Understanding the Salesforce Security Review with Amnon Kruvi

London Salesforce Dev’s Meet – April 2021

The latest installment of the London Salesforce Developers’ Trailblazer community meet (I’m sure the title gets longer every month) was another ripper, and this time it was a musical one.

We were once again honoured to have our co-organiser – and Salesforce MVP – Amnon Kruvi presenting for us, and this time on Understanding the Salesforce Security Review.

The Salesforce Security Review is a process that all apps need to go through if they’re to be listed on Salesforce’s AppExchange (this applies to paid-for as well as free apps), and it’s notorious for tripping folk up. At MobileCaddy we have recently just been through this process with our latest product Caddify – a no-code Companion App builder – and I’m all too aware of the pitfalls of the process (my scars are still raw). This is not to say that I’m not a fan of the SR (security review) process as a whole, as our application certainly improved in some areas having gone through the process (and I personally learnt lots of useful things about security too). The SR is, however, an undertaking that shouldn’t be breached without being prepared for what lies ahead… and this is what Amnon most tunefully delivered in his talk.

Thanks to MobileCaddy for their continued support in processing the videos. And be sure to subscribe to the London Salesforce Devs YouTube channel to be notified of future releases.

If you enjoyed this video you might want to also check out Amnon’s debut on Invocable Methods which is incredible (though it’ll be your earworm for at least a week).

After watching the session you’ll be sure to have picked up lots of points including to Think about Security at Every Stage of your application, and I have a couple of extra tips;

  1. Join the Security Review Partner Chatter Group – The partners and Salesforce personnel in this group are an invaluable and supportive bunch, and their guidance and advice is gold. In fact join the group before your first submission and ask about anything that you have queries on.
  2. Document ALL THE THINGS – If you’re app needs without sharing or does anything at all that sways from the absolute best-practice then make a note of it in your False Positives document.
  3. Take screenshots and copy the text of your Security Review wizard forms answers. If you fail your first submission (which very well may happen) you’ll need to re-enter all these details again.

The London Salesforce Developer’s Trailblazer community group is run by myself, Keir Bowden, Amnon Kruvi, and Erika McEvilly, and we meet every month. You can join our group here, and also follow us on Twitter and see much of our past content on our YouTube channel. We’re always looking for new speakers who are willing to share their knowledge with our community, so if you feel like contributing please get in touch.

As usual big thanks must go to not only my fellow organizers but also our incredible speaker Amnon, our sponsors MobileCaddy and BrightGen, and Salesforce for providing us with some certification vouchers to give away as prizes to our attendees.