A Complete Salesforce Code Review Checklist

A Complete Salesforce Code Review Checklist

In any development project, code quality is the most significant factor contributing to failure or success. While your software and program developers have unmatched skill and expertise, there’s always a chance they may make a few mistakes. Poor code quality can lead to data security risks, vulnerabilities, logic problems, uncovered edge cases, and overall integration failure.

To ensure your DevOps pipeline produces successful products, it’s critical to perform a code review to avoid potential quality issues and inconsistencies. This crucial step enables your team to get a second opinion on the solution before implementation. In this Salesforce code review checklist and guide, you’ll find everything you need to conduct an efficient and successful review.

What Is a Code Review? 

A code review is a procedure in which developers and programmers conduct a systematic examination to validate source code’s design and implementation. The goal is to help developers identify bugs, determine code quality, and maintain consistency across various projects. Team members will conduct a code review—also known as a peer code review—at an early stage in the development process. 

Reviews allow developers to test the source code and check other team members’ work before it goes live. Likewise, code review enables organizations to improve Salesforce code quality and make the codebase more stable while prompting programmers to work together more effectively. Because software is prone to human error, mistakes are part of the process. 

The closer a team member is to the work, the harder it can be to critique. Peers and outside parties must check that projects meet all requirements and style guidelines. A code review aims to accelerate and streamline software development by finding and correcting mistakes before they have a chance to cause future problems. 

In general, the code review process can:

  • Improve practices
  • Detect logical errors, inconsistencies, and irregular formatting
  • Isolate common vulnerabilities
  • Identify malware integrated into the software 
  • Ensure quality documentation

Why Are Code Reviews Valuable?

Developing a consistent, robust code review process sets the foundation for continuous improvement within your organization and prevents unstable code from interrupting your business processes down the line. Here are the top benefits of conducting a code review. 

1. Improves Performance

Improves Performance

Developing a consistent, robust code review process sets the foundation for continuous improvement within your organization and prevents unstable code from interrupting your business processes down the line. Here are the top benefits of conducting a code review. 

1. Improves Performance

Code reviews require various team members—often more experienced ones—to look at the code units with a fresh set of eyes and find ways to enhance the development project. This review helps optimize the code for better performance. Those who check a developer’s code will also ensure everything is efficient, such as using established building blocks instead of starting from scratch every time. 

2. Catches Mistakes

Programming is naturally repetitive, which can result in overlooked mistakes. Code review also enables team members to share knowledge and ask for help if they run into issues. Reviewing code makes it easier to discover bugs and fix them before customers notice. 

Waiting until it’s too late can make it challenging for developers to remember code, solutions, and reasoning. Conducting the review process early in the software development life cycle allows them to engage in unit tests to fix issues with fresh knowledge.

3. Enhances Security + Compliance

Thorough code reviews target and eliminate security vulnerabilities, which is integral in software development. Security team members identify these issues early on and alert developers to the threat. This process can also ensure compliance. While developers have various backgrounds and coding styles, code reviews help everyone adhere to the same style guidelines and standards.

4. Increases Collaboration 

Increases Collaboration

Effective cooperation is a critical component of success in any organization. Code reviews enable your team members to work together to create solutions that meet customer needs. Increased collaboration through this process can prevent information silos and maintain a seamless workflow across all departments. Code reviews also present opportunities for mentoring, so teams can train new developers and foster idea sharing. Small, cooperative teams can work together to realize goals, develop successful patterns, and enhance professional relationships.

5. Improves Code Quality

One of the most recognizable advantages of conducting code reviews is that they ensure you ship high-quality code and software. Finding code quality issues in your Salesforce pipeline allows you and your team to track project requirements and ensure your processes align with client needs.

Catching problems before they snowball out of control also ensures consistency and reduces the risk and cost of low code quality. Hard-to-maintain code and production bugs can lead to technical debt. Code reviews aim to minimize these risks by conducting quality assurance to deliver a higher return on investment.

6. Strengthens Programmers’ Skills

Reviewing code prompts team members to make valuable changes, which helps them learn new techniques and solutions from their more experienced colleagues. Code reviews help developers and programmers spread knowledge across your organization and promote the value of feedback and mentorship.

If junior developers know senior team members will evaluate their code, they will also feel motivated to work harder and be proud of the code they write. This oversight can help your team hone their skills and learn how to become better programmers overall.

What Do Code Reviewers Look For?

What Do Code Reviewers Look For?

Some elements of code review take place automatically, while others require a human reviewer to evaluate. The peer code review begins after all automation checks complete. Those who write the code are authors, while the people who examine it are reviewers. Code reviewers look for specific elements during this process, which include:

  • Design
  • Functionality
  • Readability
  • Maintainability
  • Correct and clear naming
  • Style
  • Logic
  • Structure
  • Performance
  • Security
  • Test coverage
  • Relevant documentation
  • Level of complexity
  • Architecture
  • Consistency
  • Potential side effects
  • Reuse of existing code

During basic code review, developers may ask themselves the following questions relating to the elements above. If the answer to all these is yes, the code generally meets requirements for performance and quality. 

