vulkro-sf asrr
Runs the AppExchange Security Review readiness (ASRR) check: a focused
evaluation of whether a managed package is ready to submit for the
Salesforce Partner Security Review. It walks the project and reports the
six readiness criteria, SF-ASRR-001 through SF-ASRR-006, so an ISV
can confirm the package clears each gate before paying for and queuing a
review slot. Runs locally with no network calls.
Synopsis
vulkro-sf asrr [PATH] [flags]
PATH defaults to the current directory and should point at the SFDX
project (or retrieved metadata) for the package under review.
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--format <fmt> | enum | table | Output format: table (human-readable readiness summary on the terminal), json (machine-readable result for a release gate), or markdown (a readiness section you can paste into a submission packet or internal review doc). |
--metadata-only | bool | off | Skip SFDX project detection; treat PATH as a retrieved metadata folder with no sfdx-project.json. |
What it does
The check evaluates six readiness criteria, each with a PASS or FAIL result:
SF-ASRR-001throughSF-ASRR-006cover the readiness gates the Partner Security Review weighs most heavily: authorization enforcement across the package, injection-free data access, sharing and field-level posture, external-surface exposure, dependency and supply-chain integrity, and the presence of the evidence a reviewer expects.
A FAIL on any criterion means the package is not yet ready to submit and
names what to remediate first. The markdown format renders the same
result as a section you can attach to the submission packet as evidence of
a pre-review pass.
Example
# Readiness table on the terminal.
vulkro-sf asrr .
# Machine-readable result for a release-gate job.
vulkro-sf asrr . --format json > asrr.json
# Markdown section for the submission packet.
vulkro-sf asrr . --format markdown > asrr-readiness.md
Exit codes
0- every readiness criterion passed; the package is ready to submit.1- one or more criteria failed; the package has reportable readiness gaps.2- error: bad arguments, IO failure, parse error, or internal crash. The error message names the cause and the next step.