ISVforce Guide

Welcome to the ISVforce Guide
ISVforce Quick Start
Grow Your AppExchange Business
Design and Build Your Solution
Package and Test Your Solution
Pass the AppExchange Security Review
Publish Your Solution on AppExchange
What Is the AppExchange?
Business Plans for AppExchange Listings
Submit a Due Diligence and Compliance Certification
Publish on AppExchange
Connect a Packaging Organization to AppExchange
Create or Edit Your Provider Profile
Create or Edit an AppExchange Listing
Add a Business Plan to an AppExchange Listing
Make Your AppExchange Listing Effective
Choose an Installation Option
Register Your Package and Choose License Settings
Complete the Security Review Cycle
Required Materials for Security Review Submission
Security Review and AppExchange Listing Fees
Update Your Credit Card Information
Submit Your Solution for Security Review
Act on Security Review Results
Periodic Re-Reviews
Email Notifications
Collect AppExchange Leads
Analytics Reports for Publishers
Update the Package in an AppExchange Listing
AppExchange FAQ
Sell on AppExchange with Checkout
Monitor Performance with Analytics for AppExchange Partners
Manage Orders
Manage Licenses
Manage Features
Provide a Free Trial of Your Solution
Support Your AppExchange Customers
Update Your Solution
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Security Review and AppExchange Listing Fees

When you submit your solution for an initial security review, you pay security review and AppExchange listing fees. We waive the fees for solutions that are distributed for free on AppExchange. If we find security vulnerabilities in your solution, you can fix and resubmit it a limited number of times at no extra charge.

Expect to pay a one-time, upfront total of $2,700 USD to initiate the security review process for most solutions. This payment includes a $2,550 security review fee and $150 first-year AppExchange listing fee. Also expect to pay the $150 AppExchange listing fee annually after the first year. The annual listing fee includes reviews for updates to solutions already listed on AppExchange.

Fees are refundable. Refund requests must be made within 180 days of payment.

If you have questions about security review or listing fees, contact your Partner Account Manager.

Here’s a detailed breakdown of the fees.

Review Type Security Review Fee Annual Listing Fee
Initial review of a paid solution $2,550 USD
  • $150—first-year fee is added to the security review fee and due upon submission
  • $150 charged annually after the first year of listing
All reviews of free solutions No charge
  • No charge
Follow-up review of a paid solution resubmitted after addressing issues detected in a previous security review No extra fee—a limited number of follow-up reviews are included in the security review fee paid at original submission of solution
  • First-year listing fee paid at initial review submission
  • $150 fee charged annually after first year of listing
Periodic re-review of a previously approved, listed, paid solution No extra fee—cost included in the security review fee paid at original submission of solution
  • First-year listing fee paid at initial review submission
  • $150 fee charged annually after first year of listing

Be prepared to pay the fees when you submit your solution in the security review wizard for the first time. In the wizard, you can also indicate that you plan to distribute your solution for free. We don’t charge fees for solutions that are distributed for free on AppExchange.

When you submit a solution for review using the wizard, you’re always prompted to confirm your credit card information. However, you’re not always charged.

Often, the initial security review and annual listing fees include follow-up and periodic reviews. For example:
  • You resubmit a solution that fixes security issues discovered in an initial review. Your resubmission exclusively fixes issues discovered in an initial security review, and you fix the code in the existing package. We conduct a follow-up review. If you make other revisions, such as functionality changes, we require that the revised solution go through an initial security review. That’s also true if you spin up a new package for the revised code.
  • You list a new version of a package that we previously approved.. You upload the new version to AppExchange and associate it with your listing. To identify security vulnerabilities, we run a source code scan. This scan is included in the annual listing fee.
  • You create a managed package to upgrade your offering. You develop the new version in a package that we previously approved. The upgrade is automatically approved when you submit it for review. You can immediately associate the new version to your listing. We review the new version 6 months to 2 years after the solution is listed, depending on potential risk of the solution. The review is included in the security review fee.