The purpose of the Marketplace Security Certification is to increase the level of trustworthiness of the content published on UiPath Marketplace by introducing extra security verification checks applied to all submissions.
The listings will have a badge attached to the page attesting the level of quality and security they went through.
The Marketplace Security Certification will be applied to all listings that fulfill a series of rigorous quality content standards.
The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.
Certification Steps for Paid Content
With the introduction of monetization on the Marketplace, the steps for certifying the content will be as follows:
- Content Quality Check - assessment of the automation’s use cases based on the Standards for Quality Content.
- If the listing passes the quality check step, then you will be informed and provided with the SDK library required to be embedded in the code. For more details on this topic, please visit SDK - Licensing your Package.
- Security and Functionality - It is mandatory to resubmit the code with the embedded library on the Marketplace so that the security and functionality steps can take place.
- If the listing passes the security and functionality checks, then it will be published on the Marketplace.
- Throughout the Marketplace Security Certification Process, the Marketplace Team will keep vendors informed about the status of their listing and the updates that are required from their end.
- The Marketplace Security Certification Process will remain the same as is for free listings
Security Framework
The Marketplace Security Certification applies to all listings prior to being published on UiPath Marketplace. This program comes as an enhancement to the previous curation process all published listings have undergone before being published on the Marketplace.
There are two levels of security based on the number and type of checks performed. The levels are reflected through the badges showcased on each listing page.
- Silver Certified
- Gold Certified
Silver Certified
Phase 1: Content Quality Check
| Name | Description |
|---|---|
| Content Review | What we check for: the accuracy of the information submitted in the Upload Form What is being checked: all fields in the Upload Form need to be filled in accordingly to our Publishing Guidelines |
Phase 2: Security Checks
| Name | Description |
|---|---|
| Malware analysis | What we check for: Malware/malicious files and other similar security checks. What is going to be scanned: Source code and the direct-downloadable file (.nupkg) or archive (.zip) provided by the Marketplace Partner. |
| Security Best Practices Scans | What we check for: Multi-technology software analytics, security measurement, and malicious code. What is going to be scanned: Source code |
Phase 3: Functionality Testing
| Name | Description |
|---|---|
| Functionality Testing | What we check for: The functionalities provided by the listing according to the Description and User Guide as well as similar additional checks. What is going to be checked: Source code and the direct-downloadable file (.nupkg) or achieve (.zip) |
Gold Certified
Important:
All Silver Certified checks listed above are included.
Apart from passing the checks, the Marketplace Partner must provide Support for the listing and have it in the Company profile to obtain the Silver badge. To see the detailed requirements for Silver and Gold badges, please visit Certification Requirements page.
| Step | Name | Description |
|---|---|---|
| Step 1 | Malware analysis | What we check for: Malware detection with the help of antivirus engines. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
| Step 2 | Vulnerabilities in 3rd party dependencies | What we check for: Any vulnerabilities in 3rd party dependencies. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
| Step 3 | Static code analysis – only for Custom Activities | What we check for: A comprehensive, top enterprise-level series of static code security measures and checks. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
| Step 4 | Dynamic code analysis | What is being checked: Malicious behavior at runtime. For this stage we also require a vendor-provided workflow with all the necessary configurations (inputs, outputs etc.) that will cover and test all the functionalities provided through the listing. |
| Step 5 | Pen-testing performed only for Custom Activities | What we check for: Manual inspection of the source code, package and other artifacts combined with results of previous checks. |
Benefits
Marketplace Security Certification signals that the listing has undergone a due vetting process that checks if best practices and industry security standards are being followed.
Due to the badges that reflect the level of security a listing went through, they will help to differentiate between different types of listings.
Users will be more inclined to use a listing that has undergone the UiPath Marketplace Security Certification process.
The listings that undergo this process will gain more exposure as they will be promoted through the Marketplace Bundles.
The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.
Quality Content Standards
Here are some tips that may help you when creating content for listing:
| General Guidelines | |
|---|---|
| High Reusability | When thinking about creating Content, keep in mind that it should be highly reusable in the sense that it can be used in multiple processes and can be easily adapted to different cases, by a large number of users. |
| User Friendliness | Another important aspect is the complexity of the Content configuration. Marketplace Customers are not always technical people and appreciate more an easy to configure tool. This should also reflect in the way the Overview of the component is written. |
| Extend/Enhance/Improve UiPath products | Integrations between UiPath and other products make great Content as they can improve the usage of a large number of tools and products. |
| Diversity | It is recommended that the Content brings something new or a fresh approach. |
The listings which will be submitted for certification should not only meet the above General Criteria but also the following criteria:
| Additional Criteria for Gold Certified Listings | |
|---|---|
| Difficult to Replicate | The effort required to develop the automation should be reasonably high so that it cannot be replaced easily. |
| Completeness | The listing should cover a large part of all the major functionalities to automate requirements for the chosen Application or Platform. |
| Originality | It is important not to duplicate functionalities already available in the official/core/UiPath Team activities in UiPath Studio or already present on the Marketplace unless the Content has an extended functionality on top of the existing ones. |
Updated 10 months ago