CodeScan is a plugin for SonarQube and runs over 160 different checks for the quality on the Apex and VisualForce code.

Languages supported: English

9.2/10 (Expert Score) ★★★★★
Product is rated as #5 in category Static Application Security Testing (SAST) Software
Ease of use
8.5
Support
9.3
Ease of Setup
8.2

Images

Check Software Images

CodeScan is the leading end-to-end static code analysis solution. Our solutions are Lightning ready and are used exclusively for Salesforce, Salesforce teams, and DevOps team. We have the largest Salesforce ruleset, more than 21B line checks, and service over 150 customers around the world.

Our analysis tools empower all levels of Salesforce DevOps teams with the ability to develop faster, better, cleaner, and more efficient code, while offering continuous inspection of code security and quality.

What we do:
вњ”Control quality, allowing you to customize your code gates.
вњ”Boost security to ensure your code is secured according to CWE and OWASP.
вњ”Track technical debt by providing the ability to scan your projects quickly.
вњ”Increase productivity by automating the code review process.
вњ”Save time and allow DevOps teams to focus on what matters the most.
вњ”Enforce standards by enabling you to define your rules for your org.

CodeScan
CodeScan

Show more categories

Customer Reviews

CodeScan Reviews

Ogaga U.

Advanced user of CodeScan
★★★★★
Helps to facilitate SAST scan and secure code reviews

What do you like best?

It's specific to Salesforce Apex. There aren't many tools out there for this language. And it does it well with SonarCloud integration so you have the ability to see what aspect of OWASP Top 10 the vulnerability falls under. Recently, they included security hotspots, to give you more insight to areas your organisation's code needs more security improvement.

CodeScan is very understanding about your business needs, and try to fit into your budget as much as they can. They also value customer loyalty and they listen to their customers. They provide hands-on help as needed and do not leave you hanging.

The pricing for CodeScan eliminates any general SonarCloud languages. It only includes programming languages specific to Salesforce - i.e. lightning pages, aura component, apex classes, visualforce pages (excluding js files which is included with SonarCloud].

What do you dislike?

There isn't much to dislike about the product, although it does not integrate with a ticketing system, it does the job. It will be helpful if it integrated with a ticketing system, to create a ticket for security or quality bugs. It also results in a lot of false positives but you may modify this as you please in the administrative part of SonarCloud.

You cannot get a specific report for newer codes in your repository or Salesforce org. The security report generated is for collated code from your org or repository.

I would also appreciate more help with working in SonarCloud for those who are not versatile with the application. Although, CodeScan provides hands- on help. The team needs to consider writing up a manual for specific operations in SonarCloud that organisations might be interested in.

Recommendations to others considering the product:

CodeScan does the job for security vulnerabilities and quality assessment more than most high-end commercial tools. It is just as good as the very expensive tools and integrates well with your CI/CD process.

The company ensures their clients are satisfied and always check in with their customers. They do not leave you hanging like some other organisations do.

Lots of opportunities to ask for help if you are stuck. Overall, for secure code reviews, it is brilliant! We do not currently use if for SAST but it does a great job with overall reporting of your code-base - projects.

What problems are you solving with the product? What benefits have you realized?

We currently use CodeScan to facilitate in our internal secure code reviews and it does well with in-depth information regarding new and existing code security.

It also provides more than Security vulnerabilities or hotspots, it is very beneficial for Quality bugs relating to Salesforce Apex. We do not currently use this aspect of CodeScan.

We have used it to improve our deployment process by 50%, and SonarCloud is easily integrated with our CI/CD process, which automates CodeScan scans for our teams.

Review source: G2.com

Leave a reply

Your total score

B2B Software Guide