About CodeScan

CodeScan is a static application security testing (SAST) solution that helps Salesforce developers define standards, monitor quality, handle security across codes on a centralized platform. It enables administrators to create custom rules based on development teams' review processes.

CodeScan allows staff members to manage technical debt by detecting code vulnerabilities, issues and bugs in real-time. It lets IT professionals run multiple scans in compliance with open web application security project (OWASP), SysAdmin, audit, network, and security (SANS), and common weakness enumeration (CWE) standards and regulations. Additionally, managers can conduct branch analysis and generate weekly reports to gain insights into overall code performance.

CodeScan co...


Read More

Supported Operating System(s):

14 Reviews of CodeScan

Average User Ratings

Overall

4.79 / 5 stars

Ease-of-use

4.5

Value for money

4.0

Customer support

4.5

Functionality

4.5

Ratings Snapshot

5 stars

(11)

11

4 stars

(3)

3

3 stars

(0)

0

2 stars

(0)

0

1 stars

(0)

0

Likelihood to Recommend

Not likely

Very likely

Showing 1 - 5 of 14 results

August 2020

Anonymous

Verified Reviewer

Company Size: 10,000+ employees

Time Used: Less than 12 months

Review Source: Capterra


Ease-of-use

5.0

Value for money

5.0

Customer support

3.0

Functionality

4.0

August 2020

Great product

Problem: Fragmented application development teams with no unified way of working. CodeScan helped us put together a process that was easy to adopt

Pros

This was a very easy tool to set up, train and adopt. We onboarded a lot of users in very little time.

Cons

Would help if they had more documentation

July 2020

Justin from SignalPET

Company Size: 11-50 employees

Industry: Computer Software

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

4.0

Functionality

5.0

July 2020

Fantastic Static Code Analyzer

Overall, fantastic tool that helps ensure code quality and best practices.

Pros

A fantastic polyglot static code analyzer all wrapped into a single UI. Typically we would need to set separate integrations using language specific libraries and scan each file accordingly but a single CodeScan setup handles them all. CodeScan handles all major languages so even if the repo has a mix of Java, PHP, JS, etc, it out of the box applies best practices to ensure code quality. It also works across repos/projects which is great.

Cons

I think I recall that there is an issue when running on branches of branches where upstream is merged but we run into so infrequently it's not really a problem. We just point the branch back at master and rerun. Very rarely, but it has happened, there is a rule that may be incorrect due to context. Ignoring these is simple, but then the email that it's been ignored is shot off and then the questions start rolling in. There is probably a way to avoid the email getting sent out but I haven't looked into it yet. Once again, really rare.

July 2021

Hassan from Devcareers

Company Size: 1 employee

Industry: Computer Software

Time Used: Less than 6 months

Review Source: Capterra


Ease-of-use

4.0

Value for money

4.0

Customer support

4.0

Functionality

4.0

July 2021

CodeScan Overview

It helps me detects all the non standard code practices in my codebase before it gets to production. This saves me a lot of time in overall

Pros

The code scanning feature, the ease of performing most task with the app is what amazes me with the app.

Cons

I love everything about the app so far, especially the ease of adapting to it.

August 2020

Jacques from Salesforce

Company Size: 10,000+ employees

Industry: Information Services

Time Used: Less than 2 years

Review Source: Capterra


Ease-of-use

4.0

Value for money

5.0

Customer support

5.0

Functionality

4.0

August 2020

An excellent quality gate for your DevSecOps processes

As a customer facing architect with a Government customer, Codescan has been powerful in exposing the existing technical dept in our salesforce code base. We have implemented it as a quality gate as well to prevent vulnerabilities, especially those around data access, from being introduced to Production.

Pros

Excellent documentation and a fair pricing model. Integrates with our DevSecOps CI/CD tool (Copado) seamlessly.

Cons

Email reports are not beneficial for reporting to Security leadership, would like better options. Also all reports are emailed, you cannot select which project to email.

Reasons for Choosing CodeScan

PMD doesn't have a GUI and is more difficult to maintain.

Reasons for Switching to CodeScan

Better pricing model and easier to setup.

July 2020

Anonymous

Verified Reviewer

Company Size: 51-200 employees

Time Used: More than 2 years

Review Source: Capterra


Ease-of-use

5.0

Value for money

4.0

Customer support

5.0

Functionality

4.0

July 2020

Great for Salesforce Apex

Pros

It finds the right bugs and I've checked it against Checkmarx, it does the job well with less cost. I like the new feature "Security Hotspot", it has helped my team to work efficiently in writing secure codes.

Cons

It doesn't report on individual scans. The report is tailored to the entire project and all the vulnerabilities that exist in your project. To this, it fails industry standard but it still does a good job.

Reasons for Choosing CodeScan

They were expensive