Salesforce Code Analyzer is a vital tool for AppExchange partners submitting managed packages for security review. It evaluates your Salesforce codebase for security vulnerabilities and code quality issues. Running this scan is a required step in addition to using the Partner Security Portal tools—Source Code Scanner (Checkmarx) for Apex, Visualforce, and Lightning code, and Chimera for external endpoint scanning. Together, these tools ensure your solution meets Salesforce’s stringent security standards.
When submitting your solution for an AppExchange Security Review, you must include test results from Salesforce Code Analyzer alongside reports from the Source Code Scanner and Chimera. This comprehensive approach helps identify and address potential security flaws before your package goes live on the AppExchange. Following Salesforce’s multi-layered security scanning process not only protects your users but also boosts your solution’s credibility and trustworthiness.
