ISVforce Guide

ISVforce Guide: Build and Distribute AppExchange Solutions
Get Ready to Distribute on AppExchange
Use Managed Packages to Develop Your AppExchange Solution
Manage Orgs with Environment Hub
Architectural Considerations for Group and Professional Editions
Security Requirements for AppExchange Partners and Solutions
Pass the AppExchange Security Review
Prepare for the AppExchange Security Review
How the AppExchange Security Review Works
Required Materials for Security Review Submission
Listing Readiness for Managed Packages
Check If Your Package Version Is Ready to List on AppExchange
Partner Security Portal
Log In to the Partner Security Portal
Source Code Scanner on the Portal
Types of Security Review Office Hours
Schedule a Security Review Office Hours Appointment
Test Your Entire Solution
Scan Your Managed Package with Salesforce Code Analyzer
False Positives
The AppExchange Security Review Wizard
Security Review Resources
Manage Your Security Reviews
Manage Your AppExchange Listings
AgentExchange Go-To-Market App Guide
Sell on AppExchange with Checkout
Report Orders to Salesforce with the Channel Order App
Provide Free Trials of Your AppExchange Solution
OEM User License Guide
PDF

Types of Security Review Office Hours

Salesforce security review teams host two types of office hours for AppExchange partners. During office hours, you have direct, scheduled, web conference access to security review team members. To get answers about the submission process, attend operations office hours with Security Review Operations team members. To get help with troubleshooting security vulnerabilities, attend technical office hours with members of the Product Security team.

To make an office hours appointment, follow the instructions in Schedule a Security Review Office Hours Appointment.

Note

Operations Office Hours

During operations office hours, Security Review Operations team members answer questions about security review logistics and submission requirements. Typical questions include:

  • What components of the solution are in scope for the security review?
  • What types of reports and scan results am I required to provide?
  • What happens if the solution that I submit doesn’t pass the review?

Technical Office Hours

The Product Security team hosts technical office hours for when you need specific security-related technical assistance. Typical questions include:

  • How do I navigate the AppExchange security requirements?
  • What is a secure way to design and implement a specific aspect of my solution?
  • How do I address issues that the automated security scanning tools detect?
  • What does a finding in my security review report mean?
  • What security scan results can I regard as false positives?
  • How do I resolve the issues in my security review report that I think are false positives?
  • Does my reworking of the code fix the security vulnerabilities identified in the security review?