Capterra’s researchers use a mix of verified reviews, independent research and objective methodologies to bring you selection and ranking information you can trust. While we may earn a referral fee when you visit a provider through our links or speak to an advisor, this has no influence on our research or methodology.
Capterra carefully verified over 2 million reviews to bring you authentic software and services experiences from real users. Our human moderators verify that reviewers are real people and that reviews are authentic. They use leading tech to analyze text quality and to detect plagiarism and generative AI. Learn more.
Capterra lists all providers across its website—not just those that pay us—so that users can make informed purchase decisions. Capterra is free for users. Software and service providers pay us for sponsored profiles to receive web traffic and sales opportunities. Sponsored profiles include a link-out icon that takes users to the provider’s website. Learn more.
Pros
Excellent documentation and a fair pricing model. Integrates with our DevSecOps CI/CD tool (Copado) seamlessly.
Overall, fantastic tool that helps ensure code quality and best practices.
Ease of using, works nice with Jenkins pipeline. Good interactive dashboard.
M very impressed and excited with the features of CodeScan so far. I think it will be extremely beneficial for our developers.
Cons
Ignoring these is simple, but then the email that it's been ignored is shot off and then the questions start rolling in.
There is probably a way to avoid the email getting sent out but I haven't looked into it yet.
It doesn't report on individual scans. The report is tailored to the entire project and all the vulnerabilities that exist in your project.
Sometime gives irrelevant errors, actually there is no error.
Showing Most Helpful
Showing 14 of 14 reviews
"Great for Salesforce Apex"
Pros: It finds the right bugs and I've checked it against Checkmarx, it does the job well with less cost. I like the new feature "Security Hotspot", it has helped my team to work efficiently in writing secure codes.
Cons: It doesn't report on individual scans. The report is tailored to the entire project and all the vulnerabilities that exist in your project. To this, it fails industry standard but it still does a good job.
"Fantastic Static Code Analyzer"
Overall: Overall, fantastic tool that helps ensure code quality and best practices.
Pros: A fantastic polyglot static code analyzer all wrapped into a single UI. Typically we would need to set separate integrations using language specific libraries and scan each file accordingly but a single CodeScan setup handles them all. CodeScan handles all major languages so even if the repo has a mix of Java, PHP, JS, etc, it out of the box applies best practices to ensure code quality. It also works across repos/projects which is great.
Cons: I think I recall that there is an issue when running on branches of branches where upstream is merged but we run into so infrequently it's not really a problem. We just point the branch back at master and rerun. Very rarely, but it has happened, there is a rule that may be incorrect due to context. Ignoring these is simple, but then the email that it's been ignored is shot off and then the questions start rolling in. There is probably a way to avoid the email getting sent out but I haven't looked into it yet. Once again, really rare.
"CodeScan Overview"
Overall: It helps me detects all the non standard code practices in my codebase before it gets to production. This saves me a lot of time in overall
Pros: The code scanning feature, the ease of performing most task with the app is what amazes me with the app.
Cons: I love everything about the app so far, especially the ease of adapting to it.
"An excellent quality gate for your DevSecOps processes"
Overall: As a customer facing architect with a Government customer, Codescan has been powerful in exposing the existing technical dept in our salesforce code base. We have implemented it as a quality gate as well to prevent vulnerabilities, especially those around data access, from being introduced to Production.
Pros: Excellent documentation and a fair pricing model. Integrates with our DevSecOps CI/CD tool (Copado) seamlessly.
Cons: Email reports are not beneficial for reporting to Security leadership, would like better options. Also all reports are emailed, you cannot select which project to email.
"Great product"
Overall: Problem: Fragmented application development teams with no unified way of working. CodeScan helped us put together a process that was easy to adopt
Pros: This was a very easy tool to set up, train and adopt. We onboarded a lot of users in very little time.
Cons: Would help if they had more documentation
"Great Enterprise Salesforce static code analysis"
Pros: Fits nicely with the overall Sonar offering Extensive libraries of rules and frequently updated Great support
Cons: Not applicable - Code Scan was very receptive to our feedback and acted swiftly
"Review"
Overall: Quite good
Pros: Ease of using, works nice with Jenkins pipeline. Good interactive dashboard
Cons: Hmnn. Nothing so far. In my daily work, it seems to work pretty good
"Excellent Insight into Code Quality and Security of Salesforce Development"
Overall: Excellent.
Pros: Easy to use. Easy to understand. Easy to implement. Great Value for money.
Cons: It would be good somehow to be able to upload my own rules to it. But I understand how difficult this would be.
"codescan review"
Overall: better control of dev works, kpi setting,
Pros: ease of install and deployment, good number of checks on code lines
Cons: native integration with git or other source control tools
"Codescan review"
Pros: Easy installation and high number of checks on the code (rules)
Cons: Not integrated with opensource SCM like Gitea
"Senior Technical Consultant"
Overall: I’m very impressed and excited with the features of CodeScan so far. I think it will be extremely beneficial for our developers.
Pros: I really like the real-time integration with Intellij. It was very easy to install and setup. Very helpful from a developer standpoint.
Cons: It seems a little buggy when you actually fix a suggestion. It doesn’t seem to remove the suggestion from the right side.
"Feedback"
Overall: Very satifying
Pros: Filter the bad code and help us to correct our code
Cons: Sometime gives irrelevant errors, actually there is no error
"CodeScan is the best for Salesforce"
Overall: To provide the most efficient and most clean code experience to the developers which will phenomenally add to the clean deployment process, a clean and a high performing application and all of this will add up to the success of the organization. One of the secrets of success of an enterprise is source code.
Pros: Code Smells feature and the slick UI which is so easy to use.
Cons: There is nothing that I like the least about this.
"Scan for a Project"
Pros: 1. Comprehensive list of code related areas in a report which can be sliced and diced and presented to client.
Cons: 1. Robust reporting capabilities which can give options to slice and dice using different criterias.