# CodeScan Reviews **Vendor:** AutoRABIT **Category:** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis) **Average Rating:** 4.6/5.0 **Total Reviews:** 34 ## About CodeScan CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code health from the moment it’s written through production. OrgScan governs organizational policies by enforcing the security and compliance rules mandated for your Salesforce environment. Together, they ensure the code that makes up your Salesforce environment and the way the environment is being utilized will always meet high standards. The result is strengthened data security, streamlined DevSecOps processes, and an assurance of meeting compliance standards—avoiding potentially thousands of dollars in fines and lost opportunities. CodeScan Shield protects your Salesforce org from both the inside and outside. CodeScan provides dashboards and reports for consistent code visibility, while also alerting developers the moment new errors are introduced. OrgScan analyzes Salesforce policies to ensure the organization remains compliant with client-mandated specifications and guidelines. Violations are flagged and recorded in an interactive dashboard. Progress is tracked for policy reviews. Collectively, these features ensure admins maintain governance control within their organization. CodeScan Shield is part of AutoRABIT’s complete DevSecOps platform. Enabling Salesforce DevOps teams with CodeScan Shield’s powerful technology produces high-quality, secure applications and updates at speed. ## CodeScan Reviews ### 1. CodeScan effectively helps mitigating Salesforce metadata risks thanks to its splendid scan engines **Rating:** 4.0/5.0 stars **Reviewed by:** Ramkumar N. | Salesforce Developer, Information Technology and Services, Enterprise (> 1000 emp.) **Reviewed Date:** September 22, 2022 **What do you like best about CodeScan?** We prioritize Salesforce code quality as it's integral to our retail organization. We work with sensitive customer data and encode security roles, permissions & access control definitions & overviewing them is made convenient with CodeScan. As we incorporate our metadata, the possibility of errors is high, resulting in poor code quality. CodeScan provides a sophisticated platform to overcome these challenges and keep our code security intact & compliant. **What do you dislike about CodeScan?** In my opinion, its pricing model seems to be costly. Each pricing block is evaluated based on scanning 40,000 lines of code & your expenditure can be calculated with this. For small retail businesses, their framework & codes would mostly have fewer lines of code & they would be paying for a standard pricing block. It would be great to have granularity in its pricing block so that any organization would opt CodeScan's pricing model that fits their requirements without paying additional charges. **What problems is CodeScan solving and how is that benefiting you?** CodeScan offers our retail organization with excellent static code analysis platform. We obtain superb visibility about our code quality, reliability in code analysis & also ensure proper Salesforce development provisions. Regarding the Salesforce platform, a few regulatory metrics need to be upheld & CodeScan governs these metrics through its well-structured rule policies. Before carrying out the production deployments, we need to validate our Salesforce codes & metadata to avoid exposure of sensitive client data & poor release quality. CodeScan platform is excellent for handling these commitments, and we provide satisfactory deliverables to our customers. ### 2. CodeScan **Rating:** 5.0/5.0 stars **Reviewed by:** Tyronica O. | Data quality and clean up consultant, Mid-Market (51-1000 emp.) **Reviewed Date:** June 16, 2022 **What do you like best about CodeScan?** CodeScan is the most awesome with the tools that help in writing the most secure and quality codes on the salesforce platform. It's the best in the market **What do you dislike about CodeScan?** The only downside is if the code in unrecognised or has errors, it sometimes misses where the error is. **What problems is CodeScan solving and how is that benefiting you?** With CodeScan you know you are providing quality and secure codes. ### 3. Codescan : for better code quality **Rating:** 4.5/5.0 stars **Reviewed by:** Santosh T. | Tech Lead, Enterprise (> 1000 emp.) **Reviewed Date:** March 04, 2022 **What do you like best about CodeScan?** Vs code plugin and Autorabit integration **What do you dislike about CodeScan?** No dislikes as such .great product indeed. **What problems is CodeScan solving and how is that benefiting you?** Code best practices Avoided Salesforce governor limit related issues. ### 4. Code Standard **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** November 12, 2021 **What do you like best about CodeScan?** Through this we can code efficient and learn standard coding techniques. **What do you dislike about CodeScan?** It takes few minutes to run or to finish the execution. **What problems is CodeScan solving and how is that benefiting you?