This chapter contains the resources required to govern Phase F of the Salesforce Platform Governance Method. As per all phases in this resource guide, the approach we have taken is to assemble the most relevant resources that align with the corresponding governance method. Since you’ve been working through the book and using these resources, you’ll know that although we have tried to cover all the major areas relating to this topic, completing your own research in addition to examining the resources we have provided will really set you up for greatness!
You do not need to use this resource base as a strict method or process. The idea is that this will give you a good indication of what you should be taking into consideration. The expectation is that you will use this as a guide and then build upon it as you navigate the Salesforce ecosystem.
Guidelines and Best Practices
This section contains the guidance and best practices that are available from Salesforce, as well as other resources that we have determined will be valuable. This section should serve to provide a good set of guidelines that can be reviewed by anyone delivering the governance function within your organization.
We know there is an infinite number of resources available on the Web, and although some are better than others, this resource base will provide you with a good selection of resources that we recommend you review. As per all the resource base documentation in this book, providing the complete technical definition for every aspect of code not clicks (can you see what I did there?) is not the objective. There are many ways in which you can achieve your desired outcomes using code in Salesforce. Therefore, this resource base has been created with reference to the topics covered in the method that you will find informative and relevant. The resource base is divided into three main sections: the resources themselves and then related standards and associated tooling, and finally the supporting governance checklist.
As is the case with all the resource base chapters in this book, the links to the resources will be managed in the Salesforce Platform Governance Method GitHub account. The URL for this account is as follows: github.com/salesforceplatformgovernancemethod.
Apex, Visualforce & Lightning
Programmatic Resources
Artifact | GitHub Ref | Description |
---|---|---|
Salesforce Architects: Development Standards | Development Standards | This resource provides an informative guide into the topic of development standards: what they are, why they are important, and how you create and maintain them in your environment. |
Apex Developer Guide: What is Apex | What is Apex | This resource introduces Apex, a strongly typed (meaning that Apex validates references to objects at compile time) object-oriented programming language. Salesforce developers use Apex to revolutionize the way they create on-demand applications. Apex is the first multi-tenant, on-demand programming language for developers interested in building business applications. |
Trailhead: Apex Basics a& Database | Apex Basics | This resource provides a basic introduction to Apex and its basic concepts: sObjects, Data Manipulation Language (DML), SOQL, and SOSL. Also review the video resources that provide many tutorials and examples that may prove useful. |
Apex Developer Guide: When Should I Use Apex | When Should I Use Apex | This resource provides a guide to answer the question of when Apex should be used. Here you will read about examples of when Apex is appropriate based on your use case and additional context on Lightning components, Visualforce, and SOAP. |
Lightning Component Library | Component Library | This resource provides you with a full library of all the Lightning components in the form of a guide. The component library includes both Lightning Web components and Aura components, along with example code that can be used as a base for further development. |
Apex Design Best Practices | Apex Design Best Practices | When coding in Apex, you want to write code that is efficient, scalable, and aligned to best practices. This resource covers some best practice techniques that you can employ in your code to ensure that you are designing your code correctly. Learn about bulkification, efficient SOQL queries, and other best practice principles that you can include in your code. |
Visualforce Developer Guide: What is Visualforce | What is Visualforce | This resource introduces the Visualforce concept. Visualforce is a framework that your developers can utilize to build custom UIs (user interfaces) hosted on the platform. This resource explains what Visualforce is and how it is architected. |
Visual Development – When to Click Instead of Write Code | Clicks not Code | Writing code is not always the only option. I know this resource base is focused on all things code, but it is good practice to remind ourselves that there are other options, and in some cases this could be a better option. Time, cost, and time to deliver—the project management triangle that we’ve all seen before. |
Visualforce Developer Guide: Standard Controllers | VF Standard Controllers | Learn how to use standard controllers to define what data and behaviors are available to users when they interact with a Visualforce component. |
Visualforce Developer Guide: Custom Controllers and Controller Extensions | VF Custom Controllers and Controller Extensions | Use custom controllers when you want your Visualforce page to run entirely in system mode, which does not enforce the permissions and field-level security of the current user. |
