.
Automating what you don't care about.
Instead of comparing tools based on the number of rules they provide, consider the value each rule brings. Ask yourself: "Is this something we'd have to fix?". More importantly, think about the rules that aren't there: blind spots mean more code review burden on your developers.
Expecting devs to check their code before they commit.
Developers are busy solving complex problems, they typically don't like when tools get in their way. Find a tool that fits their workflow well, and make sure it adds value without changing their habits.
Not thinking that developers may use flows too.
Salesforce teams build using both low-code to pro-code tools. Pick a solution that supports the tools, paradigms, and frameworks you need for your developments. Do you use flows? Are you planning to move from Aura to LWC? Pick your tool accordingly.
Underestimating noise.
The accuracy of your tool determines the amount of noise to your developers. An inaccurate tool will cause distractions and is more likely to be ignored by developers. Experience dealing with false positives before making your decision.
Paying for the wrong things.
Some tools may have hidden cost components such as extra software license fees, compute charges, upgrade costs. Find a cost structure that works well for you, is aligned to the value you get, and that scales well as your usage grows.
.png)
