Compliance engineered for the Cloud

Salesforce maintains a comprehensive set of compliance certifications and attestations to validate our #1 value of Trust.

External Security Assessments

Attestation of penetration tests and security assessments performed by third parties. The document does not contain details of any vulnerabilities or findings and is intended only to provide information on the tests performed and scope of testing. As verified by external audits, vulnerabilities discovered during testing are tracked and resolved in accordance with corporate policy and industry best practice.

Applicable documents by service

Filter this list

Sort by Updated On
Name Vulnerability/Penetration Report Summary - Tableau Server	Updated On 2024-04-16	Infrastructure First party	Services Tableau
Name Vulnerability/Penetration Report Summary - Social Studio	Updated On 2024-04-15	Infrastructure First party	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Salesforce Maps Mobile (Andr./iOS)	Updated On 2024-04-09	Infrastructure First party, AWS	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - AI for Marketing (fka MC Einstein)	Updated On 2024-04-05	Infrastructure AWS	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Salesforce Services	Updated On 2024-03-27	Infrastructure First party, AWS, Hyperforce	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Salesforce Maps	Updated On 2024-03-22	Infrastructure First party, AWS	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Messaging (LiveMessage)	Updated On 2024-03-11	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Slack	Updated On 2024-02-15	Infrastructure AWS	Services Slack
Name Vulnerability/Penetration Report Summary - Tableau Bridge	Updated On 2024-02-05	Infrastructure First party	Services Tableau
Name Vulnerability/Penetration Report Summary - Tableau Cloud	Updated On 2024-02-05	Infrastructure AWS	Services Tableau
Name Vulnerability/Penetration Report Summary - Einstein Vision, Language & Voice	Updated On 2024-01-30	Infrastructure AWS	Services Einstein Platform
Name Vulnerability/Penetration Report Summary - Salesforce Mobile (Andr./iOS)	Updated On 2024-01-25	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Salesforce Inbox Mobile (Andr./iOS)	Updated On 2024-01-08	Infrastructure First party	Services Einstein Platform
Name Vulnerability/Penetration Report Summary - Salesforce Data Cloud (fka CDP)	Updated On 2024-01-05	Infrastructure Hyperforce	Services Data Cloud
Name Vulnerability/Penetration Report Summary - Datorama	Updated On 2024-01-04	Infrastructure AWS	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Audience Studio (fka DMP, fka Krux)	Updated On 2023-12-21	Infrastructure AWS	Services Audience Studio and Data Studio Marketing Cloud
Name Vulnerability/Penetration Report Summary - ExactTarget Web APIs	Updated On 2023-12-14	Infrastructure First party	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Marketing Cloud Mobile (Andr./iOS)	Updated On 2023-12-14	Infrastructure First party	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary-Personalization fka Interaction Studio	Updated On 2023-12-04	Infrastructure AWS, Hyperforce	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Heroku	Updated On 2023-11-22	Infrastructure AWS	Services Heroku
Name Vulnerability/Penetration Report Summary - CRM Analytics (fka Tableau CRM)	Updated On 2023-11-15	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - MuleSoft	Updated On 2023-11-15	Infrastructure AWS	Services MuleSoft
Name Vulnerability/Penetration Report Summary - Quip	Updated On 2023-11-15	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Name Vulnerability/Penetration Report Summary - Mobile Shield (Andr./iOS)	Updated On 2023-10-27	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Tableau Prep	Updated On 2023-10-25	Infrastructure AWS	Services Tableau
Name Vulnerability/Penetration Report Summary - Tableau Mobile (iOS/Android/Intune)	Updated On 2023-10-13	Infrastructure AWS	Services Tableau
Name Vulnerability/Penetration Report Summary - B2B Commerce Lightning (aka 1CB2B)	Updated On 2023-10-05	Infrastructure First party	Services B2B Commerce