  • Is the code following our style standards and guidelines?
  • Can I understand the code?
  • Does the code function as expected?
  • Does the code fulfill regulatory requirements?
  • Is the code bulkified?
  • Are collections used wherever possible?
  • Is the code coverage above 75%?
  • Are relationships used to reduce queries?
  • Are the unit tests written to test logic rather than increase code coverage?

Salesforce Code Review Steps 

Now that you have a general idea of how code reviews work, let’s break down the elements reviewers look for. Here’s a detailed Salesforce code review checklist that gives you an idea about the various aspects your team should consider while reviewing the code.

1. Formatting


While going through the code, reviewers will check that the formatting meets standard guidelines and ensure there are no blockers. Here are the formatting items to remember:

  • Use proper alignments, layouts, and identifiable starting and ending points
  • Ensure proper naming conventions in Salesforce
  • Check that the code fits in a standard screen
  • Remove comments
  • Avoid repetition—the same code should not occur more than twice

2. Architecture

Next, reviewers will determine if the code follows a defined architecture, which includes:

  • Order of execution
  • Exception handling and logging framework
  • Trigger framework

During this phase, developers will ensure presentation, business, and data layers are in multiple layers and respective files, such as HTML, JavaScript, and CSS. They will also check whether the code is in sync with existing code patterns and technologies, including design patterns.

3. Nonfunctional Requirements

Code reviewers will also assess nonfunctional requirements, which are a set of specifications within a system that outline its constraints and capabilities. This part of the code review enables developers to improve the code’s functionality, speed, security, and data integrity. Here are some of the steps a reviewer will analyze.

  • Readability: Is the code self-explanatory? Does it use appropriate names for functions, variables, and cases? Does it take too long to understand?
  • Extensibility: Can you enhance the existing code with minimal changes? Are components easily replaceable by better ones?
  • Scalability: Can the code support a large number of users?
  • Configurability: Does the code keep configurable values in place so no changes are necessary if the data frequently changes?
  • Testability: Is the code easy to test? Does it use interfaces while talking to other layers? Does it avoid static functions that are not easily testable?
  • Security: Does the code feature authentication, authorization, input data validation, encryption, and other measures against security threats?
  • Performance: Does the data type best suit the needs? Is it free of asynchronous and parallel processing?

4. Object-Oriented Analysis + Design Principles

Object-Oriented Analysis + Design Principles

Object-oriented analysis and design requires code reviewers to follow the principles below.

  • Single-responsibility: A piece of logic should have a single responsibility entirely encapsulated by the function, class, or module. Place responsibilities in separate classes and functions.
  • Open-closed: Software systems and existing code should be open for extension and functionality, but not for modification. New functionality should be part of new classes and functions.
  • Dependency inversion: Code reviewers and developers should rely on abstractions, not concretions.
  • Interface segregation: The code should not contain lengthy interfaces with dependencies, which can impact functionality. Instead, these should be in smaller interfaces.
  • Dependency injection: Inject dependencies instead of hardcoding them.

Salesforce Code Review Best Practices

Code reviews are essential, but they may differ slightly depending on your organization, software, requirements, and general needs. Here are some general best practices to remember. 

1. Communicate Goals + Expectations

Before beginning a code review, discuss the analysts’ goals and expectations. You can create a physical checklist for all programmers and developers to access to ensure they consistently evaluate code with the same criteria in mind. Communicating these expectations in advance prepares viewers and helps them spend their time wisely during the process. 

2. Include Everyone in the Code Review Process 

While some organizations may prioritize code reviews for junior developers, you should practice reviews for everyone involved with your team. Even the most skilled senior programmer can make a mistake. Keeping consistent reviews across the board can prevent these issues and encourages everyone to do their best. 

Including all your essential team members, from programmers to developers to engineers and software architects, makes it easier to spot issues and confirm product quality. Likewise, involving everyone can improve collaboration and relationships among programmers. 

3. Limit Code Review Sessions

Limit Code Review Sessions - Only 400 Lines at a Time

Reviewing code is often tedious and repetitive. Sitting in front of a monitor for too long can cause reviewers to lose focus. For this reason, it’s best to keep code review sessions between 200 and 400 lines at a time. If your reviewers check too many lines at once, it can be more challenging to identify problems.

Focusing on no more than 400 lines at once allows team members to give their brains a chance to reset and look at each set with fresh eyes. Additionally, try to keep these review sessions at a maximum of 60 minutes. After an hour, your reviewers’ performance and attention to detail will drop. Keeping sessions shorter can improve the codebase quality.

