CodeScan Reviews & Product Details

IDE plugin which allows developer to have immediate scan of the new code they are preparing. Review collected by and hosted on G2.com.

I'm missing option to export reports and show it i.e. in Jenkins similar to PMD plugins. Review collected by and hosted on G2.com.

We are using the SonarQube plugin and VS Code extension and both have been extremely valuable and an integral part of our development lifecycle. The initial ruleset is very good, and it provides significant flexibility to dial the rules in to our standards. It is a time saver for the manual code review process by ensuring that most issues that can easily be detected are caught up front so we can focus on business logic and design issues during the manual review. Review collected by and hosted on G2.com.

No major issues from the tool itself. If SonarQube has a self signed cert it did require a few extra steps configuring the VS Code plugin. Once setup everything works great. Review collected by and hosted on G2.com.

It's reducing potential bugs and other issues and make monitoring much easier, you should make your developers work with this tool and you catch any mistake or error before deploying to production. In addition, you can add rules on your own to make sure the team follows the company's procedures. It's clean and easy to use. Review collected by and hosted on G2.com.

When you work with big projects it could take some time to load it the first time. Review collected by and hosted on G2.com.

CodeScan enables developers to see if they have introduced technical debt almost real time before they check the code into the version control repository. They can fix issues or ask for help so that the quality bar is raised.

CodeScan also provides visibility to Project and Delivery Management to see if process is being followed by developers and TA's. It creates transparency and differentiates PolSource from the competition.

CodeScan also enables you to understand what technical debt you might be inheriting when starting to work with a Client and to help you to agree the roadmap to improved quality. Review collected by and hosted on G2.com.

Ensuring you have adoption and alignment is a key to success in raising the quality bar. What I dislike is when I spot resistance to adoption and the creation of a bow wave of technical debt. The reporting features of CodeScan helps to ensure that this is transparent and the corrective actions taken and support provided. Review collected by and hosted on G2.com.

CodeScan provides a much deeper set of rules compared to the alternatives currently available.

The rule thresholds can be configured in the UI and you can save your changes to the rule severity & thresholds as a profile that can be applied to projects.

Issues identified often provide pretty good examples of how to address the issue right in the tool.

Plugin available for the most popular IDEs (VS Code, IntelliJ).

The documentation has become much better, especially for the Cloud/Hosted version. Review collected by and hosted on G2.com.

It is difficult to configure CodeScan to only scan my changes. Thankfully they provide multiple options (scan only files with a specific regex, compare to a date snapshot, branches). However, some investment could be made to make this easier and more powerful.

The integration with CI/CD tools (especially Copado) needs to be better. CodeScan intends you to use it as a code review tool, but often I already have a Pipeline tool (e.g. Gitlab/BitBucket Pipeline, Jenkins, Copado) and all I want to use CodeScan for is to scan code.

Unit testing often times out. There needs to be greater control over how unit tests are executed and to avoid hitting the timeout limit.

The daily reports could be more helpful if you could specify that they run against a branch rather than "master".

The documentation is getting better every day. That said, I would like to see CodeScan invest in more walkthroughs. Also, rather than just explain what a feature does, explain how you might make a decision how to use that functionality. Review collected by and hosted on G2.com.

A lot of rules, easy integration with IDE and CI Processes Review collected by and hosted on G2.com.

There is no option to run static analysis with command (like You can do with esLint or other tools or only at save, big consumption of CPU. Review collected by and hosted on G2.com.

Exact error details and fixing ways mentioned under 3 dots. fixing time and effort are also mentioned. Review collected by and hosted on G2.com.

Less number to code lines error...as it is difficult to make and call methods every time. Code coverage issue for those method classes arise in apex. Review collected by and hosted on G2.com.

The clarity of the information provided, ease of use, the ability to quickly assign tasks to team members Review collected by and hosted on G2.com.

nothing much - when CodeScan is used in a project the code quality is higher Review collected by and hosted on G2.com.

Easy to install into your pipeline. Great Info Review collected by and hosted on G2.com.

Nothing. All good. It would be great to be able to upload my own rules Review collected by and hosted on G2.com.

The sales team was very responsive when we talked to them about piloting it as part of SonarQube scan for the apex code. They were very cooperative about providing temp license and extending it few times until out POC was complete. We were able to then proceed with procurement. Review collected by and hosted on G2.com.

user documentation need to updated so that it is available to everyone Review collected by and hosted on G2.com.