Need more information about feature "Managed package has passed Salesforce Security Review and is Aloha enabled" #1078
Replies: 2 comments
-
|
@manishbaberwal, I don't have the complete details to answer your questions but I'll do my best. If needed I can help round up a few other answers. One note, we typically handle support for this project inside of the Trailhead group, https://trailhead.salesforce.com/trailblazer-community/groups/0F9300000009O5pCAE. I don't know that I've seen these questions answered before so I'll do my best here. The easiest way to know that a package has been security reviewed is to look at at org that has it installed, or install it in a scratch org, and look at the Installed Packages setup page. Look at the "AppExchange Ready" column. DLRS should show "Passed." Some context: https://salesforce.stackexchange.com/a/267105/7238 Date when Salesforce Security Review was conducted? -- I don't have the exact date but it was many years ago. With the transition of this project to be community owned we're actively working on a refreshed security review. Hopefully that helps settle some anxiety. If the customer is still concerned we recommend they review the source code to better understand it. DLRS doesn't engage external systems so all the data stays local. It also doesn't have an end-user UI so that simplifies a lot of the security concerns I personally see come up. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your reply.
I would provide this information to the customer and confirm if they
require any additional details.
Regards,
Manish Baberwal
…On Sun, 10 Oct 2021 at 03:21, Heber ***@***.***> wrote:
@manishbaberwal <https://github.com/manishbaberwal>, I don't have the
complete details to answer your questions but I'll do my best. If needed I
can help round up a few other answers. One note, we typically handle
support for this project inside of the Trailhead group,
https://trailhead.salesforce.com/trailblazer-community/groups/0F9300000009O5pCAE.
I don't know that I've seen these questions answered before so I'll do my
best here.
The easiest way to know that a package has been security reviewed is to
look at at org that has it installed, or install it in a scratch org, and
look at the Installed Packages setup page. Look at the "AppExchange Ready"
column. DLRS should show "Passed."
Some context: https://salesforce.stackexchange.com/a/267105/7238
Date when Salesforce Security Review was conducted? -- I don't have the
exact date but it was many years ago. With the transition of this project
to be community owned we're actively working on a refreshed security review.
Which package version was reviewed as part of Salesforce Security Review?
-- I don't have this information but if it is important I can get it.
Suffice it to say it was many many versions back.
Any certificate/email from Salesforce confirming the review was
successfully completed? -- See note above on how you can see this for
yourself.
Hopefully that helps settle some anxiety. If the customer is still
concerned we recommend they review the source code to better understand it.
DLRS doesn't engage external systems so all the data stays local. It also
doesn't have an end-user UI so that simplifies a lot of the security
concerns I personally see come up.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1078 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIUEJY4JLIL25AEJTFPNONDUGBTZVANCNFSM5FSMEJ3Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
Beta Was this translation helpful? Give feedback.
-
Hi,
We are planning to use this managed package for one of our implementations. The customer's security team has requested if further details can be provided about the Salesforce Security Review conducted for this managed package. They require the following information:
Would really appreciate if this information can be shared with us so that we are able to discuss this with the security team and help boost their confidence in this really helpful package. Please reach out to me on [email protected] if this information cannot be shared publicly on this forum.
Thanks in advance for any help we can get to resolve this.
Regards,
Manish Baberwal
Beta Was this translation helpful? Give feedback.
All reactions