FAQ-000939 - External Service Security Testing / Scanning Tool Troubleshooting

If you're unable to run a security scan against a required third-party endpoint, here's what you should do: 1. Document the reasons why the scan couldn't be completed, including an explanation of the issue and any attempts made to resolve it. 2. Provide this detailed information during the submission process. 3. Request a one-time exception by opening a case on the support portal and providing the necessary context. 4. Whenever possible, use a staging environment for scanning instead of a production environment. These steps help address the limitation and provide a path forward for the security review process.

The FAQ content is already well-structured and accurate. No changes to the answer are needed as it properly addresses the procedural steps for handling situations where security scans cannot be completed against third-party endpoints. The answer is clear, concise, and provides actionable steps. For the related security rule: I selected ApexInsecureEndpoint because this FAQ discusses security scanning of third-party endpoints, and the ApexInsecureEndpoint rule is specifically designed to detect insecure endpoint usage in Apex code. When developers are unable to run security scans against required third-party endpoints (as discussed in this FAQ), the ApexInsecureEndpoint rule becomes particularly relevant as it helps identify potential security issues with external endpoint integrations that might not be caught through external scanning. The FAQ's focus on 'required third-party endpoint' scanning directly relates to what the ApexInsecureEndpoint rule is designed to detect and prevent.