Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Security Checklist for custom code

Updated on July 1, 2021

These tasks are not part of the core Security Checklist because they do not apply to all applications. You should review these tasks whenever you use custom code in your application to mitigate risks.

If your application includes custom Java or custom HTML written by your project team, there are special tasks you must perform to secure that code.

Eliminate vulnerabilities in custom code
Run the Rule Security Analyzer weekly to search through custom (non-autogenerated) code in your rules. This utility finds specific JavaScript or SQL coding patterns that might indicate a security vulnerability.
Remove vulnerabilities immediately to avoid wasting time refactoring and retesting your work.

For more information, see:

Secure HTML if it exists in your application
Keep your application guardrail-compliant and do not include custom (non-autogenerated) HTML. However, if you do include custom HTML, follow Pega guidelines to minimize security vulnerabilities in your application.

For more information, see Security guidelines for custom HTML.

  • Previous topic Security Checklist when deploying in on-premises environments
  • Next topic Preparing your application for secure deployment

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us