Gearset this week revealed it has acquired Clayton, a provider of a code analysis platform for software-as-a-service (SaaS) applications running on the Salesforce cloud service.
The Clayton platform identifies anti-patterns and vulnerabilities in the software development lifecycle of custom applications that extend the core capabilities provided by Salesforce applications.
Gearset CEO Kevin Boyle said the addition of Clayton to the DevOps platform that Gearset provides to build and deploy those loud will make it easier for organizations to deploy secure applications without adversely impacting the rate at which they are being built and deployed.
Clayton already has an existing alliance with Gearset and will continue to operate as a business unit. The combined company will, at the same time, work toward further tightening integration between the two platforms, said Boyle. The financial terms of the deal were not disclosed.
In general, a recent Gearset survey finds more than half of organizations building custom applications on top of the Salesforce platform have embraced continuous integration/continuous deployment (CI/CD) platforms, with another 28% planning to adopt. The survey also finds 59% of respondents working for organizations that either have already adopted or are planning to adopt version control, while 54% have implemented automated testing.
Overall, more than half of respondents (54%) said DevOps teams have improved release quality, while 46% report improved collaboration. However, only 38% and 33% said more frequent releases or reduced lead times, respectively, is a factor in justifying their return on investment (ROI) in DevOps workflows. In effect, organizations are signaling they are much more concerned about application quality than they necessarily are about the rate at which that goal is achieved.
Achieving that goal is simpler using a dedicated CI/CD platform because building Salesforce applications requires mastering a proprietary mix of programming languages, formats and metadata. The challenge organizations building those applications encounter is the developers that build these applications have varying levels of expertise, including so-called citizen developers who have little programming expertise. As such, the odds that applications might be misconfigured or contain vulnerabilities that could be exploited by cybercriminals are fairly high. Gearset provides a platform that makes it simpler to enforce best DevSecOps practices as those applications are being built and deployed.
In the long term, it’s already apparent that generative artificial intelligence (AI) will also increase the pace at which many of these applications are being developed. As that pace increases, the need for the best DevOps workflows to effectively manage that increased pace of development is only going to increase. The challenge and opportunity, as always, is determining how to ensure those applications are of the highest quality possible as the frequency at which they are built and deployed only continues to increase.
Ultimately, organizations that embrace DevSecOps are going to consistently build and deploy higher quality applications, said Boyle. Right now, however, it’s not clear how many organizations building SaaS applications on the Salesforce platform are even aware that there is a set of best practices for building them.