** Code refactoring, removing vulnerability, bug, code smell, Duplicate lines of code can be identified and can be resolved. ### 5. Best static code review tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Management Consulting | Enterprise (> 1000 emp.) **Reviewed Date:** October 19, 2021 **What do you like best about CodeScan?** Easy to use and aldo suggestions it offer for each violations **What do you dislike about CodeScan?** It shows a lot of false positives and there's no option to mark a bug as false positive **What problems is CodeScan solving and how is that benefiting you?** Static review of code and it helps maintain code quality ### 6. Helps to facilitate SAST scan and secure code reviews **Rating:** 3.5/5.0 stars **Reviewed by:** Ogaga U. | Mid-Market (51-1000 emp.) **Reviewed Date:** November 17, 2020 **What do you like best about CodeScan?** It's specific to Salesforce Apex. There aren't many tools out there for this language. And it does it well with SonarCloud integration so you have the ability to see what aspect of OWASP Top 10 the vulnerability falls under. Recently, they included security hotspots, to give you more insight to areas your organisation's code needs more security improvement. CodeScan is very understanding about your business needs, and try to fit into your budget as much as they can. They also value customer loyalty and they listen to their customers. They provide hands-on help as needed and do not leave you hanging. The pricing for CodeScan eliminates any general SonarCloud languages. It only includes programming languages specific to Salesforce - i.e. lightning pages, aura component, apex classes, visualforce pages (excluding js files which is included with SonarCloud]. **What do you dislike about CodeScan?** There isn't much to dislike about the product, although it does not integrate with a ticketing system, it does the job. It will be helpful if it integrated with a ticketing system, to create a ticket for security or quality bugs. It also results in a lot of false positives but you may modify this as you please in the administrative part of SonarCloud. You cannot get a specific report for newer codes in your repository or Salesforce org. The security report generated is for collated code from your org or repository. I would also appreciate more help with working in SonarCloud for those who are not versatile with the application. Although, CodeScan provides hands- on help. The team needs to consider writing up a manual for specific operations in SonarCloud that organisations might be interested in. **Recommendations to others considering CodeScan:** CodeScan does the job for security vulnerabilities and quality assessment more than most high-end commercial tools. It is just as good as the very expensive tools and integrates well with your CI/CD process. The company ensures their clients are satisfied and always check in with their customers. They do not leave you hanging like some other organisations do. Lots of opportunities to ask for help if you are stuck. Overall, for secure code reviews, it is brilliant! We do not currently use if for SAST but it does a great job with overall reporting of your code-base - projects. **What problems is CodeScan solving and how is that benefiting you?** We currently use CodeScan to facilitate in our internal secure code reviews and it does well with in-depth information regarding new and existing code security. It also provides more than Security vulnerabilities or hotspots, it is very beneficial for Quality bugs relating to Salesforce Apex. We do not currently use this aspect of CodeScan. We have used it to improve our deployment process by 50%, and SonarCloud is easily integrated with our CI/CD process, which automates CodeScan scans for our teams. ### 7. Must-have for those running several solutions within Salesforce **Rating:** 5.0/5.0 stars **Reviewed by:** Alex B. | Senior IT Solutions Architect for People & Culture, Tobacco, Enterprise (> 1000 emp.) **Reviewed Date:** November 19, 2020 **What do you like best about CodeScan?** First of all, CodeScan is just great to deal with: they are extremely flexible, helpful, and do respect customers' internal procedures (even if they are overcomplicated for sometimes small purchases). We're using it with SonarQube, it's quite straightforward to install and use by the DevOps Engineers. **What do you dislike about CodeScan?** I can't actually find anything that I dislike, sorry... **Recommendations to others considering CodeScan:** As I have mentioned above CodeScan team is great so it's a plus already. If you are using it with SonarQube make sure it's not a Sonar used globally and somehow you get your own "space". You're paying here for lines of the code and you don't want to run out of the nr of lines you've purchased (of you can if you have a budget) Ask your developers which tools they prefer in the majority fo the cases it will be CodeScan **What problems is CodeScan solving and how is that benefiting you?