Gearset Acquires Clayton, Strengthening Salesforce DevSecOps
In a significant move that’s set to reshape the Salesforce DevOps landscape, Gearset, the most popular Salesforce DevOps platform, has announced its acquisition of Clayton, a specialized code analysis platform for Salesforce. The financial terms of the deal between these UK-based companies were not disclosed, but industry insiders suggest this strategic acquisition will substantially enhance Gearset’s capabilities in the growing field of DevSecOps.
Kevin Boyle, CEO at Gearset, emphasized the importance of this acquisition: “Salesforce development teams today need more than just speed — they need confidence in the quality and security of their code as they scale. The acquisition of Clayton allows us to address this need head-on by offering our customers advanced code analysis tools that streamline the development process and improve code quality from the ground up.”
Lorenzo Frattini, founder and CEO at Clayton expressed enthusiasm about the merger: “We started Clayton with a true passion: making it easy for teams to write secure, high-quality business apps on Salesforce. We are thrilled to join Gearset. Together, we can make modern DevSecOps accessible to many more Salesforce teams, making it easier to build secure, well-architected applications at scale.”
This acquisition highlights the critical role of code scanning in comprehensive data governance and risk management strategies, an aspect often overlooked in DevOps processes. As organizations increasingly rely on complex Salesforce implementations to handle sensitive data, integrating robust security measures into the development lifecycle becomes paramount.
Table of contents
What is DevSecOps and Who is Clayton?
DevSecOps is an approach that integrates security practices within the DevOps process. It emphasizes a “shift left” mentality, where security considerations are addressed early and throughout the development lifecycle, rather than as an afterthought.
Clayton has carved out a niche in this space, focusing specifically on Salesforce environments. Their platform identifies anti-patterns and vulnerabilities during the development phase, offering automated code corrections to remediate recurring issues. This approach has proven particularly valuable for large-scale Salesforce implementations, where code quality and security are critical concerns.
Salesforce DevSecOps Landscape
The acquisition positions Gearset more competitively against other major players in the Salesforce DevOps space who have been expanding their security offerings. AutoRABIT, for instance, has integrated CodeScan, a static code analysis tool, into their DevSecOps suite. Similarly, Copado has partnered with DigitSec to provide static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tailored for Salesforce.
Evolution of DevOps Platforms
This move by Gearset reflects a broader trend in the DevOps industry. Established players like GitHub, GitLab, and JFrog have all expanded their offerings to encompass DevSecOps capabilities.
GitHub’s Advanced Security offering includes features like code scanning, secret scanning, and dependency review. GitLab has integrated security features throughout their CI/CD pipeline, including SAST, DAST, and container scanning. JFrog’s Xray provides continuous security scanning for vulnerabilities and license compliance issues.
These developments underscore the growing recognition that security must be an integral part of the development process, not a separate concern addressed after the fact.
It’s A Big Deal
The acquisition of Clayton by Gearset represents a significant milestone for both companies. For Clayton, partnering with the most popular Salesforce DevOps platform is likely to expand their reach, putting their innovative security solutions in front of a larger customer base. For Gearset, this move strengthens their offering in the crucial area of application security, positioning them to deliver a more comprehensive DevOps solution to their Salesforce customers.
As organizations continue to grapple with the complexities of secure, efficient software development in the Salesforce ecosystem, integrated DevSecOps solutions like the one Gearset is now positioned to offer will likely play an increasingly important role. This acquisition may well set the stage for further consolidation and integration in the Salesforce DevOps market as vendors strive to offer more comprehensive, end-to-end solutions.
