Mavens

Overview

Mavens have extensive experience in customising Salesforce to meet the needs of both growing organisations and established enterprises transforming the way organisations engage with healthcare professionals, patients, and consumers. Mavens' is committed to delivering cloud solutions with unparalleled security and quality standards, making sure that sensitive customer data is always secure.

Challenges

Healthcare solutions handle highly sensitive data; Mavens wanted a systematic way to enforce security best practices from the very early stages of development.

Mavens’ engineering team had set up a homegrown code analysis tooling based on open source tools (PMD). This solution had soon to be abandoned, mostly due to the amount of noise and false detection continuously reported to developers.

Mavens needed a better, more accurate, solution that could help developers identify security threats early and reliably without slowing down their development workflow.

Solution

Mavens' engineering team use a feature-branch git workflow for all their application developments. Every new feature or proposed change results in a pull request on GitHub, that kicks off an automated, real-time scan by Clayton.

Clayton performs an in-depth analysis of the proposed change to validate whether or not it complies with Maven's code quality and AppSec standards. Code that isn't compliant is blocked and must be reworked by developers before it can be accepted and merged into the main development branch.

Any problems found in the application code are highlighted with inline comments on the pull request itself, so developers know what needs to be changed and can act quickly, without any need for human intervention. As soon as all issues are resolved, the pull request gets approved by Clayton and developers can move to a peer review with a colleague before the change is accepted and merged.

Any incorrect detections are flagged by developers and managed via an in-app workflow, that discards irrelevant findings and keeps a fully auditable track record of what detections have been dismissed, and by whom.

Outcome

• The overall quality of Mavens applications has improved, with more than 1,500 issues resolved in the first 12 months of operation
• Mavens engineering team is shipping more robust applications; an average of 50 problems are prevented each month thanks to early detections
• The accumulation of technical debt throughout development is minimised; the amount of future rework is down by 340 hours/month thanks to early fixes
• Human-led code reviews are faster and more meaningful, as every aspect of security and quality compliance is dealt with in advance
• New developers are on-boarded more rapidly, as Clayton contributes speeding up this process and provide a safety net for mistakes