👨💻🤖 Clayton has joined the Gearset family!
DevOps enhances release quality and security. With Clayton from Gearset, you get best-in-class static analysis for Salesforce code and configuration, helping you catch and fix issues earlier in the development cycle.
What is static code analysis, and why do I need it?
Static code analysis for Salesforce is the process of scanning your Apex code for errors, security vulnerabilities and bugs without actually executing the code. It detects any low-quality code and makes sure your code is performing as well as possible. It also encourages the whole team to write clean and consistent code that can be changed more easily later on.
Apex already comes with a built-in unit test framework to examine functionality and test code coverage, so you may be thinking “why do I need static code analysis as well?”
Unit tests are important because they help demonstrate intended behavior and functional correctness of your code. They can also make your code easier to change by encouraging you to write more loosely coupled, modular code, and by providing an early warning of any bugs that might creep in when making changes. Code coverage is a great way to ensure that the bulk of your Apex is under test.
Static code analysis and unit testing are both important in the development lifecycle, but they serve different purposes. Unit testing actually executes the code you’re testing. It’s not checking for vulnerabilities, and instead is used to check whether your code is being executed as you’d expect.
With that in mind, while unit tests and code coverage have the important side effect of forcing you to write more maintainable code, static code analysis explicitly formalizes a series of coding patterns, practices, and heuristics into a series of rules that can be periodically run against your code to assess its quality. By automating static code analysis and building it into your development process, you can identify style violations, bugs, and even more serious performance and security-related issues as you develop, long before they make it into production.
Where does Clayton fit into this philosophy?
Clayton allows teams to actively incorporate code analysis into their workflows by plugging directly into your code repositories, and intelligently monitor your development to make sure that everything you build follows design, coding and security best practices. (No integration or scripting needed!)
How can I try it out?
Great question! We currently offer a 14 day trial for Clayton to give developers and teams a chance to truly envelop themselves in the platform. You can check it out by selecting the button below.