Name Vulnerability/Penetration Report Summary - ExactTarget	Updated On 2023-09-27	Infrastructure First party	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Sales Cloud Einstein	Updated On 2023-08-26	Infrastructure AWS	Services Einstein Platform
Name Vulnerability/Penetration Report Summary - Service Cloud Einstein	Updated On 2023-08-26	Infrastructure AWS	Services Einstein Platform
Name Vulnerability/Penetration Report Summary - B2C Einstein, Reports and Dashboard	Updated On 2023-07-28	Infrastructure First party	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - RCG Industries	Updated On 2023-07-28	Infrastructure First party, Hyperforce	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - B2C Business Manager + OCAPI + SFRA	Updated On 2023-06-23	Infrastructure First party, AWS	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - Advertising Studio	Updated On 2023-06-16	Infrastructure First party	Services Marketing Cloud
Name Vulnerability/Penetration Report Summary - Pardot	Updated On 2023-06-15	Infrastructure AWS	Services Marketing Cloud Marketing Cloud Account Engagement
Name Vulnerability/Penetration Report Summary - Tableau Desktop Application	Updated On 2023-03-24	Infrastructure First party	Services Tableau
Name Vulnerability/Penetration Report Summary - Salesforce Slack	Updated On 2023-02-13	Infrastructure AWS	Services Slack
Name Vulnerability/Penetration Report Summary - Field Service Lightning (Andr./iOS)	Updated On 2022-12-07	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Commerce Cloud Order Management + OCI	Updated On 2022-11-08	Infrastructure First party	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - ClickSoftware FSE - WebApp & API	Updated On 2022-09-26	Infrastructure AWS	Services ClickSoftware
Name Vulnerability/Penetration Report Summary - B2B Commerce (CloudCraze)	Updated On 2022-08-24	Infrastructure First party	Services B2B Commerce
Name Vulnerability/Penetration Report Summary - myTrailhead	Updated On 2022-08-16	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Name Vulnerability/Penetration Report Summary - Tableau Cloud CMEK (Encryption)	Updated On 2022-08-11	Infrastructure AWS	Services Tableau
Name Vulnerability/Penetration Report Summary - B2C Mobify	Updated On 2022-08-10	Infrastructure AWS	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - Trailhead GO (Andr./iOS)	Updated On 2022-07-26	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Name Vulnerability/Penetration Report Summary - 1CB2C (One Commerce)	Updated On 2022-07-12	Infrastructure First party	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - Diffeo	Updated On 2022-07-11	Infrastructure AWS	Services Einstein Platform
Name Vulnerability/Penetration Report Summary - Tableau CRM Mobile (Andr./iOS)	Updated On 2022-05-11	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Vlocity Managed Packages	Updated On 2022-05-03	Infrastructure First party	Services Vlocity
Name Vulnerability/Penetration Report Summary - Philanthropy Cloud Mobile (Andr./iOS)	Updated On 2022-04-27	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate
Name Vulnerability/Penetration Report Summary - ClickSoftware v8 - WebApp & API	Updated On 2022-03-29	Infrastructure AWS	Services ClickSoftware
Name Vulnerability/Penetration Report Summary - Salesforce Authenticator (Andr./iOS)	Updated On 2022-02-14	Infrastructure First party	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - MacOS Tableau Desktop Application	Updated On 2021-10-14	Infrastructure First party	Services Tableau
Name Vulnerability/Penetration Report Summary - Salesforce Services Data Mask Add-on	Updated On 2021-10-06	Infrastructure First party, AWS	Services Salesforce Services and Additional Services
Name Vulnerability/Penetration Report Summary - Omni Channel Inventory	Updated On 2021-09-01	Infrastructure AWS, Hyperforce	Services B2C Commerce / Commerce Cloud
Name Vulnerability/Penetration Report Summary - Salesforce.org Philanthropy Cloud	Updated On 2021-01-21	Infrastructure AWS	Services LiveMessage, myTrailhead, Salesforce Anywhere, Quip, Philan. Cloud and Elevate