Top Rated CodeScan Alternatives
The ability to set different Quality Gates for different projects combined with different Quality Profiles. Out-of-the-box ruleset is just huge and the option to customize the ruleset is useful. The setup is really easy.
You can use an IDE plugin combined with the cloud solution (IntelliJ or VS Code) so it acts like a lint tool and that is really useful for development. Works with JavaScript (LWC) as well as other languages (out-of-the-box).
CI/CD is also supported which is brilliant. Copado, Jenkins, GitLab it's all there. In addition to CI/CD, you can also configure a webhook and send it to Slack :)
From the reporting point of view, Leak Period gives an overview of arising issues which is really useful as well as the Technical Debt. Another pro is the option to send the reports periodically.
Overall a fantastic tool every Salesforce developer should use. Review collected by and hosted on G2.com.
Wish there was a bit more documentation available and a custom report option for an individual member of the project. Review collected by and hosted on G2.com.
33 out of 34 Total Reviews for CodeScan
Overall Review Sentiment for CodeScan
Log in to view review sentiment.
We prioritize Salesforce code quality as it's integral to our retail organization. We work with sensitive customer data and encode security roles, permissions & access control definitions & overviewing them is made convenient with CodeScan. As we incorporate our metadata, the possibility of errors is high, resulting in poor code quality. CodeScan provides a sophisticated platform to overcome these challenges and keep our code security intact & compliant. Review collected by and hosted on G2.com.
In my opinion, its pricing model seems to be costly. Each pricing block is evaluated based on scanning 40,000 lines of code & your expenditure can be calculated with this. For small retail businesses, their framework & codes would mostly have fewer lines of code & they would be paying for a standard pricing block. It would be great to have granularity in its pricing block so that any organization would opt CodeScan's pricing model that fits their requirements without paying additional charges. Review collected by and hosted on G2.com.
CodeScan is the most awesome with the tools that help in writing the most secure and quality codes on the salesforce platform. It's the best in the market Review collected by and hosted on G2.com.
The only downside is if the code in unrecognised or has errors, it sometimes misses where the error is. Review collected by and hosted on G2.com.
Easy to use and aldo suggestions it offer for each violations Review collected by and hosted on G2.com.
It shows a lot of false positives and there's no option to mark a bug as false positive Review collected by and hosted on G2.com.
It's specific to Salesforce Apex. There aren't many tools out there for this language. And it does it well with SonarCloud integration so you have the ability to see what aspect of OWASP Top 10 the vulnerability falls under. Recently, they included security hotspots, to give you more insight to areas your organisation's code needs more security improvement.
CodeScan is very understanding about your business needs, and try to fit into your budget as much as they can. They also value customer loyalty and they listen to their customers. They provide hands-on help as needed and do not leave you hanging.
The pricing for CodeScan eliminates any general SonarCloud languages. It only includes programming languages specific to Salesforce - i.e. lightning pages, aura component, apex classes, visualforce pages (excluding js files which is included with SonarCloud]. Review collected by and hosted on G2.com.
There isn't much to dislike about the product, although it does not integrate with a ticketing system, it does the job. It will be helpful if it integrated with a ticketing system, to create a ticket for security or quality bugs. It also results in a lot of false positives but you may modify this as you please in the administrative part of SonarCloud.
You cannot get a specific report for newer codes in your repository or Salesforce org. The security report generated is for collated code from your org or repository.
I would also appreciate more help with working in SonarCloud for those who are not versatile with the application. Although, CodeScan provides hands- on help. The team needs to consider writing up a manual for specific operations in SonarCloud that organisations might be interested in. Review collected by and hosted on G2.com.
First of all, CodeScan is just great to deal with: they are extremely flexible, helpful, and do respect customers' internal procedures (even if they are overcomplicated for sometimes small purchases).
We're using it with SonarQube, it's quite straightforward to install and use by the DevOps Engineers. Review collected by and hosted on G2.com.
I can't actually find anything that I dislike, sorry... Review collected by and hosted on G2.com.
CodeScan really has saved us a lot of time in doing code reviews. We had the opportunity to let our developers install it in the VS Code IDE and codeScan did everything else.
The prompt warnings with the mention of lines, and the best way to correct it is what eased it all for us. Review collected by and hosted on G2.com.
Nothing really as of now. CodeScan infact has been so much flexible in integrating with Copado. So our CI/CD process was actually well streamlined. Review collected by and hosted on G2.com.
Its biggest pro is the centralized analysis for multiple different languages.
Typically you'd need to set up and configure a linter for JS, Java, Python, etc separately, per repo but codescan works out of the box on all the major languages and provides a single UI for managing the rules.
It also is simple to set up and integrate into CI/CD and takes away the pain of having to do that integration for each language pipeline.
Another pro is that it works at the project level so you can have multiple repos, each of different languages (or mixed) which all have their own coverage and health grade.
You can also customize each ruleset (self hosted) for each language to suit the teams needs. Some people enjoy trailing commas and the others are just wrong. Review collected by and hosted on G2.com.
There are a few quirks that, though provide rare frustrations, are by no means large deterrents.
One such rarity is a rule being flagged as incorrect due to a misinterpreted context.
Of course, you can just mark it as ignored but then the real frustration comes from the email notification sent out that a rule was ignored. Typically this is a useful feature as people shouldn't be bypassing rules, but in this case it's a bit frustrating to hold off on a deploy while you explain why the rule was ignored.
Also, during CI/CD, if an upstream branch was merged to master, a branch of that branch will fail. Of course, the simple solution is to point the branch at master now and rerun but sometimes you just want things to unrealistically work.
No VIM plugin :( Review collected by and hosted on G2.com.
IDE plugin which allows developer to have immediate scan of the new code they are preparing. Review collected by and hosted on G2.com.
I'm missing option to export reports and show it i.e. in Jenkins similar to PMD plugins. Review collected by and hosted on G2.com.
