Subscribe

UiPath Marketplace

The UiPath Marketplace Guide

Marketplace Security Certification Overview

The purpose of the Marketplace Security Certification is to increase the level of trustworthiness of the content published on UiPath Marketplace by introducing extra security verification checks applied to all submissions.

The listings will have a badge attached to the page attesting the level of quality and security they went through.

The Marketplace Security Certification will be applied to all listings that fulfill a series of rigorous quality content standards.

The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.

Security Framework

The Marketplace Security Certification applies to all listings prior to being published on UiPath Marketplace. This program comes as an enhancement to the previous curation process all published listings have undergone before being published on the Marketplace.

There are three levels of security based on the number and type of checks performed. The levels are reflected through the badges showcased on each listing page.

  1. Bronze Certified
  2. Silver Certified
  3. Gold Certified

Bronze Certified

Phase 1: Content Quality Check

Name

Description

Content Review

What we check for: the accuracy of the information submitted in the Upload Form

What is being checked: all fields in the Upload Form need to be filled in accordingly to our Publishing Guidelines

Phase 2: Security Checks

Name

Description

Malware analysis

What we check for: Malware/malicious files and other similar security checks.

What is going to be scanned: Source code and the direct-downloadable file (.nupkg) or archive (.zip) provided by the publisher.

Security Best Practices Scans

What we check for: Multi-technology software analytics, security measurement, and malicious code.

What is going to be scanned: Source code

Phase 3: Functionality Testing

Name

Description

Functionality Testing

What we check for: The functionalities provided by the listing according to the Description and User Guide as well as similar additional checks.

What is going to be checked: Source code and the direct-downloadable file (.nupkg) or achieve (.zip)

Silver Certified

🚧

Important:

All Bronze Certified checks listed above are included.
Apart from passing the checks, the publisher must provide Support for the listing and have it in the organization profile to obtain the Silver badge. To see the detailed requirements for Silver and Gold badges, please visit Certification Requirements page.

Step

Name

Description

Step 1

Malware analysis

What we check for: Malware detection with the help of antivirus engines.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Step 2

Vulnerabilities in 3rd party dependencies

What we check for: Any vulnerabilities in 3rd party dependencies.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Step 3

Static code analysis – only for Custom Activities

What we check for: A comprehensive, top enterprise-level series of static code security measures and checks.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Gold Certified

🚧

Important:

All Bronze and Silver checks listed above are included.

Step

Name

Description

Step 1

Dynamic code analysis

What is being checked: Malicious behavior at runtime. For this stage we also require a vendor-provided workflow with all the necessary configurations (inputs, outputs etc.) that will cover and test all the functionalities provided through the listing.

Step 2

Pen-testing performed only for Custom Activities

What we check for: Manual inspection of the source code, package and other artifacts combined with results of previous checks.

Benefits

:white-check-mark: Marketplace Security Certification signals that the listing has undergone a due vetting process that checks if best practices and industry security standards are being followed.
:white-check-mark: Due to the badges that reflect the level of security a listing went through, they will help to differentiate between different types of listings.
:white-check-mark: Users will be more inclined to use a listing that has undergone the UiPath Marketplace Security Certification process.
:white-check-mark: The listings that undergo this process will gain more exposure as they will be promoted through the Marketplace Bundles.
:white-check-mark: The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.

Updated 7 months ago


Marketplace Security Certification Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.