Mavens used Gearset’s Code Reviews to build secure solutions on Salesforce.
Mavens has extensive experience in customizing Salesforce to meet the needs of both growing organizations and established enterprises, transforming the way organizations engage with healthcare professionals, patients, and consumers. Mavens is committed to delivering cloud solutions with unparalleled security and quality standards, making sure that sensitive customer data is always secure.
Challenges
Healthcare solutions handle highly sensitive data. Mavens wanted a systematic way to enforce security best practices from the very early stages of development.
Mavens’ engineering team had set up a homegrown code analysis tooling based on open source tools (PMD). This solution had soon to be abandoned, mostly due to the amount of noise and false detection continuously reported to developers.
Mavens needed a better, more accurate, solution that could help developers identify security threats early and reliably without slowing down their development workflow.
Solution
Mavens’ engineering team uses a feature-branch Git workflow for all their application developments. Every new feature or proposed change results in a pull request on GitHub, that kicks off an automated, real-time scan by Code Reviews.
Code Reviews performs an in-depth analysis of the proposed change to validate whether or not it complies with Mavens’ code quality and AppSec standards. Code that isn’t compliant is blocked and must be reworked by developers before it can be accepted and merged into the main development branch.
Any problems found in the application code are highlighted with inline comments on the pull request itself, so developers know what needs to be changed and can act quickly, without any need for human intervention. As soon as all issues are resolved, the pull request gets approved by Code Reviews and developers can move to a peer review with a colleague before the change is accepted and merged.
Any incorrect detections are flagged by developers and managed via an in-app workflow, that discards irrelevant findings and keeps a fully auditable track record of what detections have been dismissed, and by whom.
Code Reviews made our process so much faster. It catches best practice issues earlier and automatically, with very high accuracy. Our developers can now fix any problems before peer review, which results in an increased velocity for our team.
Kai Amundsen
Technical Architect, Mavens
