About Source Scanner Portal

Source Scanner Portal is a centralzed portal that lets you track and manage your Force.com SecurityScans. It lets you schedule scans, download scan reports, search all the scans for your org and manage scan credits for your orgs.

Using Source Scanner Portal

Before logging into the Portal, make sure to add the packaging org (the org which contains the code for your AppExchange listing) to the AppExchange Publisher Console. If you are having problems please refer to this doc.

Please log in to the Source Scanner Portal with your packaging org user credentials. You need to either be an Admin in the org or need to have the “Author Apex” user permission. Once logged in, our system will need to verify some details. You will get an email once the verification is done. You can login again and start using the app.

To start a New Scan, follow the below steps.

  1. Click on “Create New Scan”.
  2. Select the org that you want to scan from drop down.
  3. Provide a username for a user that has “Author Apex” permission in the selected org.
  4. Select the type of scan.
  5. Click “Submit Scan”.

Beta Service

Please note that Source Scanner Portal is still in Beta. If you have feedback or have encountered a bug, please report it to SourceScannerPortal@salesforce.com. We will try to fix it at the earliest.

FAQ

After clicking login, I get a screen saying “Verification in progress”
We need to verify that the user you logged in has the correct user permissions (AuthorApex). It will typically take upto 30 minutes for the verification to complete. Once the verification is completed you will get an email.

What are Credits?
Credits is number of scans available. Each partner gets 3 security scans per security review submission. The number (Credits Left) shows the total remaining scans available for the partner. When you click on "Create New Scan" button it shows the credits available for each org that you can scan. If the credits is zero, you will not be allowed to submit a scan.

I have questions regarding my scan report.
Please refer to Force.com Scanner Help Page. If you have any questions, we are happy to help. Please schedule an office hours appointment with the Salesforce Product Security team.

Can I scan my web application using this Portal?
Source Scanner Portal can scan only your Force.com code. For web application scanning,please use Chimera Portal

Can I use Source Scanner Portal if I am not an ISV Partner?
At this time, Source Scanner Portal is only available to AppExchange Partners developing integrations for the AppExchange.

How long does a scan usually take?
Please refer to Source scanner FAQ

I encountered a bug, how do I report it?
Please send bug details to SourceScannerPortal@salesforce.com.