We don't cross our fingers and hope our code will pass Salesforce Security Review... We know it will.


The CodeScience Security Review engagement provides security scans, analysis, and assistance to prepare your application for Salesforce Security Review.

At CodeScience, security is a critical part of every step of our process, from design to architecture to development. Salesforce shares our obsession: trust is issue #1. Salesforce Security Review is required for any ISVForce or OEM application in the Salesforce ecosystem, as it validates that the application is architected and coded with security best practices.

Because your app will run on their platform, Salesforce is interested in:

  • the security of your code
  • any applications (web, mobile, and desktop) that your app integrates with.

Which means that the Security Review process isn’t just complex, it’s constantly evolving and not for the faint of heart. Fortunately, that’s our area of expertise!

We developed our own proprietary, security testing methodology which allows us to guarantee our own work will pass security review. From vulnerability and penetration testing, to Apex code reviews and scanning, to working with Salesforce to address additional threats, we bring more experience—and success—than any other organization. CodeScience has brought 220+ applications to market and through the Security Review process. Now, we offer you the ability to benefit from our expertise - even if we did not develop your application in the first place!

The CodeScience Security Review engagement is intended to:

  • Complete the required security scans for submitting the application to Salesforce Security Review
  • Provide best practice guidance for remediating any issues identified by preliminary scans
  • Assist with preparing application documentation for Salesforce Security Review


CodeScience will prepare for and conduct a number of meetings to get the application ready for submission to Security Review.  The process will focus on:

  • Educating CodeScience on:
    • Your business model
    • Your application(s)
  • Educating you on:
    • Salesforce Security Review processes
    • Salesforce Security Review preparation
  • Salesforce Security Review documentation
  • Configuring security scanning tools
  • Conducting preliminary source code and endpoint scans
  • Identifying security issues for remediation by the your team
  • Providing guidance on security issue remediation
  • Identifying security issue “false positives”
  • Preparing documented explanations for security issue false positives
  • Conducting final source code and endpoint scans


  • Up to two (2) preliminary endpoint scans and reports
  • Up to two (2) preliminary source code scans and reports
  • Documented explanations for any false positives
  • Advance review of false positives with the Salesforce Security Review team
  • A final endpoint scan and report
  • A final source code scan and report

Complete the form now to schedule an introduction with our team today, and jumpstart your Security Review process.