Salesforce DevOps Glossary
Plain-English definitions for the Salesforce DevOps terms that come up in every release, from change sets to rollback.
1GP (First-Generation Packaging)
Salesforce's original way to build packages, made by uploading straight from an org instead of code in Git.
Read definition →2GP (Second-Generation Packaging)
Salesforce's modern packaging model that builds packages from code in version control instead of clicking through an org.
Read definition →Ancestry
The declared lineage between package versions that tells Salesforce which prior version a new one is meant to upgrade from.
Read definition →Apex Test Class
Production deployments require Apex test classes to run and pass; skipping or gaming coverage is one of the most common release-day surprises.
Read definition →Apex Test Coverage
The percentage of Apex code executed by tests; Salesforce requires at least 75% to deploy to production.
Read definition →Bulk API
Salesforce's REST-based API for asynchronously loading, updating, or deleting large volumes of record data.
Read definition →Change Set
Salesforce's native, point-and-click way to move metadata between connected orgs, one manual upload at a time.
Read definition →CI/CD
Automatically building, testing, and shipping Salesforce changes as they're committed, instead of batching big releases.
Read definition →Connected App
A connected app is how any external tool authenticates to Salesforce, and its OAuth settings are metadata that most teams manage by hand in each org.
Read definition →Custom Metadata Type
Custom metadata records deploy as metadata, not data, which makes them the standard way to move configuration between orgs without a data migration step.
Read definition →Custom Setting
Custom settings store data, not metadata, so their values usually need a separate data migration step that a standard deployment won't handle.
Read definition →Delta Deployment
Deploying only the metadata that changed since the last release, instead of the whole package.
Read definition →Deployment Connection
A deployment connection is what a DevOps tool authenticates through to move metadata into an org, and a misconfigured one is the most common reason a pipeline just stops.
Read definition →Deployment Plan
The ordered steps, dependencies, and manual actions required to ship a Salesforce release safely.
Read definition →Deprecate (Metadata)
Marking a metadata component as no longer supported, without deleting it, so existing subscribers who reference it aren't broken.
Read definition →Destructive Changes
Salesforce deployments that remove metadata, tracked separately from additive changes so deletions stay deliberate.
Read definition →Dev Hub
The control-plane org that creates scratch orgs and builds package versions for a team.
Read definition →Environment Hub
A Salesforce Labs app for connecting and managing multiple related orgs, sandboxes, Dev Hubs, and trial orgs, from a single hub org.
Read definition →External Credential
External credentials separate authentication configuration from the endpoint itself, replacing the older pattern of baking auth details into a single named credential.
Read definition →Feature Branch
A short-lived branch isolating one feature's work, often paired with its own scratch org in Salesforce.
Read definition →Field-Level Security
Field-level security controls who can see or edit a field independent of the object and page layout it appears on, and it's easy to miss in a deploy.
Read definition →Flow Deployment
Deploying a new flow version doesn't activate it, and an inactive flow silently does nothing until someone flips the switch.
Read definition →FMA (Feature Management App)
An ISV tool for turning individual features on or off per subscriber license, without shipping a new package version.
Read definition →Git Branching Strategy
How a team organizes parallel work in Git, and for Salesforce, how that maps to its org structure.
Read definition →Install Key
An optional passcode required to install a package, used to gate unlisted or pre-release packages to specific customers.
Read definition →LMA (License Management App)
A free Salesforce app, installed in a dedicated License Management Org, that tracks who installed your package and which version they're on.
Read definition →Managed Package
A package that hides its code so companies can sell it on AppExchange without exposing how it works.
Read definition →Manifest
The XML file that tells the Metadata API exactly which components to retrieve or deploy.
Read definition →Metadata API
Salesforce's API for retrieving and deploying org configuration, the foundation nearly every DevOps tool is built on.
Read definition →Metadata Coverage Report
Salesforce's official reference for which metadata types the Metadata API and Tooling API support, and how completely.
Read definition →Metadata Format
The Metadata API's native flat structure, one top-level folder per component type, driven by package.xml.
