Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > Security Best Practices for Developers > Supply Chain Security

Third-Party Libraries

Third-party software is regularly integrated into custom code to easily add features and increase the speed to take a product to market. This practice comes at the risk of including unwanted or insecure libraries into the storefront code. Even SiteGenesis and SFRA include a number of third-party libraries. When incorporated into your custom code, they require close monitoring for potential issues and vulnerabilities.

To help prevent including potentially unwanted or vulnerable libraries in your storefront, follow these guidelines.

  • Keep an inventory of required libraries for the correct operation of your storefront.
  • Discard unnecessary libraries from your code base.
  • Obtain third-party software from trusted, secure sources.
  • Keep track of the specific version of each library you use.
  • Review the libraries for known weaknesses regularly, and upgrade to secure and supported versions of those libraries.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.