CodeScan Reviews

CodeScan is the most awesome with the tools that help in writing the most secure and quality codes on the salesforce platform. It's the best in the market

The only downside is if the code in unrecognised or has errors, it sometimes misses where the error is.

With CodeScan you know you are providing quality and secure codes.

Through this we can code efficient and learn standard coding techniques.

It takes few minutes to run or to finish the execution.

Code refactoring, removing vulnerability, bug, code smell, Duplicate lines of code can be identified and can be resolved.

Easy to use and aldo suggestions it offer for each violations

It shows a lot of false positives and there's no option to mark a bug as false positive

Static review of code and it helps maintain code quality

CodeScan really has saved us a lot of time in doing code reviews. We had the opportunity to let our developers install it in the VS Code IDE and codeScan did everything else.

The prompt warnings with the mention of lines, and the best way to correct it is what eased it all for us.

Nothing really as of now. CodeScan infact has been so much flexible in integrating with Copado. So our CI/CD process was actually well streamlined.

The user interface of CodeScan.

The flexibility of integrating it with Copado.

Ease of installation with VS Code.

First of all, CodeScan is just great to deal with: they are extremely flexible, helpful, and do respect customers' internal procedures (even if they are overcomplicated for sometimes small purchases).

We're using it with SonarQube, it's quite straightforward to install and use by the DevOps Engineers.

I can't actually find anything that I dislike, sorry...

As I have mentioned above CodeScan team is great so it's a plus already.

If you are using it with SonarQube make sure it's not a Sonar used globally and somehow you get your own "space". You're paying here for lines of the code and you don't want to run out of the nr of lines you've purchased (of you can if you have a budget)

Ask your developers which tools they prefer in the majority fo the cases it will be CodeScan

Before going live with our Project that mainly was developed by the third-party it was important for me to understand the code complexity and its impact on dev-ops processes we've envisioned here. We had a couple of less than a pleasant conversation with our implementation partner since they hold that they deliver a product of the highest quality...and then came CodeScan. The result was something we had a feeling about - poor coding standards, a lot of loops, etc.

Ok, CodeScan is not a real human so don't expect that there's nothing to do for you after you have it. Sometimes it does overuse "code smell" and so on but you can mark it once and just re-check with the next deployments.

If you are in a similar position where you are in the dark how your code looks like or you want something that easily will identify if one developer is not destroying the work of the other one I can't recommend CodeScan more

IDE plugin which allows developer to have immediate scan of the new code they are preparing.

I'm missing option to export reports and show it i.e. in Jenkins similar to PMD plugins.

Build better integration with CI/CD tools like Jenkins so the analysis can be used as quality gate on the builds. Allow reports to be easily exported and integrated with CI/CD tool so users can have all information needed in one place.

Security code review. Duplications in code. Unused variables and methods. It help to keep code clean. Love it.

Navigation and the User Interface is very friendly for Developers

Could have managed more effectively as getting sometimes login issue

Good overall experience so far

We are trying to resolve our code cyclomatic complexities before pushing our code to higher Orgs

Easy to install into your pipeline. Great Info

Nothing. All good. It would be great to be able to upload my own rules

Security Scanning. General code quality of Salesforce code

Straightforward. Extensive feature set. Easy to setup.

Dislike is a strong word. I wish I could somehow have custom rules added to the cloud version. But understand that that is hard.

Visibility on code quality. Visibility on security posture

We've been using CodeScan with our development team for only a couple of weeks but it already lives up to its promises. It's helping us applying our development standardization by identifying code and security vulnerabilities earlier in the process before we deploy to production - (VF, Apex, LC, LWC, Javascript and much more ...) and it's also considerably improving and simplifying our code review process. Much more fun to come as we are now customizing the different quality gates/notifications and dashboards ...

It can be a bit complex to use in the beginning and requires some time to set it u correctly.

try the free version

Identify code vulnerabilities