** Before going live with our Project that mainly was developed by the third-party it was important for me to understand the code complexity and its impact on dev-ops processes we've envisioned here. We had a couple of less than a pleasant conversation with our implementation partner since they hold that they deliver a product of the highest quality...and then came CodeScan. The result was something we had a feeling about - poor coding standards, a lot of loops, etc. Ok, CodeScan is not a real human so don't expect that there's nothing to do for you after you have it. Sometimes it does overuse "code smell" and so on but you can mark it once and just re-check with the next deployments. If you are in a similar position where you are in the dark how your code looks like or you want something that easily will identify if one developer is not destroying the work of the other one I can't recommend CodeScan more ### 8. The best static code analysis tool for Salesforce **Rating:** 5.0/5.0 stars **Reviewed by:** Dino K. | Salesforce Developer, Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** The ability to set different Quality Gates for different projects combined with different Quality Profiles. Out-of-the-box ruleset is just huge and the option to customize the ruleset is useful. The setup is really easy. You can use an IDE plugin combined with the cloud solution (IntelliJ or VS Code) so it acts like a lint tool and that is really useful for development. Works with JavaScript (LWC) as well as other languages (out-of-the-box). CI/CD is also supported which is brilliant. Copado, Jenkins, GitLab it's all there. In addition to CI/CD, you can also configure a webhook and send it to Slack :) From the reporting point of view, Leak Period gives an overview of arising issues which is really useful as well as the Technical Debt. Another pro is the option to send the reports periodically. Overall a fantastic tool every Salesforce developer should use. **What do you dislike about CodeScan?** Wish there was a bit more documentation available and a custom report option for an individual member of the project. **Recommendations to others considering CodeScan:** Neatly fits into the Agile methodology. It helps in speeding up the development process and greatly contributes to overall code quality. Additionally, it saves a lot of time and effort on setup and maintenance. UI is simple to use and the configuration is simple. **What problems is CodeScan solving and how is that benefiting you?** Developers on the projects follow the enforced standards hence overall code quality improved. Enforced test coverage significantly increased = fewer bugs. Code reviews take less time as the obvious mistakes are pointed out during development. Saves a lot of time (and stress!) during the two-week sprints :). CI/CD integration is a must-have and codescan integrates nicely into it. ### 9. One awesome code scanner! **Rating:** 5.0/5.0 stars **Reviewed by:** Sheshant K. | Enterprise (> 1000 emp.) **Reviewed Date:** November 24, 2020 **What do you like best about CodeScan?** CodeScan really has saved us a lot of time in doing code reviews. We had the opportunity to let our developers install it in the VS Code IDE and codeScan did everything else. The prompt warnings with the mention of lines, and the best way to correct it is what eased it all for us. **What do you dislike about CodeScan?** Nothing really as of now. CodeScan infact has been so much flexible in integrating with Copado. So our CI/CD process was actually well streamlined. **What problems is CodeScan solving and how is that benefiting you?** The user interface of CodeScan. The flexibility of integrating it with Copado. Ease of installation with VS Code. ### 10. Fantastic static code analyzer **Rating:** 4.5/5.0 stars **Reviewed by:** Justin H. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 04, 2020 **What do you like best about CodeScan?** Its biggest pro is the centralized analysis for multiple different languages. Typically you'd need to set up and configure a linter for JS, Java, Python, etc separately, per repo but codescan works out of the box on all the major languages and provides a single UI for managing the rules. It also is simple to set up and integrate into CI/CD and takes away the pain of having to do that integration for each language pipeline. Another pro is that it works at the project level so you can have multiple repos, each of different languages (or mixed) which all have their own coverage and health grade. You can also customize each ruleset (self hosted) for each language to suit the teams needs. Some people enjoy trailing commas and the others are just wrong. **What do you dislike about CodeScan?** There are a few quirks that, though provide rare frustrations, are by no means large deterrents. One such rarity is a rule being flagged as incorrect due to a misinterpreted context. Of course, you can just mark it as ignored but then the real frustration comes from the email notification sent out that a rule was ignored. Typically this is a useful feature as people shouldn't be bypassing rules, but in this case it's a bit frustrating to hold off on a deploy while you explain why the rule was ignored. Also, during CI/CD, if an upstream branch was merged to master, a branch of that branch will fail. Of course, the simple solution is to point the branch at master now and rerun but sometimes you just want things to unrealistically work. No VIM plugin :( **Recommendations to others considering CodeScan:** If your team has multiple different languages, repos, etc or constantly generating new microservices, CodeScan is going to dramatically decrease setup time. Also, as the rules become standards for the team the dev iterations speeds up due to less PR churn and yak shaving. **What problems is CodeScan solving and how is that benefiting you?