Autorabit Fall 2022 Release

AutoRABIT Fall 2022 Release Features Slack and Teams Integration

AutoRABIT, a leading Salesforce devops platform vendor based in San Francisco, this week announced a bevy of upgrades to their platform. The announcements featured new integrations with Slack, Microsoft Teams, and HashiCorp Vault. The release covers improvements CodeScan Shield, AutoRABIT Automated Release Management (ARM), and Vault Data Backup & Recovery. “We’re excited to further expand our suite of solutions to continue to meet the needs of our partners and customers. These updates to our release management processes will continue to help organizations save time and money during a time where both are needed,” said Prashanth Samudrala, VP of Products at AutoRABIT in a press release.

Slack and Teams Integration

There are many processes and activities involved in running a Salesforce devops management program. Those processes can be fragile and require repair when broken. For example, when running a Salesforce metadata deployment, the Salesforce Org can reject the update because of an error that occurs during the deployment. To manage exceptions, a reliable signaling and logging mechanism becomes an essential tool.

The new AutoRABIT ARM integrations with Slack and Teams gives ARM the ability to log messages into dedicated Slack and Teams channels. Besides high-priority alert messages about process failures, AutoRABIT ARM will also post status and activity completion messages into Slack and Microsoft Teams.

CodeScan Shield Quality Gates

AutoRABIT’s static application security testing (SAST) tool CodeScan Shield gets several usage upgrades in this release. Salesforce SAST tools work by scanning an org’s metadata for security flaws present in the Apex, JavaScript, and other procedural languages. A problem that often occurs with SAST tools is that they overwhelm users with too many error messages. One way to manage that flood of messages is to create a tolerance threshold for taking certain actions.

AutoRABIT calls these tolerance thresholds “quality gates.” I had a chance to ask AutoRABIT’s VP of Products, Prashanth Samudrala exactly what that means. “Quality Gates help developers write clean, safe code. With this release, we are introducing a new capability where a team can set a threshold for their quality. These thresholds are spread across SAST reports, deployment reports and code reviews. Auto approval allows developers to automatically push their code to the stage in their pipeline saving time while not compromising on quality,” said Mr. Samudrala in our email correspondence.

Salesforce DX Support

AutoRABIT also said they have added support for Salesforce DX in CodeScan Shield. As a part of the quality gate project, CodeScan Shield now works with the recently upgraded Salesforce Code Analyzer. Salesforce Code Analyzer works as a plugin into SFDX-CLI, the Salesforce CLI tool used for org-based development. According to Salesforce web site, “Salesforce Code Analyzer plug-in is a unified tool for static analysis of source code, in multiple languages (including Apex), with a consistent command-line interface and report output.”

It seems like CodeScan is a new rules engine for Salesforce Code Analyzer. I asked AutoRABIT to clarify how the Salesforce Code Analyzer integration worked. “CodeScan supports all the languages supported by Salesforce CLI Scanner and has more rules for Apex, LWC and Salesforce Functions,” added Mr. Samudrala in our email correspondence.

HashiCorp Vault Integration Boosts DevSecOps

Finally, AutoRABIT also announced an integration with HashiCorp Vault. This addresses a common problem in Salesforce devops – secret information leakage.

Salesforce devops pipelines frequently integrate other systems into pipeline processes. Usernames, passwords, and certificates must be safely stored and used to access those systems. Frequently, developers make the mistake of just storing that information in project source code. Even when stored in private repositories, there are plenty of penetration scenarios which puts that type of data at risk of disclosure. It seems to be a rite of passage for all developers to somehow make this mistake early in their careers.

I also asked AutoRABIT to explain why they decided to make this upgrade. “Unlike other release management tools, where Salesforce developers in regulated industry are forced to share their password or personal access tokens when integrating version control in CI/CD pipelines, AutoRABIT’s HashiCorp integration allows them to tightly control access to their tokens and passwords using key rotation,” said Mr. Samudrala in our email correspondence.

AutoRABIT Keeps on Hopping

The AutoRABIT Fall 2022 release is a nice collection of improvements in AutoRABIT’s suite of products. The company shows the progress we should expect from a growing Salesforce application development management platform. And adding HashiCorp Vault helps to boost AutoRABIT’s claim to be a DevSecOps company.

AutoRABIT received a Series B funding round earlier this year, and it seems to be settling into the niche of servicing critical Salesforce application development. Giving Salesforce DX developers better access to CodeScan will increase scripting options, and better integrate CodeScan into devops pipelines. And the Slack and Teams integrations checks a major box in devops program management.

Related Posts