Our Salesforce lead Consultant, Greg Smith, provides some tips and insights into successfully navigating the Salesforce Security Review for a custom application.
Whether building your own custom app or a bespoke solution for a client, you are at some point going to be exposed to the Salesforce Security Review process.
You will have done your homework and reviewed all the formal documentation; you will have read and digested a vast majority of posts on the Salesforce communities; you may have even taken the time and gone through the associated Trailhead modules and projects, but there are still concerns about what the review may find.
Well, first of all, relax, take a deep breath, it’s really not as bad as some make out.
All new Salesforce releases along with feature developments only happen in Lightning Experience, the new, reimagined Salesforce user interface. Time Technology made a commercial decision to embrace the Lightning Platform in its early stages and promote early adoption for our clients.
Embracing such a new, almost infant technology at the time was a big step, but one we would soon understand was in the right direction. The Salesforce team had created a simple but powerful point-and-click tool that made it easy to create custom apps for Salesforce mobile and Lightning Experience.
So, the big question is, how does this help with the security review?
Well simply by leveraging Salesforce pre-built components and standard features, you can build reasonably complex applications without having to develop custom code in-house.
Salesforce provides you with “Standard Lightning Components” which can be utilised to quickly add functions and features to a lightning page. You could enable a chatter feed to your record page, add related documents as a list or visually as a graph/chart or even attach emails. These Lightning components replace countless man-hours of custom development and code which would normally be subject to extensive testing in-house and then by the security review team.
You can of course still create your own Custom Lightning Components or have them created by someone else and then installed into your application. These will need to have their own Test Cases and need to reach the minimum 75% code coverage. You could also find Third-Party Components on the AppExchange which may already contain configured components that can be used. This extremely flexible platform ensures the Lightning Experience really is the way forward.
In summary, using Salesforce Lightning Components and pre-built features will have an enormous impact in helping you through the Security Review process.
Oh – and make sure you adopt good practices in the documentation you create. Design documents, test scripts, cases and results will all help with the review, and throw in a User guide if you have one!