FAQ-001334 - Package Dependency Security Review / Package Generation Dependencies

The security review requirements for second-generation (2GP) packages that depend on first-generation (1GP) packages include: • Ensuring all dependent packages are installed in the Development Edition org submitted for the security review • The Product Security team reviews the entire solution, including both the base and dependent packages, even if the base solutions have already passed a security review • Testing the full scope of the solution, including external endpoints • Documenting and addressing any security vulnerabilities identified during the review process

The existing FAQ content is accurate and complete for package dependency security review requirements. The main improvement made is converting the bullet points from hyphens to bullet points for better readability and consistency with FAQ formatting standards. The content correctly covers the key requirements: ensuring dependent packages are installed in the DE org, comprehensive review scope including previously reviewed packages, full solution testing including external endpoints, and vulnerability documentation requirements. No security rules from the available list directly apply to this FAQ since it focuses on administrative security review process requirements rather than code-level security scanning rules. The content does not contain any outdated information or security concept confusion.