A couple of weeks ago, Ecosystem Security announced that we are launching and open sourcing a new tool called the Forge Security Requirement Tester (FSRT). FSRT expands our Ecoscanner platform to include Forge apps, and makes significant strides in our goal of validating that all apps are following our security requirements for cloud applications. To read the full blog post, check here!
Implementing FSRT will help you validate that your app(s) are meeting our first security requirement, listed below:
An application must authenticate and authorize every request on all endpoints exposed.
Starting today, we welcome our community to try this tool out on your Forge apps. We will begin scanning all Marketplace Forge apps ourselves in the next few weeks. As always, apps that miss security requirements will receive AMS tickets that are subject to our timeframes for resolution outlined in our Security Bug Fix Policy.