ISVforce Guide
jSummer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
Spring '14 (API version 30.0)
Use Managed Packages to Develop Your AppExchange Solution
How the AppExchange Security Review Works
Required Materials for Security Review Submission
Listing Readiness for Managed Packages
Check If Your Package Version Is Ready to List on AppExchange
Log In to the Partner Security Portal
Source Code Scanner on the Portal
Types of Security Review Office Hours
Schedule a Security Review Office Hours Appointment
Test Your Entire Solution
Scan Your Managed Package with Salesforce Code Analyzer
Security Review Resources
OEM User License Guide
Partner Security Portal
The Partner Security Portal is the main hub for ISV partners' security review needs. The
portal hosts the Source Code Scanner (Checkmarx). Use this tool to identify security
vulnerabilities in your solution. The portal is also where you go to schedule office hours
appointments with AppExchange security engineers and Security Review Operations team members.
Office hours provide a forum for you to ask questions about the security review process and to
discuss how to rework code that has security vulnerabilities.
-
Log In to the Partner Security Portal
To access the Partner Security Portal, you must be a Salesforce ISV partner. Connect your DevHub or packaging org to the AppExchange Partner Console. Then log in to the portal by using the credentials for that org. Logged-in users can access security scanning tools and schedule office hours appointments. -
Source Code Scanner on the Portal
To identify security vulnerabilities, we require that you run security scanning tools on your solution and all external endpoints that run independently of the Salesforce platform. he Partner Security Portal hosts the Source Code Scanner (Checkmarx). -
Types of Security Review Office Hours
Salesforce security review teams host two types of office hours for AppExchange partners. During office hours, you have direct, scheduled, web conference access to security review team members. To get answers about the submission process, attend operations office hours with Security Review Operations team members. To get help with troubleshooting security vulnerabilities, attend technical office hours with members of the Product Security team. -
Schedule a Security Review Office Hours Appointment
Access expert guidance from AppExchange security review team members through scheduled web conferences. Get answers about security review logistics and submission requirements from Security Review Operations. Troubleshoot security-related technical issues with Product Security engineers. Visit the Partner Security Portal to schedule an appointment.