** As mentioned above, it solves the critical problem of maintaining multiple different linter and ci/cd integration pipelines. It runs against most languages and has a single integration pattern. The UI allows a single source of truth for the rules so each new project automatically has them applied without any additional configurations or boilerplate 3rd party library setups. ### 11. Technical Architect responsible for design and code maintenance **Rating:** 5.0/5.0 stars **Reviewed by:** Stefan A. | Mid-Market (51-1000 emp.) **Reviewed Date:** November 18, 2020 **What do you like best about CodeScan?** IDE plugin which allows developer to have immediate scan of the new code they are preparing. **What do you dislike about CodeScan?** I'm missing option to export reports and show it i.e. in Jenkins similar to PMD plugins. **Recommendations to others considering CodeScan:** Build better integration with CI/CD tools like Jenkins so the analysis can be used as quality gate on the builds. Allow reports to be easily exported and integrated with CI/CD tool so users can have all information needed in one place. **What problems is CodeScan solving and how is that benefiting you?** Security code review. Duplications in code. Unused variables and methods. It help to keep code clean. Love it. ### 12. Great investment! **Rating:** 5.0/5.0 stars **Reviewed by:** Andrew Y. | IT System Analyst, Mid-Market (51-1000 emp.) **Reviewed Date:** August 18, 2020 **What do you like best about CodeScan?** We are using the SonarQube plugin and VS Code extension and both have been extremely valuable and an integral part of our development lifecycle. The initial ruleset is very good, and it provides significant flexibility to dial the rules in to our standards. It is a time saver for the manual code review process by ensuring that most issues that can easily be detected are caught up front so we can focus on business logic and design issues during the manual review. **What do you dislike about CodeScan?** No major issues from the tool itself. If SonarQube has a self signed cert it did require a few extra steps configuring the VS Code plugin. Once setup everything works great. **Recommendations to others considering CodeScan:** Take time up front to review the rules and tweak to meet the needs of your organization. Use the collaboration features and ensure team is staying on top of issues assigned to them. **What problems is CodeScan solving and how is that benefiting you?** We are seeing improved code consistency, catching common bugs and removing potential security holes, and overall able to focus manual code reviews on business logic, efficiencies, design patterns, etc. ### 13. Game changer **Rating:** 5.0/5.0 stars **Reviewed by:** Mendy K. | CEO, Small-Business (50 or fewer emp.) **Reviewed Date:** August 26, 2020 **What do you like best about CodeScan?** It's reducing potential bugs and other issues and make monitoring much easier, you should make your developers work with this tool and you catch any mistake or error before deploying to production. In addition, you can add rules on your own to make sure the team follows the company's procedures. It's clean and easy to use. **What do you dislike about CodeScan?** When you work with big projects it could take some time to load it the first time. **Recommendations to others considering CodeScan:** Try it for free for 30 days and see how it can help you **What problems is CodeScan solving and how is that benefiting you?** It's making sure that our developers are working according to our procedures. I can run a health check for new projects. ### 14. Raising the bar on code quality in Salesforce projects **Rating:** 5.0/5.0 stars **Reviewed by:** Chris G. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 13, 2020 **What do you like best about CodeScan?** CodeScan enables developers to see if they have introduced technical debt almost real time before they check the code into the version control repository. They can fix issues or ask for help so that the quality bar is raised. CodeScan also provides visibility to Project and Delivery Management to see if process is being followed by developers and TA's. It creates transparency and differentiates PolSource from the competition. CodeScan also enables you to understand what technical debt you might be inheriting when starting to work with a Client and to help you to agree the roadmap to improved quality. **What do you dislike about CodeScan?** Ensuring you have adoption and alignment is a key to success in raising the quality bar. What I dislike is when I spot resistance to adoption and the creation of a bow wave of technical debt. The reporting features of CodeScan helps to ensure that this is transparent and the corrective actions taken and support provided. **What problems is CodeScan solving and how is that benefiting you?