SnykCon 2020

Salesforce believes in giving back to the community, and one of the ways engineers can give back is by open sourcing the work they have done so that other individuals can benefit from it. Until July 2020, the requests to open source any internal Salesforce work was reviewed by Product Security manually and it soon became a bottleneck. We developed an automation service that seamlessly connects with the internal task tracking system and internal security tools to provide a consolidated scan report of the repository to be open sourced saving at least 150 hours of manual work per year. This framework can now be extended to be a plug and play security scanning/testing framework capable of incorporating any tool.