EducationEducation
- AppExchange Partners
-
Consultants
- overview
-
plan
- Salesforce_Jumpstart
- Annual_Contract_Value
- Consulting_Partner_Signup
- Consulting Sign Up
- Enrollment
- Expanded_Knowledge
- Fullforce_for_Partners
- Consulting_Partner_Benefits
- Partner_Navigator_Program
- Consulting_Partner_Program
- Global_Strategic_Tier
- Consulting_Program
- Partner_Navigator
- Fullforce_Old_Page
- Masters
- build
- sell
- market
- manage
-
Resellers
-
Reseller Marketing Journey
- Get_Organized_Before_You_Get_Started
- Incorporating_Salesforce_Into_Your_Brand
- Crafting_Your_Marketing_Strategy_And_Plan
- Announcing_Your_Salesforce_Partnership
- Build_Sales_Pipeline
- Executing_Lead_Gen_Email_Campaign
- Building_A_Social_Media_Prescence
- Host_a_Learning_Event_About_the_Power_of_Salesforce_Sales_Cloud
- Third_Party_Event_Sponsorship
-
Reseller Marketing Journey
-
General Topics
-
Topics (A-Z)
- AppExchange_Listing
- Boost
- Admin_Training
- Branding_Guidelines
- Case_Packs
- Certifications
- Customer_Stories
- Custom_Metadata_Types
- Due_Diligence_Review
- Dreamforce
- Education Home Page
- Einstein_Account_Based_Marketing
- Environment_Hub
- GDPR
- Industries
- Legal_Center
- Lightning_Bolts_Launch
- Lightning_Ready
- Lightning_Now
- nextlevel_for_Partners
- Partner_Ohana_Hub
- Pardot_Integrations
- Partner_Account_Manager
- Partner_Business_Org
- Partner_Communications
- Partner_Community_User
- Partner_Connect
- Partner_Forum
- Pardot_Resource_Central
- Pardot_B2B_Marketing_Analytics
- Partner_Events
- Partner_Marketing_Center
- Partner_Orgs
- Partner_Program
- Partner_Roadmap
- Partner_Success_Services
- Partner_Support
- Partner_User_Groups
- Power_Hour
- Power_Hour_Replays
- PR_Guidelines
-
Products
- B2C_Commerce_for_LINK_Tech_Partners
- B2C_Commerce
- Community_Cloud
- Einstein
- Einstein_Analytics
- Heroku
- Lightning_Bolt
- Live_Message
- Marketing_Cloud
- myTrailhead
- Pardot
- Premier_Success
- Quip
- Sales_Cloud
- Salesforce1
- Salesforce_Advantage
- Salesforce_CPQ
- Salesforce_DMP
- Salesforce_IoT
- Salesforce_Platform
- Service_Cloud
- Training_Reseller
- Data_for_Partners
- Desk_for_Partners
- Partner_CFP_Submission_Received
- Product_Development_Outsourcer
- Release_Readiness_for_Partners
-
Roles
- Role_PC_Administrator
- Role_AppExchange_Partner_Operations
- Role_AppExchange_Partner_Technical
- Role_AppExchange_Partner_Sales
- Role_AppExchange_Partner_Marketing
- Role_Consulting_PostSales
- Role_Consulting_PreSales
- Role_Consulting_Sales
- Role_Consulting_SuccessServices
- Role_Consulting_Practice_Lead
- Role_Consulting_Marketing
- Role_Salesforce.org_Higher_Education
- Role_Salesforce.org_Nonprofit
- Sales_Central
- Salesforce.org
- Salesforce_Engage
- Salesforce_Orgs
- Salesforce_DX
- Salesforce_Proficiency_Pack
- Sales_Training
- Sponsorships_Partners
- SPCMA
- Talent_Exchange
- Trailhead_For_Partners
- Training
- Webassessor_for_Partners
- Sponsorships
- Partner_Success_Basics
- Marketing_Cloud_Email_Specialist_Prep_Guide
- Test1
- Brain_Dating
- Checkout_Publish
- Funding_Options
- Partner_Online_Guide
- Social_Media
-
Topics (A-Z)
Partner Security Portal Overview: Office Hours and Security Scans
The Partner Security Portal is the primary destination to schedule technical office hours and perform security scans. Office hours are a great resource to:
- Ask the Security Review team questions about the security review process and submission logistics
- Connect with the Product Security team on technical aspects of your app, such as security vulnerabilities
Before submitting a package to Security Review, you must perform Checkmarx and/or Chimera scans via the Partner Security Portal. Exactly which scan or scans are required depends on the architecture of your app.
How to Log in to the Partner Security Portal
1. Ensure a Developer Edition org is attached to your Organizations tab in the Partner Community
2. To link an org to the Partner Community, navigate to the Publishing tab, then the Organizations subtab
3. Enter your username and password for the org to be linked (make sure the user has Author Apex permission enabled)
4. Use the same credentials to log in to the Partner Security Portal
Checkmarx: This scan detects security issues in apps built with Force.com, Visualforce page, or Lightning components.
Chimera: This scan combines a series of open-source scanners to check your web-based application.
Q: Where can I learn more about the security review process for AppExchange Partners (ISVs)?
A: Learn more here >
Q: What should I do if I have questions about office hours?
A: Ask a question in the Security Review Collaboration Group >
Q: What is the difference between Checkmarx and Chimera?
A: The Checkmarx scan detects security issues in apps built with Force.com, Visualforce page, or Lightning components. Chimera combines a series of open-source scanners to check your web-based application.
Q: Where can I learn more about Checkmarx?
A: Learn more here >
Q: Where can I learn more about Chimera?
A: Learn more here >
Q: Where do I go if I have questions about the scanning process before security review?
A: Learn more about Checkmarx and the scanning process here >
