FAQ-001230 - Marketing Cloud Security / Packaging and Delivery Requirements

For Marketing Cloud app components in AppExchange packages, the following requirements must be met: 1. **Credentials**: Provide credentials to the Marketing Cloud environment. 2. **Security Scans**: Include a Dynamic Application Security Test (DAST) scan report. 3. **False Positives**: Submit documentation for any false positives, if applicable. 4. **Solution Documentation**: Provide detailed documentation for the solution. 5. **Installation**: Ensure the platform includes an installation link or file. For mobile app testing: - Provision the app for all intended platforms. - For iOS, use TestFlight or ad hoc deployment. - For other platforms, provide the app in a file format, such as an Android Packaging (.apk) file. Category: Marketing Cloud Security Subcategory: Packaging and Delivery Requirements

The main improvement needed is correcting 'test flight' to 'TestFlight' as it's a proper noun referring to Apple's official beta testing service. This ensures accuracy and professionalism in the documentation. Regarding security rules selection: - **AvoidHardcodedCredentialsInFieldDecls**: Relates to the 'Credentials' requirement mentioned in point 1, as Marketing Cloud integrations must avoid hardcoded credentials in field declarations - **AvoidHardcodedCredentialsInVarAssign**: Connects to credential management practices when providing Marketing Cloud environment credentials - **AvoidHardcodedCredentialsInVarDecls**: Applies to secure credential handling in Marketing Cloud app components - **AvoidHardcodedCredentialsInHttpHeader**: Relevant for Marketing Cloud API integrations that use HTTP headers for authentication - **ApexSuggestUsingNamedCred**: Directly supports the credential requirement by promoting secure credential storage practices for Marketing Cloud connections