Visualforce Developer Guide: JavaScript Libraries with Visualforce | JavaScript Libraries with Visualforce | Using JavaScript in Visualforce pages gives you access to a wide range of existing JavaScript functionality, such as JavaScript libraries, and other ways to customize the functionality of your pages; review this resource to learn more. |
Visualforce Developer Guide: When Should I Use Lightning Web Components Instead of Visualforce | LWC or Visualforce | Being a Salesforce developer, you will at some point need to decide if an LWC would be better for your application than a Visualforce alternative. This resource guides you through this process and highlights the benefits that an LWC can offer. Bear in mind also that for all new development, Salesforce will always recommend LWC and Lightning Experience “low-code” tools. |
Lightning Web Components Dev Guide: Introducing LWC | LWC Dev Guide | Lightning Web Components (LWCs) are custom HTML elements built using HTML and modern JavaScript. LWCs offer many benefits over Visualforce; for example, namely performance. LWCs use core Web standards for which Salesforce is committed. This resource looks at LWCs in detail, including help on how to set up your development environment, what resources are available on Trailhead (you gotta love Trailhead!), and many examples and technical standards. |
Salesforce OmniStudio | Salesforce OmniStudio | Salesforce now offers you a suite of powerful tools that can be used to accelerate the development of digital experiences as part of the OmniStudio tool set. OmniStudio provides a number declarative or low-code options when developing guided experiences in Salesforce and comes as part of Einstein Automate, or as part of your Salesforce Industries license. Use these resources to learn more about this development option and its various components—flex cards, OmniScript, data raptors, and integration procedures—and also the deployment tools that can be used to release functionality. |
Introduction to the Salesforce Lightning Design System | SLDS | The Salesforce Lightning Design System is a styling framework that enables you to build, amongst other things, Experience Sites that share the same look and feel as the Salesforce platform. SLDS allows the development team to focus on application functionality and user experience rather than creating pixel-perfect sites. There is a lot to review regarding this topic, and the resources we have provided reflect that. |
Secure Coding Guide: Secure Coding Guidelines | Secure Coding | This informative resource provides a set of guidelines that you should review to ensure that your code is secure. This guide is composed of a set of security issues that Salesforce has identified and therefore should be relevant for your application. This does not, however, cover every security issue that you should code for. Always check the OWASP site for a more thorough view on current Web application security flaws. |
The Open Web Application Security Foundation | OWASP | The OWASP foundation’s primary focus is to improve the security of software. The OWASP foundation has existed for over 20 years as of 2021, and provides many resources and guides for how to secure the Web. The “OWASP Top 10” provides details for the most critical security concerns for Web application security. This report is created by leading professionals from all over the world. |
Apex Design Patterns | Apex Design Patterns | It’s already been said that with Apex you can pretty much build any custom solution on the Salesforce platform. This resource covers the more common design patterns and best practices for Apex development. |
Implementing Idempotent Operations with Salesforce | Idempotent Operations | This resource covers the importance of idempotent operation design. Idempotent operations basically make you think about how your code will behave if it were to execute multiple times. Would it matter? If so, what can you do to manage any unwanted side effects while maintaining the performance of the code? |
Apex Enterprise Patterns: Service Layer | Apex Ent Pattens | This Trailhead module covers some of the complexities seen when developing applications for the enterprise. Apex is a very flexible language that can accomplish quite a bit with only a few lines of code. This Trailhead module delves deeper into topics such as separation of concerns, service layer, and domain layer, which are all design patterns that you should be aware of. |
Developers Blog: 4 Steps to Successful Async Processing | Successful Async Processing | This article introduces asynchronous processing with the Salesforce platform. It is a good resource to review before you move on to more practical or “hands on” resources. |
Trailhead: Asynchronous Apex | Asynchronous Apex | This Trailhead module is essential for any developer who wants to learn more about how to write more efficient code with asynchronous processing. |
Apex Developer Guide: Future Annotation | Future Annotation | Use the future annotation to identify methods that are executed asynchronously. When you specify future, the method executes when Salesforce has available resources. |
Apex Developer Guide: Using Batch Apex | Batch Apex | This resource describes Batch Apex, providing the developer the ability to run complex, long-running processes in chunks across your entire data set. You can run Batch Apex at specific times using the Apex scheduler and fire platform events from Batch Apex. |
