Code Audit Salesforce Org: CodeScan Makes it Easy

Are you running into apex limits, CPU timeout, heap errors or other governor limits in your Salesforce org? Are you running into issues with your test classes? Do you want review your Apex and Visual Force code to make sure that your development team is following coding best practices?

Automated code analyzers which test that the programs comply with coding standards transform a manual, syntax check oriented code review into an automated, faster, lower cost exercise.

While we have a security code scanner from Checkmarx, developers also need a tool which reviews their code for apex/vf best practices. CodeScan from is designed – not as a security audit tool – but as an automated code review solution for your Salesforce org with the goal of avoiding the common errors and mistakes in apex and vf coding.

 codescanCodeScan from is a unique code audit tool for Salesforce Apex and VisualForce. It offers rich visual reporting, lots of metrics, and time-lines to track improvements. The Enterprise version can also be used as a continuous integration (CI) tool to continuously run tests on your Salesforce or Apex unit tests.

The code review is designed to scan your Salesforce Apex classes, triggers (including test classes) and VisualForce pages for 160+ coding rules, including coding best practices specific to such as bulkification, cyclomatic complexity, duplicated code, comments and potential bugs.

Examples of rules used by CodeScan:

Here are some of the rules which CodeScan uses to check that your Apex and VisualForce pages do not exceed governor limits:

  • Future method used from within loop
  • Avoid calling sizeof on a soql statement.
  • Avoid calling soql with negative expressions.
  • Avoid calling soql without a where clause or limit statement
  • Avoid creating multiple triggers on the same object

One of the CodeScan rules which checks that your Salesforce org code follows bulkification best practices:

  • Avoid calling SOQL and DML inside loops.

You can drill down to modules then to packages and finally to source code to see where the problem is. In addition you can also automatically runs the unit tests and see failing tests and code coverage. Above all, the tool is designed to be extensible so that you can include your own rules for CodeScan as well.

The CodeScan tool from is available in three editions – Express, Developer and Enterprise – and there is a 30 day free trial for the Express edition you can sign up for. In addition you can also take a look at a working demo and the rules on their website – (look for CodeScan in products). Please note that the demo is based on an older version and there are more rules in the newer download from their website., headquartered in Australia, was founded by CEO Ben van Klinken in 2011. I spoke to Ben Van Klinken who is the chief architect and founder of this innovative company a couple of days back.

Ben mentioned that this tool is already being widely used by companies worldwide. CodeScan is also in the process of being listed on the Salesforce AppExchange very soon. I am told that some of the Salesforce premium partners also use this tool for the code reviews they do for their customers. Ben mentioned a very robust roadmap for the tool, continuous improvement plans, and enhancements in the rule engine. CodeScan from is designed to be a very powerful, time and money-saving solution for ensuring the health of your Salesforce org.


Tweet out to me how you like this CodeScan tool!