If your org is quite loaded or if you have many development teams it's always hard to control the quality of code before pushing the code to the Production. Though Salesforce recommends code auditing once every year, sometimes it's practical to have a quick audit tool which will enforce all the best practices and rulesets in your delivery contents.
There are a lot of 3rd party tools to obtain the quality of code. You can also build your own tool depending on the list of predefined rules. Here is list of rules that I think are relevant at enterprise scale.
- Apex Classes with seeAllData=true
- SOQL statements using negative operators (NOT LIKE, !=)
- SOQL statements inside iterators
- Apex Classes using "without sharing"
- SOQL statements without "WHERE" clauses
- DML operations inside iterators
- Visualforce Pages using outputLinks with hardcoded URLs
- Visualforce Pages using meta refresh
- Visualforce Pages using actionpoller with interval <= 60
- Cross Site Scripting Issues
- SOQL Injection
- SOSL Injection
- Access Control Issues
- Hardcoding Trigger.new
- Hardcoding Trigger.old
- Not bulkifying apex methods
- Async (@future) methods inside loops
- Multiple triggers on same object
- Static Resource referencing
- Sharing Violations
- Reflected and Stored Cross Site Scripting
- Respecting Pre defined naming conventions
- Code without comments
- Finds "SendEmail" (limited by Force.com) invocations in loops
- No ByPass function in Triggers
- No ByPass function in Validation Rules
- No ByPass function in WorkFlow
- No System.assert in the code
- No System.debug in the code
Please add you feedback as a comment. Thank you.