Apex Flex Queue: Batch Apex Liberation | Apex Flex Queue | This video resource introduces the Apex flex queue. This is essentially a holding queue for jobs waiting to be processed by the batch job queue when resources become available. |
Enhance Salesforce with Code: Monitoring the Apex Flex Queue | Monitoring the Apex Flex Queue | With the Apex flex queue, you can place up to 100 batch jobs in the queue, all waiting for resources to be freed up to process each batch. While batches are in this holding state, you can reorder the jobs in the queue using the FlexQueue class. Review this resource to learn more details. |
Apex Developer Guide: Apex. Execution Governors and Limits | Apex Governor Limits | As previously discussed, Salesforce is a multi-tenant environment. Therefore, mechanisms must be in place to ensure that runaway code cannot monopolize platform resources where another Salesforce instance could be adversely impacted. Salesforce achieves this by employing a set of limits, Governor Limits, to protect the platform and ensure that all code can execute. If you breach a given limit your code will throw an exception. This resource provides details for the limits imposed, and therefore this should be reviewed, understood, and put into practice when developing on the Salesforce platform. |
Trailhead: App Development Without Limits | App Dev Without Limits | This Trailhead module and developer blog covers the concepts that for a developer will be essential reading. Learning how to code while avoiding the limits enforced by the platform will save a lot of time and headache that would occur should you exceed limits enforced by the platform. The most common limit is concurrency—long-running jobs that take over five seconds to execute. These resources provide insightful and informative details on how to avoid these problems. |
Apex Developer Guide: Triggers | Apex Triggers | Apex triggers can be invoked when certain record actions are performed. There are two types of triggers: before and after triggers. This resource describes how triggers work and provides several considerations that should be reviewed to ensure that they are used properly. |
Apex Developer Guide: Triggers and Order of Execution | Order of Execution | To maintain the integrity of the data in Salesforce, for all automation actions performed when you save a record there is an order of execution that occurs. These resources describe this order and why it is important and provide numerus considerations for your review. |
Apex Developer Guide: Understand Testing in Apex | Apex Testing | Salesforce cares a great deal about unit testing of code. In fact, it’s mandated that at least 75% of your code must be covered by unit tests that complete successfully. Without this, you will not be able to deploy your code into production. To this end, Salesforce is an advocate of test-driven development, where you code your tests at the same time as functional code development. These resources describe how testing in Apex should be done and therefore are essential for all developers to understand and act upon. A video presentation is provided, as well as Trailhead modules and the content provide in the developer guide. |
Apex Developer Guide: Testing HTTP Callouts | Testing Apex Callouts | When writing your Apex code, you need to ensure that you have 75% test coverage. This is just as important as the actual code itself. Test methods do not support HTTP callouts, so to get around this limitation, we generate mock HTTP responses in tests. There are two ways that you can achieve this, which are explained in this resource. In addition, the Trailhead modules included in this resource are well worth reviewing, especially if you are a new developer beginning to code in Apex. |
Apex Developer Guide: Exceptions in Apex | Exceptions in Apex | Debugging your code is a critical part of the development process. You can debug your code using the developer console and debug logs. To make your debug logs more readable, Apex supports exception statements and custom exceptions. This resource explains how exceptions note errors and events that disrupt the flow of code execution and explores other methods of handling errors, including why one method is better than another. |
Salesforce Development Tools | Development Tools | There are many tools that you can use for Salesforce development. This resource provides a table of tools and their associated use cases. Tools listed include the developer console, Visual Studio Code, and the Salesforce CLI. Use this resource to choose the environment that works best for you. |
Visualforce Performance: Best Practices | VF Performance Best Practice | This resource provides a collection of best practice considerations that can be used to improve the performance of your Visualforce pages. |
Enhance Salesforce with Code: Static Resources | Static Resources | Static resources allow you to upload content that you can reference in a Visualforce page, including archives (such as .zip and .jar files), images, style sheets, JavaScript, and other files. Use this resource to learn how to use them, and try it out for yourself using Trailhead. |
Developers Blog: A Guide to Application Performance Profiling in Force.com | Application Performance Profiling | When developing your application on the Salesforce platform, you want to know that your application will perform as designed and handle the volumes of data over time. This resource introduces the concept of application performance profiling and provides examples that use the Salesforce tooling to achieve this. |
