ISVforce Guide
jSummer '25 preview (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
Spring '14 (API version 30.0)
No Results
Search Tips:
- Please consider misspellings
- Try different search keywords
Use Managed Packages to Develop Your AppExchange Solution
Start an AppExchange Security Review
Edit Your AppExchange Security Review Before You Submit
Submit Your Solution for AppExchange Security Review
Update Your Returned AppExchange Security Review
Check the Status of Your AppExchange Security Review
Ask Us to Take A Second Look at Our Submission Verification Feedback
Download Your AppExchange Security Review Report
Resubmit a Returned Security Review Where All Issues Are False Positives
Resubmit a Failed Security Review Where All Issues Are False Positives
Expired AppExchange Security Review
Troubleshoot an Expired Security Review
OEM User License Guide
Manage Your Security Reviews
Manage your security reviews in the AppExchange Partner Console’s security review wizard. Submit your solution for review. Check the detailed status information that’s delivered in the wizard. Communicate directly with the teams working on your reviews. Download your review report. Submit false-positives documentation.
To distribute managed packages, Salesforce Platform API solutions, or Marketing Cloud Engagement API solutions on AppExchange, they must pass our security review.
Note
Watch the video to see how to submit your solution for review in the AppExchange Partner Console.
-
Start an AppExchange Security Review
To start a security review, launch the security review wizard from the Solutions page in the AppExchange Partner Console. You can enter partial information, then save and finish later. -
Edit Your AppExchange Security Review Before You Submit
You started a security review submission for your solution and have more information to provide before you submit. Go back to the security review wizard and continue entering information. -
Submit Your Solution for AppExchange Security Review
Submit your solution for security review in the AppExchange Partner Console. Share your solution and all required materials, and pay applicable fees. -
Update Your Returned AppExchange Security Review
You submitted your solution for security review. Then the review team returned it to you because something that they need for testing is missing or incorrect. The status of your review is Returned. Go back to the security review wizard, fix the issues, and resubmit. -
Check the Status of Your AppExchange Security Review
Find the status of your security review in the AppExchange Partner Console. Status updates appear after you submit the solution for review. -
Ask Us to Take A Second Look at Our Submission Verification Feedback
When you submit a solution for security review, the submission verification stage of your review begins. During this stage, the review teams assess everything that you included in your submission. If anything is missing or incorrect, they post feedback to the Overview page in the security review wizard and return the submission to you. If you disagree with any of the verification feedback, ask us to take a second look. There’s no charge for us to take another look at our verification feedback. -
Download Your AppExchange Security Review Report
When a solution doesn’t pass the AppExchange security review, the vulnerabilities found in your solution are documented in a review report. To download your report, go to the Overview page in the security review wizard. -
Resubmit a Returned Security Review Where All Issues Are False Positives
In the submission verification stage, if your scan results indicate security issues that you didn't address with false-positives documentation, the status of your review is set to Returned. Your review is paused until we receive the documentation. Go to the Overview page in the security review wizard, upload a false-positives report, and resubmit your solution. There’s no fee for us to evaluate false-positives documentation. -
Resubmit a Failed Security Review Where All Issues Are False Positives
If you receive the results of an AppExchange security review and you determine that all of the issues that we identified are false positives, add a false-positives document to the failed review, and resubmit. There’s no fee for us to evaluate false-positives documentation. -
Expired AppExchange Security Review
A security review expires when the reviewed solution no longer meets the criteria for distribution on AppExchange. If the expired review is for a solution that’s linked to a public listing, we remove the listing from AppExchange, but you can relist. -
Troubleshoot an Expired Security Review
The most common reasons that an AppExchange security review expires are a missed re-review, overdue review fees, and unpaid revenue sharing. Learn how to troubleshoot the cause of an expired review. -
Act on Security Review Results
Approximately 4–6 weeks after you submit a solution for an initial review, your security review is complete. Check the AppExchange Partner Console to see if your solution passed. Learn how to publicly list a solution that passed and how to request a follow-up review for a solution that didn’t. -
Periodic Security Re-Reviews on AppExchange
To help safeguard against the latest vulnerabilities, we conduct periodic security re-reviews of AppExchange solutions. These reviews are similar in scope to an initial security review, and they include automated and manual testing. You can voluntarily request a re-review of your solution, or in certain instances we notify you that your solution requires a re-review. In both cases, security review fees apply.