With Clayton, you can now trigger code reviews for specific branches in your repository or Salesforce orgs, or for targeted pull requests within your project.
Understanding the scan results is crucial to fully leverage the insights provided. After the review is complete, you can access detailed results and examine any issues Clayton identifies.
The reports are organized according to the policies and rule configured for your project, providing comprehensive explanations and resources to help you resolve each detected issue. Additionally, you can easily search through findings using criteria such as rule, author, file, commit ID, commit comments, and more, ensuring a streamlined review process.
Legacy code
The Legacy Code Toggle in Clayton's scan results is a feature that allows you to differentiate between issues found in legacy code (existing code) and those introduced in recent changes. This toggle helps teams focus on newly added or modified code during reviews, ensuring that new issues are addressed promptly without being overwhelmed by pre-existing technical debt. By isolating legacy code issues, teams can manage technical debt incrementally while maintaining a higher standard for current development work.
You can modify each project's Reference Date to determine what qualifies as legacy, any issue introduced before that date will be classified as legacy code.
Score
Clayton assigns an overall score out of 100 for the entire repository, branch or Salesforce org with higher scores indicating better performance. Additionally, detailed scores are provided for each policy in the results. These scores are calculated based on the number of detected issues, their severity, and their density within the codebase.
Technical Debt ratio
The Technical Debt Ratio (TDR) is a metric used to quantify the amount of technical debt in a codebase relative to the overall development effort required to build the application. It is calculated as the estimated cost to fix all identified issues (Cfix) divided by the estimated cost to develop the application from scratch (Cdev). A lower TDR indicates better code quality and maintainability, while a higher ratio highlights inefficiencies and risks. This metric helps teams prioritize technical debt repayment to maintain a healthy and productive development lifecycle.
Benchmark
Clayton’s benchmarking feature enables you to compare your codebase against similar projects on the platform. Benchmarking provides insights into how your repository’s scores, such as Overall Score and TDR, stack up against industry standards. For instance, if your repository’s TDR is significantly higher than the benchmark, it may indicate the need for a focused effort to address technical debt.
Issues
In the Issues tab, you'll find a detailed breakdown of flagged problems, each assigned a severity level to indicate its risk and impact on technical debt within the application.
The severity levels are as follows:
Critical: These issues pose significant risks, such as exposing sensitive data or allowing attackers to execute code on your application. They have a high impact on technical debt and require immediate resolution. Critical issues act as blockers for pull requests.
Error: These issues can place the application at risk and contribute to technical debt. They should be prioritized for fixing as soon as possible and also act as blockers for pull requests.
Warning: These issues have a minor impact on the application, with low rework requirements. They do not block pull requests but should still be addressed for optimal code quality.
Auto-fixes: These are issues that Clayton can resolve automatically by generating fix suggestions, allowing developers to apply the corrections directly to the codebase with minimal effort..
This classification system helps you focus on the most critical problems while maintaining a clear path for improving overall application health.
Break down by policy
You can view a detailed overview of each individual policy's performance, including its score, name, and the number of issues categorized by severity—Critical (red), Error (orange), and Warning (yellow). Additionally, any issues that the Fixbot can assist with are prominently highlighted alongside the identified problems.
Remediation effort refers to the estimated time and resources required to address and resolve identified issues in a codebase. This includes fixing bugs, improving code quality, enhancing security, and resolving technical debt. The effort is measured in terms of hours or days and is influenced by the severity and complexity of the issues. Understanding remediation effort helps teams prioritize tasks, allocate resources effectively, and maintain a healthier, more maintainable codebase.
Understanding the Issue
When you select an individual issue in Clayton, you can access detailed information about it. The open tab provides a description of the issue, along with all instances of its occurrence within your codebase. To help you resolve the issue, Clayton includes links to trusted third-party resources and official documentation.
Clayton provides links to Salesforce Well-Architected, a framework designed by Salesforce to help you build solutions that are Trusted, Easy, and Adaptable on the Salesforce platform. It offers prescriptive guidance, examples of patterns and anti-patterns, and advice for roadmapping and designing robust solutions based on insights from Salesforce’s product teams and implementation experts.
Additionally, you’ll find links to relevantSalesforce Trailheads and guides that delve deeper into the topics highlighted by Clayton. These resources provide actionable learning paths and best practices for addressing the identified issues.
One of the key resources isThe Open Worldwide Application Security Project (OWASP), a nonprofit foundation focused on improving agnostic software security. OWASP resources help identify vulnerabilities in web applications, including compromised authentication, sensitive data exposure, security misconfigurations, SQL injection, cross-site scripting (XSS), insecure deserialization, and components with known vulnerabilities.
Clayton also includes links toCommon Weakness Enumeration (CWE), a community-curated list of common software and hardware weaknesses that could lead to security vulnerabilities. CWE resources explain how these weakness, often introduced during development, can impact the security and reliability of your applications.
By combining these resources, Clayton equips you with the knowledge and tools needed to address issues effectively and build secure, high-quality solutions.
Dismissing an issue
There may be instances where Clayton flags an issue that you wish to exclude from the test results. This could be because the issue was intentional, used in a test, or identified as a false positive. To dismiss an issue, simply select it and choose the dismiss option. When dismissing an issue, you will be required to provide a reason and add a comment explaining your decision. This information is recorded for auditing purposes. Additionally, any issues marked as false positives are reported to Clayton to enhance the accuracy and quality of its analysis over time.
If you want to exclude files from your scan you can use the Ignore list found in the settings to add items to the exclude list
Remediation Chart
The Remediation Chart is a powerful visualization tool that offers insights into the technical debt within a software system. By analyzing the codebase, it identifies areas requiring attention, highlights potential issues, and provides actionable recommendations for improvement. This tool helps engineering teams efficiently prioritize and manage technical debt, fostering a more stable and maintainable system. Issues are grouped by rules and categorized based on severity Critical, Error, or Warning and remediation effort, which estimates the time needed to fix them. This classification simplifies the process of identifying quick wins and planning long-term remediation tasks.