Developers Blog: Paginating Data for Force.com Applications | Paginating Data | This resource helps to demystify pagination strategies that you could use to achieve peek application performance. |
Apex Developer Guide: JSON Support | JSON Support | In Apex you can support JSON serialization and deserialization, generate JSON-encoded content, and parse JSON data such as a response to a Web service callout. This resource provides examples of each, including JSON support considerations. |
Enhance Salesforce with Code: Custom Labels | Custom Labels | Custom labels are essential for developers who are creating multilingual applications. We use custom labels to specify custom text values that can be accessed from Apex classes, Visualforce pages, Lightning pages, or Lightning components. The values can be translated into any language Salesforce supports. |
Apex Reference Guide: Custom Settings Methods | Custom Settings Methods | We discussed custom settings in Chapter 13, “Data Architecture & Management.” This resource builds on your understanding and provides a detailed usage reference for both types of custom setting methods: List and Hierarchy. |
As you undoubtedly already know, the big Salesforce technical benefit is that many of your organization’s automation requirements can be serviced using the declarative tools available on the platform. However, there are also situations where the declarative option will not give you the outcome that you need; for example, if your requirement is to create a Web service, or if you need to perform complex validation that requires the field values across multiple objects. Other use cases include custom login flows or authentication handlers that require the programmatic approach rather than the declarative alternative.
The programmatic options available in Salesforce are Apex, Visualforce, and Lightning components (Web or Aura). The resources in this chapter aim to provide links to many of the topics that cover the programmatic aspects of each option and associated requirements.
As we know, Salesforce is a multi-tenant environment. This is important to consider, especially when writing code in Apex. There are stipulations that Salesforce enforces on any developed Apex code to ensure the multi-tenant architecture is not compromised by runaway code. Apex governance limits and test coverage requirements are both examples of the rigor Salesforce mandates you to comply with.
Programmatic Resources
The resources in the following table will help you to understand the technical aspects of the Salesforce programmatic environment and to navigate your way through the governance process by paying attention to code quality, security, access control, governor limits, code performance, unit tests, and, finally, the order of execution.
Phase F Standards
Your organization should have well-defined development standards that are used by your dev teams to ensure that all code deployed into your production environments is efficient, secure, well documented, tested, and aligned to the coding principles defined by your governance process. An important part of your development documentation set will be your Software Development Lifecycle (SDLC).
A good SDLC should include a detailed guide as to how you gather requirements, navigate the design phase, articulate the development process, being specific about naming standards, coding styles, and code documentation, and essentially ensuring that your development team develops code that conforms to the blueprint defined for each language used in your organization. Your SDLC will also describe the testing process used by your organization and the tools available for this purpose. Finally, deployment. If you are an organization that operates a multitude of project delivery methodologies, for example, agile or waterfall, then the SDLC should provide detailed definitions for the release process for each methodology employed by your organization.
But why have coding standards? I mean, it’s likely that all your developers have been coding since they were in adolescence or are fresh from their training and have all the information top of mind and “know” what they are doing. After all, your developers were hired for a reason; they are talented and valued members of the development team and always deliver code that serves the intended purpose. Having documented coding standards, however, serves to ensure that regardless of how experienced or talented your dev teams are, all code is developed in a uniform way. This makes it much easier for dev teams to improve readability across teams, reduces code complexity, and therefore helps the process of maintaining code in the future. We want to avoid a situation where only specific individuals can manage the code base. Imagine a scenario where your principal software developer has decided to take advantage of other opportunity outside of your organization and the rest of the devolvement team must then try to pick apart existing code to add new functionality, resolve bugs, and so on. This could be costly from a resource perspective and cause unsavory delays to other projects in flight. OK, this is an extreme example, but we wanted to make the point clear.
Having these standards in place should promote a consistent development style that enables you to debug your code, identify reuse opportunities, and build a solid coding practice that’s easier to enforce as part of the overall project governance process.