Read definition →Named Credential
A metadata component that stores an external system's endpoint and auth details for reuse in Apex and Flow.
Read definition →Namespace
A unique prefix, up to 15 characters, that scopes every component in a package to avoid collisions in subscriber orgs.
Read definition →Org Shape
Not every sandbox has the same limits as production, and mismatched org shape is a common source of “works in sandbox, fails in prod” bugs.
Read definition →Org-Dependent Unlocked Package
An unlocked package built against metadata that stays outside the package, for brownfield orgs that can't fully modularize.
Read definition →Package Alias
A readable name in sfdx-project.json that maps to a package or package version ID, so scripts and CI don't hardcode opaque IDs.
Read definition →Package Dependency
A declared requirement that one package version needs another package version already installed before it can build or install.
Read definition →Package Version
An immutable, uniquely numbered build of a 2GP package, the unit every install and upgrade is based on.
Read definition →package.xml
The manifest file that tells the Metadata API exactly which components to retrieve or deploy in a release.
Read definition →Patch Version
The third number in a package version, reserved for fixes shipped off an already-released version without a full new release.
Read definition →Permission Set Group
Permission set groups bundle multiple permission sets into one assignable unit, but their combined access recalculates asynchronously, not instantly.
Read definition →Permission Set vs. Profile
Every user has one profile; permission sets layer additional access on top, and Salesforce recommends the latter.
Read definition →Promoted Package Version
A package version moved from Beta to Released status, the only status Salesforce allows installing into production.
Read definition →Push Upgrade
A scheduled upgrade that installs a newer package version into subscriber orgs automatically, without the subscriber initiating it.
Read definition →Quick Deploy
Quick Deploy skips re-running Apex tests for a deployment that already passed validation, but only within a tight time and org-state window.
Read definition →Record Type
Record types control which picklist values and page layout a user sees, and their deployment depends entirely on picklist values already existing in the target org.
Read definition →Release Branch
A branch cut to stabilize a set of features before they ship, usually mapped to a UAT org.
Read definition →Retrieve vs Deploy
The two directions every Metadata API operation moves in: pulling from an org, or pushing into one.
Read definition →Rollback
Undoing a deployment that shipped a problem, something Salesforce doesn't support natively for metadata.
Read definition →Sandbox Seeding
Loading realistic sample or masked data into a sandbox or scratch org so testing reflects real conditions.
Read definition →Scratch Org
A temporary, source-driven Salesforce environment created on demand and discarded when its work is done.
Read definition →Scratch Org Definition
The JSON file that spells out the edition, features, and settings a new scratch org should be created with.
Read definition →Security Review (AppExchange)
Salesforce's mandatory review, static and dynamic analysis plus manual checks, that a package must pass before AppExchange listing.
Read definition →SFDX Auth URL
A single string encoding an org's OAuth credentials, used to authenticate Salesforce CLI in CI without a browser-based login.
Read definition →sfdx-project.json
The config file at the root of every source-format project, declaring package directories, namespace, and package dependencies.
Read definition →Shape
A captured snapshot of an org's edition, features, and limits, used to create scratch orgs that mirror it instead of starting bare.
Read definition →Sharing Rules
Sharing rules extend record access beyond the org-wide default, and they deploy as metadata but the access they grant recalculates as a background job.
Read definition →Source Format
Salesforce CLI's folder-per-component layout, organized to work naturally with Git rather than the Metadata API's raw structure.
Read definition →Source Tracking
Salesforce's built-in way of detecting what metadata changed in a scratch org or supported sandbox.
Read definition →Subscriber Org
Any org, sandbox or production, that has a managed or unlocked package installed, as opposed to the org that built it.
Read definition →Tooling API
A synchronous API for working with individual metadata components, used by IDEs and CLI tools for fast, single-file operations.
Read definition →Unlocked Package
A package that installs cleanly across orgs without Salesforce hiding its code or logic.
Read definition →Validation Rule
A validation rule that passes in a sandbox can start blocking saves in production the moment real data doesn't match the rule's assumptions.
Read definition →Start free. No credit card, no install, no commitment.
Set up in under 15 minutes. No DevOps hire needed.
