Skip to content
Salesforce Devops Map

Salesforce Devops Industry Map – Spring 2022 Edition

Welcome to the Spring 2022 edition of the Industry Map. In this post, I present the companies that I have curated for Salesforce devops organized into a map of choices. The map is designed to be a devops educational tool and a decision framework for Salesforce platform owners, architects, developers, and low-code users.

This is a companion post to Salesforce Devops Update – Spring 2022. In that post I go into detail about what you need to think about when creating a Salesforce devops management program. This post focuses on the Industry Map and describes each category. Each part of the map is thoroughly described, with links to the lists of curated companies. Decision Framework

To help teach people about Salesforce devops and to provide an industry guide, I launched the Industry Map in April 2021. This was done to share a decision framework that helps Salesforce platform owners and architects pick good devops solutions.

For 2022, the map has been updated to rename and combine some of the layers. Two new categories were also added: cybersecurity and testing.

Salesforce Devops Industry Map

Here is how I came up with the map. Most people portray the software development lifecycle (SDLC) as a loop or sequence of events. I found describing the SDLC as a circle or infinity symbol constrained the ability to categorize devops functionality. Instead, I stacked the flow of activities. When drawing this map, I was inspired by networking architecture diagrams, like the 7-layer ISO stack. Each layer groups processes that communicate with processes in adjacent layers.

Each layer in the map describes a major category of functionality. The lower the layer in the stack, the more granular and finely detailed are the activities. Going up the stack increases in activity complexity and the number of lower-level stack components invoked. Like how a networking architecture functions, inter-process communication is usually limited to stack boundaries.

Cybersecurity and testing are critical devops functions which don’t fit into layered categories. They envelop the devops processes at several levels. This is because continuous delivery pipelines integrate cybersecurity and testing activities at several different stages.

Layer Descriptions

Check each section header and descriptive text for links to see the companies in most categories. Click here to visit the entire map of products and services.

Stakeholders & Executives

The top layer represents all the company executives and stakeholders who formulate the goals of the organization, perform company operations, and observe value stream metrics to inform executive decisions. This is where new projects must originate.

Value Stream Management

This layer consumes the metrics and management information emitted by the Application Delivery Teams. Business processes are modeled and KPIs are identified. Data is used to link app metrics with the tangible value of each app. This gives the stakeholders and executives information used to make management decisions.

Application Delivery Teams

This is the key knowledge and actor layer. In an ideal scenario, this layer is occupied by the product team. Large companies often strive for better results with a Center of Excellence (CoE) dedicated to Salesforce or IT product management. Another modern approach to creating application delivery teams is to make agile-inspired scrum teams.

In other scenarios, organizations often employ consultants to build and assemble a new devops management program. Consultants of various sizes often play an important role in helping make the build-vs-buy decisions, and then to go on and implement a chosen devops solution. In the post-implementation phase of a devops project, organizations usually take over operations.

Application Lifecycle Management

This layer represents the project management resources devoted to IT projects. Application delivery teams often use Jira to share requirements, perform sprints, keep order, and move projects forward. This layer should emit the basic devops metrics, which enables companies to find high-performing teams.

System Reliability & Incident Management

This layer was called Observability in the last version. System reliability engineering (SRE) and incident management covers runtime error monitoring, critical issue resolution, log file management, and audience metrics. Salesforce has some built-in capabilities to cover these needs, and there are a handful of independent software vendors who manage Salesforce reliability. Salesforce users deserve better ways to know how people are using their applications.

Pipeline Orchestration

This layer is where the devops magic happens. It is like how the conductor of an orchestra commands the actions of their symphony. In this case, the musical instruments are the scripts and toolchains in the Devops, Developer & Low-Code Tools layer. Inbound messages to the orchestration layer trigger automated processes that create release artifacts, check & backup metadata, deploy release artifacts, and emit log files.

Pipeline orchestration requires a software system to be the orchestra conductor. For devops, the conductor is a server process running somewhere in the cloud. I call this server process the command server. Vendors often refer to this functionality as a CI/CD engine.

Devops, Developer & Low-Code Tools

It is within this layer where most of the SDLC activities occur. In Salesforce, there is a wide range of choices of how to compose new applications and manage devops. Those alternatives range from pure low-code choices to elaborate, DIY scripted environments.

Low-Code Tools

Much application development occurs today within the confines of the Salesforce clouds’ user interfaces. Low-code tools are also used with applications that run on top of Salesforce, including Salesforce Industries, nCino, and Veeva. Devops tools often run in low-code or no-code user interfaces, whether they are implemented in Salesforce or a separate SaaS application.

Developer Tools

This category includes the many tools and services used by Salesforce developers to create applications in Apex, VisualForce, JavaScript and other traditional programming languages. This layer also includes the hundreds of cloud native, or free open-source tools that are used by devops teams in DIY solutions.

Data Backup

Devops operations are responsible for major database and metadata updates. Data backup is an important function that must be integrated directly into the devops pipeline management process.

Change Intelligence

Change Intelligence is an emerging function within Salesforce devops that gives architects and developers insight into how a change may impact an existing org. This is a good example of using metadata intelligence to give architects and developers information to optimize development strategies.

Data Transformation

The process of enterprise application delivery frequently involves moving data that lives somewhere between metadata and transactional data. For example, the data required to implement Salesforce CPQ is a dynamic dataset that requires updates and tracking. And, as Salesforce Customer 360 becomes more prevalent, pipelines will need to ingest more external data sources.

Sandbox Management

Salesforce devops pipelines require the creation and management of Salesforce sandboxes. There are special security and maintenance requirements for proper sandbox maintenance.

Profile Management

Salesforce profiles and permission sets present special challenges in many devops scenarios. Profile management tools allow users to copy, manage, and deploy complex Salesforce profiles and permission sets.

Repository Management

This layer represents a Git-compatible server, which is an online storage service for source code repository management, user access, branch management, code security, and deployment artifact storage. Some Salesforce devops solutions implement low-code-friendly repositories on the Salesforce platform instead of a traditional Git server.


There is a wide variety of testing options available for Salesforce app producers. They range from tools to manage unit tests to ensuring end-to-end functionality after a Salesforce version update.


In the Salesforce world, cybersecurity concerns should touch all operational activities, starting with identity management. For devops, cybersecurity concerns narrow down to security best practices used during the development of custom applications and the configuration of the Salesforce org. Those two concerns are called developer and platform cybersecurity.

Corrections? Left Off the List?

Did your product or service get left off the list? Are you on the list but you think I got the categories wrong? Drop me a line at [email protected] and we can get that corrected. Please fill out this form to help get your product listed as quickly as possible.

Thank You for Your Support!

Thank you for your support as nears its first year anniversary. I couldn’t have done this without the support of the entire Salesforce community. In particular, I want to thank all of the people who helped me think through this project. I’ll leave your names off so you don’t get any of the blame, but your help is very much appreciated.