Mavens have extensive experience in customising Salesforce to meet the needs of both growing organisations and established enterprises transforming the way organisations engage with healthcare professionals, patients, and consumers. Mavens' is committed to delivering cloud solutions with unparalleled security and quality standards, making sure that sensitive customer data is always secure.
Healthcare solutions handle highly sensitive data; Mavens wanted a systematic way to enforce security best practices from the very early stages of development.
Mavens’ engineering team had set up a homegrown code analysis tooling based on open source tools (PMD). This solution had soon to be abandoned, mostly due to the amount of noise and false detection continuously reported to developers.
Mavens needed a better, more accurate, solution that could help developers identify security threats early and reliably without slowing down their development workflow.
Mavens' engineering team use a feature-branch git workflow for all their application developments. Every new feature or proposed change results in a pull request on GitHub, that kicks off an automated, real-time scan by Clayton.
Clayton performs an in-depth analysis of the proposed change to validate whether or not it complies with Maven's code quality and AppSec standards. Code that isn't compliant is blocked and must be reworked by developers before it can be accepted and merged into the main development branch.
Any problems found in the application code are highlighted with inline comments on the pull request itself, so developers know what needs to be changed and can act quickly, without any need for human intervention. As soon as all issues are resolved, the pull request gets approved by Clayton and developers can move to a peer review with a colleague before the change is accepted and merged.
Any incorrect detections are flagged by developers and managed via an in-app workflow, that discards irrelevant findings and keeps a fully auditable track record of what detections have been dismissed, and by whom.