4. Ask Questions + Give/Receive Helpful Feedback

As with any project, give constructive—yet kind—feedback. Instead of making vague statements, encourage reviewers to ask questions, give suggestions, and explain their changes. In addition to this detailed feedback, it’s also helpful for developers to praise each other, making the learning experience valuable and uplifting.

Remind code reviewers that everyone has room for improvement, including the most senior developers. Reviewers should provide specific, constructive feedback while remembering everyone is human and makes mistakes. This practice can also help boost communication among your team.

5. Assume Good Intent

Be sure to talk to your team about assuming good intent. From junior to senior developers, everyone has different strengths and weaknesses. Code is a craft, so your team members should tap into a sense of curiosity and appreciation when reviewing their colleagues’ work. Encourage your team to try to understand what the coder tried to do instead of highlighting errors.

6. Clarify Your Actions + Their Importance

Clarify Your Actions + Their Importance

When software developers write code, they may assume their intent is always clear. However, it may be less evident to the reviewer who examines it later. Reviewers who make suggestions should be detailed about their changes and why they’re necessary.

For example, reviewers should provide specific feedback about fixes they made or ask why the programmer made a particular choice. When reviewers make suggestions, particularly to newer developers, it’s critical to educate them in detail so they can learn from their mistakes and grow as professionals.

7. Thank Your Colleagues to Show You Appreciate Their Work

The primary goal of code reviews is quality control. However, this process also presents an opportunity for your team to build an appreciation for the hard work everyone contributes. Ultimately, all colleagues deserve to feel like their work is valuable.

Writing functional code is a rare talent, so all reviewers should practice giving praise and positive feedback to others when possible.

What to Add to Your Code Review Checklist

Evaluate your current code review process. If you believe it could use extra steps, here are some items to add to your code review checklist. 

1. Check for Code Duplication 

A piece of code could appear several times throughout a codebase for many reasons, such as if multiple people had similar ideas around the same time. Or, the author may have planned to extract the duplication to a dedicated method but then forgot about it. When reviewing code, be vigilant about repetition. Reviewers should check whether the functionality appears elsewhere in the code. 

2. Determine Whether Names Are Descriptive Enough 

Determine Whether Names Are Descriptive Enough

Naming is a challenging aspect of software engineering. When performing code reviews, team members must look for opportunities to improve the names of variables, constants, class fields, methods, and classes. Sometimes, programmers may pick unnecessarily complicated names. With patience, your reviewers can find simple, creative titles that adhere to organizational language. 

3. Look for Possible Performance Improvements

While you should take advantage of automatic checks and production monitoring to detect performance issues, your team can also look for these during code review. Specific problems may be relatively simple to spot, including:

  • Inefficient logging and string concatenations
  • An expensive operation inside a loop
  • Excessive allocations of objects 

4. Check Test Presence + Quality 

Automated tests, such as unit tests, should also be subject to review. To do a thorough test check, reviewers should consider the following aspects:

  • The presence and quality of tests 
  • Readability 
  • Naming 

5. Automate Wherever Possible 

Using a Salesforce code review tool is one of the most effective ways to streamline your processes and reduce time-consuming manual labor. Reviewing code can be tedious, so an organization’s DevOps pipeline can benefit from automation. Checking potential automation issues can save time during the peer review process, giving reviewers more time to spend on aspects such as usability. 

There are various types of Salesforce test automation, including processes like continuous integration and continuous delivery/deployment. These essential elements of the software product development process offer technical value by enhancing code quality. In addition, CI and CD improve efficiency and speed of development, enabling constant communication and eliminating repetitive tasks.

Streamline DevOps Implementation With an Automated Platform 

Code review is an essential part of the development cycle, but it can also be monotonous. With quality tools, you can automate your labor-intensive code review processes, such as CI and CD, and streamline Salesforce applications’ development and release. 

CodeScan offers an end-to-end code analysis solution that will help you maintain your code’s quality from start to finish. Specifically designed for Salesforce, the static code analysis solution increases productivity by automating your reviews, offering flexible hosting options, and streamlining the entire process. Schedule a demo today to see how our platform can help you develop high-quality, secure code.

Develop high quality, secure code!

Setting Up and Using CodeScan Effectively
Setting up and CodeScan in your salesforce org

Running CodeScan on your Salesforce Org is a great first step towards quality code, but maintaining that quality is a Read more

Estimating ROI with CodeScan
Estimate ROI using static code analysis tool CodeScan

Every Software Development Professional knows the following fact: the later bugs are found, the more expensive they are to fix. Read more

SFDX Tutorial | Setting Up CodeScan
CodeScan with Salesforce DX

Salesforce DX is a new focus on source-driven, collaborative development. The Salesforce CLI (Command Line Interface) easily integrates into your Read more

CodeScan and Visual Studio Team Services
continuous integration visual studio

Visual Studio Continuous IntegrationVisual Studio Team Services (VSTS) is a quick and powerful tool to set up continuous integration and Read more