CodeScan Overview

Market Overview

Salesforce code quality and security are mission-critical factors. Salesforce is a key driver of digital transformation, and at risk from the development supply chain. Sensitive data pervades the platform, which is complicated by Salesforce metadata used to encode security roles, access controls, permissions, and other platform customizations. The risk of introducing errors via metadata is high, and directly affected by code quality. Poor code quality slows feature velocity and creates additional challenges for compliance and security.

What is CodeScan?

CodeScan by AutoRABIT is a static code analysis solution that provides visibility into code health from the first line written through final deployment into production. Reliable code analysis directly on the AutoRABIT DevSecOps platform drives Salesforce development quality, speed, and security.

• Higher quality, more secure code: Reduce your project security vulnerabilities with higher quality code. CodeScan supports SANS, CWE, and OWASP standards and is integrated with popular IDE plugins to enable developers to find and fix errors while code is written.

• Increase feature delivery, velocity, and productivity: CodeScan’s automated review process integrates with your AutoRABIT CI/CD pipeline to detect code bugs and vulnerabilities. Streamlining your quality checks increases velocity by reducing the need for additional code reviews.

• Increase code visibility: Build project awareness across your development teams. CodeScan’s dashboard and reports provide a high-level analysis of code health and are 100% compatible with Salesforce languages, providing teams with complete project visibility.

• Reduce technical debt: Streamlining your development processes saves money. CodeScan has more than 700 built-in rules and integrates directly into AutoRABIT ARM’s DevSecOps CI/CD pipeline to avoid unnecessary pauses in production.

Why was CodeScan developed?

IT security and regulatory compliance risks in Salesforce development are substantial and are often overlooked.

• Sensitive information is pervasive: Repositories of operating data, customer personal information, business methods, and financial information are found throughout Salesforce environments. Code analysis not only ensures faster, higher-quality feature delivery, but it also reduces vulnerabilities and risks.

• Salesforce metadata increases risk: Unique Salesforce metadata persists, inherits, and propagates risk. This can compromise release quality, leading to downtime and exposure of sensitive or protected data. Scan with AutoRABIT CodeScan’s metadata rules to keep your Salesforce orgs secure and clean.

Benefits of Using CodeScan

Reduces Technical Debt

• 700+ built-in rules
• Detects code bugs and vulnerabilities
• Integrates directly into AutoRABIT ARM’s DevSecOps CI/CD pipelines

Increases Code Visibility

• Dashboards and reports
• High-level analysis of code health
• 100% compatible with Salesforce languages and Metadata-Apex, Visualforce, Lightning Web Components, flows, and process builders

Increases Feature Delivery Velocity and Productivity

• Speeds code reviews with an automated review process
• Detects code bugs and vulnerabilities
• Integrates with your CI/CD pipeline on the AutoRABIT DevSecOps platform

Higher Quality Means More Secure Code

• Integrates with popular IDE plugins to enable coders to find and fix errors as code is written
• Supports SANS, CWE, and OWASP standards