The Silicon Review
“Many of our customers, who have worked years in development, are surprised by the visibility they see within the first few scans they perform with CodeScan.”
CodeScan is the leading end-to-end static code analysis solution. It empowers developers on the Salesforce platform to improve code quality and security.
The company was incorporated in 2014 and is headquartered in San Diego.
Lior Kuyer, CodeScan Co-founder and CEO, spoke exclusively to The Silicon Review. Below is an excerpt.
Q. Explain your services in brief:
CodeScan offers the leading end-to-end static code analysis solution for the Salesforce platform. Our product empowers Salesforce DevOps teams with the ability to develop faster, better, cleaner code while offering continuous inspection of code security and quality. With CodeScan, DevOps teams can control their code quality, boost their code security, track their technical debt, increase their productivity, and enforce code standards. CodeScan is compatible with Salesforce languages and metadata, has the largest set of Salesforce rules, performed more than 21B line checks, and service hundreds of customers worldwide.
Q. One of the significant problems of static code analyzers is that they take too long to run, and sometimes developers don’t bother to run them either. How can we decrease this problem?
There is an increasing trend for DevOps teams to shift left in their project development and deployment. CodeScan empowers developers on the Salesforce platform to write higher quality code in real-time, helping teams adapt to the need for faster project deployment. In a recent customer survey that we sent to our users, 98 percent of our customers indeed claimed that CodeScan helps them write higher quality code. The run time of CodeScan’s products has never been a bottleneck for our customers because we integrate into popular development IDE Plugins, which allows developers to run a code scan while typing.
Q. How can we avoid too many false positives in static code analysers?
The type of issues you find versus the number of issues you find is a testament to a static code
analysis tool’s usefulness. The right solution will help you create a balance between the relevant information and the noise. CodeScan’s configurability helps to combat that issue. We are staffed with a great team that works with our customers to configure rulesets, down to issues and severities to which issues are configured. This customization of rules is where our solution shines. Our team helps customers create rulesets according to their relevant issues, so developers know what information to factor and fix instead of ignoring.
Q. Tell us in brief about your cloud services and its implications.
Our Cloud service provides our customers with a quick start to code quality and security. Our Cloud solution provides DevOps teams complete visibility into their code within minutes of signing up to CodeScan. Many of our customers, who have worked years in development, are surprised by their visibility within the first few scans they perform with CodeScan. Our product brings to light code issues that exist in the client’s environment and empowers them to fix those issues instantaneously.
Q. Insecure solutions are undermining our growth and other critical infrastructure. What are the different security measures implemented by you?
Security is especially important to us. This is emphasized by our strong encryption standards and multi-authentication login on our cloud platform, along with aligning our rules with CWE, SANS, and OWASP standards. CWE, SANS, and OWASP are common weaknesses in security that affect development in any language. By cataloguing these common vulnerabilities in our rules and enforcing this code standardization, we can give development teams the confidence to code their projects securely on our platform.
Q. How have emerging technologies contributed to the success of your business?
While Salesforce has been around for decades, it is still very much an emerging technology. The platform is continuously evolving to fit the needs of its customers. Salesforce controls more than 20 percent of the market share. Out of that share, 90 percent of them are fortune 500 companies. Our success is attributed to aligning our releases with Salesforce releases. We are an official partner to Salesforce and are integrated with the development console (Salesforce IDE), so we can align with new and updated IDEs as they are released.
Q. Providing high-quality software solutions needs in-house experts. How did you manage to form your dream team?
We believe in staying lean, efficient, and productive. We are currently a small team of less than 10 people but are planning to double in 2021. We may be small, but we believe in CodeScan’s product, capabilities, and service that it provides DevOps teams. CodeScan truly is the leading product in the industry; it is reliable, productive, and efficient, which we see through our customers’ satisfaction and success.
Q. Do you have any new services launching soon?
We have many things up our sleeve. We love the Salesforce ecosystem and are excited about offering DevOps solutions that give our enterprise customers the security to develop high-quality code while reducing their technical debt.
The Leader at the Helm of CodeScan
Lior Kuyer, Co-founder, serves as the Chief Executive Officer of CodeScan. He’s a serial entrepreneur with a strong background in engineering, showing a passion for Artificial Intelligence and Machine Learning from an early age. After receiving an M.Sc. with a specialization in Machine Learning and B.Sc. in AI from the Universiteit van Amsterdam, he worked in the tech industry for many years, where he was responsible for developing complex applications and systems management. In 2010, Lior relocated to San Diego with his family, where he founded three start-ups and currently co-leads two, one of which is CodeScan.