All Collections
Rule documentation
Learn everything about our rules, and how to leverage them drive absolute quality in your development team.


Common Weakness Enumeration mapping
What types of rules are supported by Clayton?
Avoid Inline CSS Styles
Passwords set programmatically
Hardcoded secret
Flow Access Restriction
Avoid Using HTTP Referer Headers
Email spamming risk
Insecure sharing to external users
Server-side Payload Injection
User Registration Without Limits
LWC Clickjacking on CSS
Import of sensitive fields in Lightning Web Components (LWC)
Direct DOM manipulation in Lightning Web Components (LWC)
Sensitive information storage
Sensitive information logging
Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce
Call to blocklisted method
Missing fault path in Flows
Multiple record-triggered flows on the same object
Multiple automation on the same object
Identify methods with global visibility
Asynchronous methods in loops
Boundaries on SOQL statements
Bulkification of triggers
Business logic in triggers
Metadata API recency
Multiple triggers per object
Nested IFs
Number of arguments per method
Number of methods per class
Send email in loops
Naming conventions on Aura Controller Property
Naming conventions on Apex inner classes
Naming conventions on Apex test classes
Naming conventions on Apex test inner classes
Naming conventions on sObjects
Naming conventions on sObjects fields
Naming conventions on Apex classes
Naming conventions on Apex triggers
Naming conventions on Apex methods
Naming conventions for Apex variables