ISVforce Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
ISVforce Guide: Build and Distribute AppExchange Solutions
Get Ready to Distribute on AppExchange
Use Managed Packages to Develop Your AppExchange Solution
Manage Orgs with Environment Hub
Architectural Considerations for Group and Professional Editions
Security Requirements for AppExchange Partners and Solutions
Pass the AppExchange Security Review
Prepare for the AppExchange Security Review
How the AppExchange Security Review Works
Required Materials for Security Review Submission
Listing Readiness for Managed Packages
Check If Your Package Version Is Ready to List on AppExchange
Partner Security Portal
Test Your Entire Solution
Scan Your Managed Package with Salesforce Code Analyzer
False Positives
The AppExchange Security Review Wizard
AppExchange Security Review Stages
AppExchange Security Review Feedback in the Wizard
Feedback About Submission Verification
Feedback During Technical Testing
Feedback About Your Completed Review
Security Review Resources
Manage Your Security Reviews
Manage Your AppExchange Listings
Sell on AppExchange with Checkout
Report Orders to Salesforce with the Channel Order App
Provide Free Trials of Your AppExchange Solution
OEM User License Guide
PDF

Feedback About Your Completed Review

There are two possible AppExchange security review outcomes. Either your solution passed or it didn’t. In either case, the feedback section contains tips for what to do next.

If your solution passed, congratulations! You’re one step closer to publicly listing your solution on AppExchange. If your solution didn’t pass, it means the Product Security team detected security issues in your solution. You can’t list the solution on AppExchange or distribute it to customers yet. Go to the Overview page and download your review report. It lists the types of security issues and vulnerabilities that we detected but not every instance.

If you agree that an issue in the report is a valid vulnerability, remediate your solution. If you believe that an issue doesn’t pose a security risk, document it as a false positive.

Address every issue, then:

  • If you remediated your solution and there are no false positives, start a new review from the Solutions page. After you enter all the required info, request a follow-up review. For API solution types, you must create another solution for the follow-up review. There’s a fee to retest a remediated solution.
  • If you remediated your solution and there are false positives, start a new review from the Solutions page. Enter all the required information and upload a false-positives report. Then, request a follow-up review. For API solution types, you must create another solution for the follow-up review. There’s a fee to retest a remediated solution
  • If you only documented false positives, go to the Overview page in the security review wizard, upload a false-positives report, and resubmit the same review. There’s no fee for us to evaluate a false-positives report.

If you have additional questions or concerns, book a technical office hours appointment so that Product Security can work with you on your resubmission.