** Projects should develop code to industry standards and CodeScan helps us along that journey whilst reducing the need for Technical Architects to manually do what an automation tool can achieve. We are able to empower developers to have immediate feedback to issues as they arise and hence the quality improves. We have not had any escalations for code quality adherence since we started using CodeScan ### 15. Better than alternatives **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** August 12, 2020 **What do you like best about CodeScan?** CodeScan provides a much deeper set of rules compared to the alternatives currently available. The rule thresholds can be configured in the UI and you can save your changes to the rule severity & thresholds as a profile that can be applied to projects. Issues identified often provide pretty good examples of how to address the issue right in the tool. Plugin available for the most popular IDEs (VS Code, IntelliJ). The documentation has become much better, especially for the Cloud/Hosted version. **What do you dislike about CodeScan?** It is difficult to configure CodeScan to only scan my changes. Thankfully they provide multiple options (scan only files with a specific regex, compare to a date snapshot, branches). However, some investment could be made to make this easier and more powerful. The integration with CI/CD tools (especially Copado) needs to be better. CodeScan intends you to use it as a code review tool, but often I already have a Pipeline tool (e.g. Gitlab/BitBucket Pipeline, Jenkins, Copado) and all I want to use CodeScan for is to scan code. Unit testing often times out. There needs to be greater control over how unit tests are executed and to avoid hitting the timeout limit. The daily reports could be more helpful if you could specify that they run against a branch rather than "master". The documentation is getting better every day. That said, I would like to see CodeScan invest in more walkthroughs. Also, rather than just explain what a feature does, explain how you might make a decision how to use that functionality. **Recommendations to others considering CodeScan:** Expect challenges integrating it into your CI/CD/Pipeline tool. **What problems is CodeScan solving and how is that benefiting you?** CodeScan is helping us to enforce parts of our coding standard, and using the tool is helping us to coach our developers and improve their skill. I don't know that we have data to quantify this, but we do believe the tool is helping us identify larger architectural and scalability issues earlier in the cycle. Thus far there has not been vulnerabilities identified in code delivered that was scanned using CodeScan. ### 16. Easy to integrate and maintain, sometimes hard to use during daily development **Rating:** 4.0/5.0 stars **Reviewed by:** Adam O. | Salesforce Developer, Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** A lot of rules, easy integration with IDE and CI Processes **What do you dislike about CodeScan?** There is no option to run static analysis with command (like You can do with esLint or other tools or only at save, big consumption of CPU. **Recommendations to others considering CodeScan:** There are a lot of rules which could be use. You need to pick the ones which suits You, because there will be a lot of issues in Your initial scan, and not everything will make sense for You. **What problems is CodeScan solving and how is that benefiting you?** Our code review process is faster and it is much easier to maintain code standards. We have a lot of objective rules to follow so I don't need to spend my time on fixing common bugs. ### 17. CodeScan Experience **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** Exact error details and fixing ways mentioned under 3 dots. fixing time and effort are also mentioned. **What do you dislike about CodeScan?** Less number to code lines error...as it is difficult to make and call methods every time. Code coverage issue for those method classes arise in apex. **Recommendations to others considering CodeScan:** Easy to use, correct error definitions and correction suggestions, fixing time and effort are also mentioned. **What problems is CodeScan solving and how is that benefiting you?** Mainly cyclic complexity issue, as it is difficult to figure out manually. ### 18. A fantastic tool for DevOps and quality management **Rating:** 5.0/5.0 stars **Reviewed by:** Ben B. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 19, 2020 **What do you like best about CodeScan?** The clarity of the information provided, ease of use, the ability to quickly assign tasks to team members **What do you dislike about CodeScan?** nothing much - when CodeScan is used in a project the code quality is higher **What problems is CodeScan solving and how is that benefiting you?** So far the projects I have been involved with using CodeScan have been remediating technical debt - reviewing and improving older code. I am certain this then made subsequent implementation projects easier and more successful because all the troublesome wasteful technical debt had been tidied up ### 19. CodeScan is awesome **Rating:** 5.0/5.0 stars **Reviewed by:** Denis K. | program architect, Enterprise (> 1000 emp.) **Reviewed Date:** November 17, 2020 **What do you like best about CodeScan?