Apex Naming Standards
Type | Case Type | Naming Convention | Comments | Wrong Examples |
---|---|---|---|---|
Apex Class | PascalCase | <Namespace>_<Class Name><Optional Suffix> | Namespace: optional. Short, often an acronym. Use only for classes that are exclusive to a single app/project, and are sure to stay that way over time. Don’t confuse this with the namespace as used in packages or dev orgs! Class name: nouns, describing the class’s functional purpose. Avoid acronyms and abbreviations. Suffix: indicates common class types - Controller, Extension, Handler, Utilities, TriggerHandler. | CustomerAssessment – Lacks project namespace + suffix; not obvious what it does. SmallBusinessConfigureAndPricingTool_CustomerAssessmentController – Namespace too long. Use acronym instead. SBCPTCustomerAssessmentController – Where does namespace end and class name start? Use underscore. SBCPT_Customer_Assessment_Controller – Uses underscores within the class name. |
Apex Test Class | PascalCase | <Class Being Tested>_Test | SBCPT_CustomerAssessmentControllerTest – Does not use an underscore before “Test.” | |
Apex Methods | camelCase | <Verb(s)><(optional) Noun Set> | Verbs: describe the actions being performed: get, save, check, etc. Noun set: describes what the verbs are acting on | parentAccount( ) – Missing verb. What action is being performed on the parent account? GetParentAccount( ) – Starts with capital letter. |
Apex Variables | camelCase | <Short yet meaningful nouns> | Avoid one-letter variable names, except for temporary variables or loop variables. | parAcc – Unclear what this represents. parentAccountSave – Uses a verb. ParentAccount – Starts with a capital letter. |
Apex Constants | SNAKE_CASE | <Capitalized words> | Should be descriptive of the constant without using too many words. | maxCharacters – Indistinguishable from a variable. MAXIMUM_NUMBER_OF_CHARACTERS – Too long. |
How to gather and document business requirements
What design collateral should be created, reviewed, and governed as part of a “design” package of work in the overall governance process
Well-defined coding standards: coding tools such as preferred IDEs, naming conventions, how to document code properly, writing efficient and performant code (bulkification, as an example), and coding with a strong focus on security; for example, using “with sharing” by default
What coding patterns and frameworks are advocated as best practice. A great example is the use of trigger frameworks that control how object automation is processed, being sympathetic to the Salesforce order of execution and preventing recursive operations.
Having a well-defined testing process with clear outcomes. Firstly, all code has met the testing requirements enforced by the platform, code coverage and test classes written, and tests passed. Your governance process should ensure that only tested code that has passed your quality gates and code scans such as PMD or Veracode should be approved for release to production.
Release and deployment is another great example of standards that your SDLC should provide. If you have a CI/CD process employed within your overall release process, then the principles and standards enforced by your governance process should be clearly articulated and maintained.
Checklists
Governance Step | |
---|---|
Design and Functionality | Pass / Fail |
Govern the continuum of UI options used against those available on the platform (buttons, mashups, Canvas, Visualforce pages, and Lightning components) | |
Govern the sharing and visibility model in code solution | |
Govern the code against the security best practices to ensure all Visualforce and Apex code is developed per OWASP standards. | |
Govern the object-oriented design principles and design patterns that were adhered to when developing the solution (Singleton, etc.) | |
Govern the appropriate use of the Model-View-Controller pattern | |
Govern any Apex controllers against the technical standards (extensions to standard controllers and custom controllers) | |
Govern the usage of custom settings and synchronous vs. asynchronous patterns, and all the available execution contexts (e.g., batch, trigger, callout, etc.) | |
Govern the usage of batch Apex and the flex queue | |
Govern the Apex / Visualforce solution against the governor limits | |
Govern the order of execution of transactions within the platform (specifically against pre-existing triggers) | |
Govern the quality of test coverage (required for production deployment, callout testing is a special case) | |
Govern the approach to error/exception handling | |
Performance and Scalability | Pass/Fail |
Govern that performance and scalability best practice has been considered within Visualforce pages and Apex code (Performance Profiling, use of static resources) | |
Govern the Apex and Visualforce performance to include LDV scenarios (pagination, JavaScript remoting) | |
Govern the use of external web technologies and complementary UI technologies. | |
Maintainability and Reuse | Pass/Fail |
Govern multi-language support, determine the appropriate solution has been used to support globalization | |
Govern the options and techniques used to make programmatic components maintainable and reusable on the platform (custom settings, skeleton templates, custom metadata types) |