FAQ-001420 - Package Version Visibility and Scanner Access Issues / Source Scanner Access and Functionality Problems

Current Status:SUGGESTS_CASEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What should I do when I'm unable to access or run the Source Scanner on my package?
Answer
If you're unable to access or run the Source Scanner on your package, follow these troubleshooting steps: **1. Verify Package Criteria:** - The package must be **managed-beta** or **managed-released** - For second-generation packages (2GP), the version must be promoted to **"Released"** - Only the last **10 versions** of a package will appear in the portal **2. Check Organization:** - Use the same **Dev Hub** or **Developer Edition org** that was used to create the package - Verify that you are using the same organization throughout the process **3. User Permissions:** - Ensure you're logged in with a user account that has the **"Author Apex"** permission **4. Package Content:** - If your package does not contain Apex, Visualforce, or Lightning code, it may not have scannable content. Document this in your security review submission. **5. Additional Verification:** - Confirm that the package is linked to the **AppExchange listing** and meets all submission requirements - Make sure the version you're looking for is within the last 10 versions range If the issue persists after following these steps, open a case in the **Partner Community** under the "Support" tab or file a support ticket with the **Security Review Operations team**. Include details like the package name, package ID, and version ID to help the support team assist you.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Question
What should I do when I'm unable to access or run the Source Scanner on my package?
Recommended Answer Update
If you're unable to access or run the Source Scanner on your package, follow these troubleshooting steps: **1. Verify Package Criteria:** - The package must be **managed-beta** or **managed-released** - For second-generation packages (2GP), the version must be promoted to **"Released"** - Only the last **10 versions** of a package will appear in the portal **2. Check Organization:** - Use the same **Dev Hub** or **Developer Edition org** that was used to create the package - Verify that you're using the same organization throughout the process **3. User Permissions:** - Ensure you're logged in with a user account that has the **"Author Apex"** permission **4. Package Content:** - If your package doesn't contain Apex, Visualforce, or Lightning code, it may not have scannable content. Document this in your security review submission. **5. Additional Verification:** - Confirm that the package is linked to the **AppExchange listing** and meets all submission requirements - Make sure the version you're looking for is within the last 10 versions range If the issue persists after following these steps, open a case in the **Partner Community** under the "Support" tab or file a support ticket with the **Security Review Operations team**. Include details like the package name, package ID, and version ID to help the support team assist you.
Reasoning
This FAQ focuses on troubleshooting Source Scanner access issues, which is a portal/tooling problem rather than a code security issue. The content doesn't discuss specific security vulnerabilities or coding practices that would map to the available security scanner rules. The FAQ is about helping users access the scanner itself, not about what the scanner detects or how to resolve security findings. I made minor improvements to make the content more conversational and direct: - Changed "does not contain" to "doesn't contain" for a more conversational tone - Simplified the language slightly while preserving all technical information - Maintained the structured format and all existing troubleshooting steps - Kept all technical details intact (managed-beta/released requirements, 2GP promotion, 10-version limit, etc.) No security rules were selected because this FAQ addresses scanner access and functionality problems, not security code patterns or vulnerabilities. The available security rules all focus on detecting specific security issues in code (like ApexCRUDViolation, ApexSOQLInjection, etc.), while this FAQ helps users who cannot run the scanner at all due to access, permission, or package visibility issues.