** Easy to install into your pipeline. Great Info **What do you dislike about CodeScan?** Nothing. All good. It would be great to be able to upload my own rules **What problems is CodeScan solving and how is that benefiting you?** Security Scanning. General code quality of Salesforce code ### 20. Codescan user review **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.) **Reviewed Date:** August 06, 2020 **What do you like best about CodeScan?** The sales team was very responsive when we talked to them about piloting it as part of SonarQube scan for the apex code. They were very cooperative about providing temp license and extending it few times until out POC was complete. We were able to then proceed with procurement. **What do you dislike about CodeScan?** user documentation need to updated so that it is available to everyone **Recommendations to others considering CodeScan:** best plug-in for Apex code scanning....It may support other types of code as well **What problems is CodeScan solving and how is that benefiting you?** SonarQube did not provide support for apex (salesforce) code scan, which Codescan plug-in provided ### 21. A complete Static Code Analizer for Salesforce development **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** The UX is pretty straightforward. The capabilities and the Rules library is the best I have seen at the moment. The best are the reports and dashboards that gives you all the information needed to know what are the most common code bad practices your team is adding to your project and how to resolve the technical debt. **What do you dislike about CodeScan?** The price. Codescan is an expensive tool compared with the rest of competitors. On the other hand, Codescan is the best for salesforce. **What problems is CodeScan solving and how is that benefiting you?** Technical debt and how to solve the issues following best practices. ### 22. Very Good UI with proper articulates for maintaining code quality **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** Navigation and the User Interface is very friendly for Developers **What do you dislike about CodeScan?** Could have managed more effectively as getting sometimes login issue **Recommendations to others considering CodeScan:** Good overall experience so far **What problems is CodeScan solving and how is that benefiting you?** We are trying to resolve our code cyclomatic complexities before pushing our code to higher Orgs ### 23. Identify your code vulnerabilities increase the quality and simply improve your code review process. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Electrical/Electronic Manufacturing | Enterprise (> 1000 emp.) **Reviewed Date:** August 25, 2020 **What do you like best about CodeScan?** We've been using CodeScan with our development team for only a couple of weeks but it already lives up to its promises. It's helping us applying our development standardization by identifying code and security vulnerabilities earlier in the process before we deploy to production - (VF, Apex, LC, LWC, Javascript and much more ...) and it's also considerably improving and simplifying our code review process. Much more fun to come as we are now customizing the different quality gates/notifications and dashboards ... **What do you dislike about CodeScan?** It can be a bit complex to use in the beginning and requires some time to set it u correctly. **Recommendations to others considering CodeScan:** try the free version **What problems is CodeScan solving and how is that benefiting you?** Identify code vulnerabilities ### 24. Good tool but rules can be improved for Apex **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** December 17, 2020 **What do you like best about CodeScan?** Configurable rules for each language are good to use. **What do you dislike about CodeScan?** Time it takes to run the scan is too much. **What problems is CodeScan solving and how is that benefiting you?** We avoid building up of technical debt, leading to better code quality ### 25. Good tool to purify the Product **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Education Management | Mid-Market (51-1000 emp.) **Reviewed Date:** August 14, 2020 **What do you like best about CodeScan?** Quality Code, Improvise in the standards of coding in the team. Tool has a very good analytic process which runs the validation rule for the each line of the code checked in on repo and the locally. **What do you dislike about CodeScan?** Time difference and waiting time for the fix. **What problems is CodeScan solving and how is that benefiting you?** Syntactical issue with the code. Standardisation of the code quality ### 26. Great tool for helping developers build coding review into their normal work pattern **Rating:** 4.5/5.0 stars **Reviewed by:** Edward B. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** It reveals the quality of code according to rules **What do you dislike about CodeScan?** We had to play around a little bit with a local server before we realised we could try the cloud version **What problems is CodeScan solving and how is that benefiting you?