ISVforce Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
ISVforce Guide: Build and Distribute AppExchange Solutions
Get Ready to Distribute on AppExchange
Use Managed Packages to Develop Your AppExchange Solution
Manage Orgs with Environment Hub
Architectural Considerations for Group and Professional Editions
Security Requirements for AppExchange Partners and Solutions
Pass the AppExchange Security Review
Prepare for the AppExchange Security Review
Manage Your Security Reviews
Start an AppExchange Security Review
Edit Your AppExchange Security Review Before You Submit
Submit Your Solution for AppExchange Security Review
Update Your Returned AppExchange Security Review
Check the Status of Your AppExchange Security Review
Ask Us to Take A Second Look at Our Submission Verification Feedback
Download Your AppExchange Security Review Report
Resubmit a Returned Security Review Where All Issues Are False Positives
Resubmit a Failed Security Review Where All Issues Are False Positives
Expired AppExchange Security Review
Troubleshoot an Expired Security Review
Act on Security Review Results
Periodic Security Re-Reviews on AppExchange
Submit Your AppExchange Solution for Periodic Security Re-Review
Manage Your AppExchange Listings
Sell on AppExchange with Checkout
Report Orders to Salesforce with the Channel Order App
Provide Free Trials of Your AppExchange Solution
OEM User License Guide
PDF

Periodic Security Re-Reviews on AppExchange

To help safeguard against the latest vulnerabilities, we conduct periodic security re-reviews of AppExchange solutions. These reviews are similar in scope to an initial security review, and they include automated and manual testing. You can voluntarily request a re-review of your solution, or in certain instances we notify you that your solution requires a re-review. In both cases, security review fees apply.

When you upgrade a managed package version of a solution that passed security review, you don’t go through the full review process again. You can immediately associate the new version to your AppExchange listing.

To identify which listed solutions are due for re-review, we consider potential risk and the amount of time since the solution was listed. To determine potential risk, we run risk-factor reports. If your solution shows significant change, it’s likely that we require a re-review. However, a low risk factor can mean that your solution isn’t flagged for re-review.

If we determine that a re-review is required, we send an email notification to the security review contact listed on the Company Info page of the AppExchange Partner Console. We also update the security review value in the Partner Console. In the Security Review area (1) on the Solutions page, when a solution version passes review, the value is set to Passed (2) and the Listing Readiness value is set to Ready to List (3). When a re-review is required, the security review value is changed to Start Review (4).

A sample solution with two versions and callouts in the Listing Readiness and Security Review columns

Even if a re-review isn't required, you can voluntarily request one. A voluntary review is an option if the solution version's security review status is Request Re-Review. One reason to voluntarily request a re-review is to show a more recent reviewed version and date (1) on your AppExchange listing.

The details tab of an AppExchange listing with a callout around the last reviewed version and date of the solution associated with the listing

If your solution doesn't pass the re-review because we find that it no longer meets our security standards, we also notify you by sending an email to the security review contact listed on the Company Info page of the AppExchange Partner Console. We provide a timeline for you to remedy the issues, typically 60 days. In extreme cases, we pull the AppExchange listing from public viewing. Before you can relist it for distribution, you must fix the security issues and submit it for a follow-up review.