** We are looking to improve the code conventions used across a team of developers. We are still in the implementation phase. ### 27. Useful static analysis plugin **Rating:** 5.0/5.0 stars **Reviewed by:** RODRIGO AMADOR M. | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** That it has a lot of sonarqube rules that helps us to improve quality of our code **What do you dislike about CodeScan?** There are some rules that give us a fake issue **Recommendations to others considering CodeScan:** Of course **What problems is CodeScan solving and how is that benefiting you?** We improve a lot the mantenibility of our code and developer take the time to design better its algorithms ### 28. Code quality scans for Apex **Rating:** 3.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** November 17, 2020 **What do you like best about CodeScan?** It helps us scan apex code which is not included in sonar qube community version **What do you dislike about CodeScan?** Cost of the tool which is just a plug-in **What problems is CodeScan solving and how is that benefiting you?** apex code quality ### 29. CodeScan is Great **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** The way it provides all the reports without vconfiguring anything on-prem **What do you dislike about CodeScan?** We cannot modify the already created rules or we cannot add up any new scanning rules **Recommendations to others considering CodeScan:** Use it to make your work easy and save time. **What problems is CodeScan solving and how is that benefiting you?** Was scanning the code for code coverage, duplicity of code etc. Benefit is that we don't need to configure anything like installation and all is not required. Everything is available by just a single login ### 30. Does the job at a great price **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Government Administration | Enterprise (> 1000 emp.) **Reviewed Date:** September 29, 2020 **What do you like best about CodeScan?** Straightforward. Extensive feature set. Easy to setup. **What do you dislike about CodeScan?** Dislike is a strong word. I wish I could somehow have custom rules added to the cloud version. But understand that that is hard. **What problems is CodeScan solving and how is that benefiting you?** Visibility on code quality. Visibility on security posture ### 31. A necessary tool for keeping your apps healthy **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Management Consulting | Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** The ease of use and how fast it can be deployed on complex environments. **What do you dislike about CodeScan?** That sometimes regular activity reports can be intrusive if not ´properly configured. **Recommendations to others considering CodeScan:** Effective to conduct regular sanity checks on applications. **What problems is CodeScan solving and how is that benefiting you?** Being able to access a regular health check for the application and ot act proactively. ### 32. Awesome code analysis tool supporting Salesforce **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** It finds the right bugs , it does the job well with less average cost. With regular updates on new features makes it more adaptive and easy to use tool for developers. **What do you dislike about CodeScan?** There is no hotspots or quick wins. Still does it jobs better then comparable products **What problems is CodeScan solving and how is that benefiting you?** potential flaws injected by developers ### 33. Helps to improve code quality and follow best code practices as we code. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** we can follow good code practices as we code so we do not have to worry about code quality later **What do you dislike about CodeScan?** Some errors are not helpful like gives exception handling error even if we catch exception **What problems is CodeScan solving and how is that benefiting you?** Checking accessibility before making any DML statements or SOQL queries. declaring variables final. ### 34. Great benefits for a standard static analysis tool **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2020 **What do you like best about CodeScan?** Reports scheduled for all projects give us great results **What do you dislike about CodeScan?** False positives, it needs work in terms of rules sometimes but can be tuned **What problems is CodeScan solving and how is that benefiting you?** Most of our reviews rely on code scan as we have a large landscape of orgs ## CodeScan Discussions - [What is CodeScan used for?](https://www.g2.com/discussions/what-is-codescan-used-for) - [View CodeScan pricing details and edition comparison](https://www.g2.com/products/codescan/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-13+09%3A15%3A39+-0500&secure%5Bsession_id%5D=fd7c715f-b954-4ad5-9172-9c36ea2e0f05&secure%5Btoken%5D=c95c3e25c7615d6917bfef07226ce1afbcd9a739bd7a6d82ad62f0649fbafbb0&format=llm_user) ## CodeScan Features **Administration** - API / Integrations - Extensibility **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top CodeScan Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (138 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (32 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (873 reviews)