The purpose of the Marketplace Security Certification is to increase the level of trustworthiness of the content published on UiPath Marketplace by introducing extra security verification checks applied to all submissions.
The listings will have a badge attached to the page attesting the level of quality and security they went through.
The Marketplace Security Certification will be applied to all listings that fulfill a series of rigorous quality content standards.
The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.
Security Framework
The Marketplace Security Certification applies to all listings prior to being published on UiPath Marketplace. This program comes as an enhancement to the previous curation process all published listings have undergone before being published on the Marketplace.
There are three levels of security based on the number and type of checks performed. The levels are reflected through the badges showcased on each listing page.
- Bronze Certified
- Silver Certified
- Gold Certified
Bronze Certified
Phase 1: Content Quality Check
Name | Description |
|---|---|
Content Review | What we check for: the accuracy of the information submitted in the Upload Form What is being checked: all fields in the Upload Form need to be filled in accordingly to our Publishing Guidelines |
Phase 2: Security Checks
Name | Description |
|---|---|
Malware analysis | What we check for: Malware/malicious files and other similar security checks. What is going to be scanned: Source code and the direct-downloadable file (.nupkg) or archive (.zip) provided by the publisher. |
Security Best Practices Scans | What we check for: Multi-technology software analytics, security measurement, and malicious code. What is going to be scanned: Source code |
Phase 3: Functionality Testing
Name | Description |
|---|---|
Functionality Testing | What we check for: The functionalities provided by the listing according to the Description and User Guide as well as similar additional checks. What is going to be checked: Source code and the direct-downloadable file (.nupkg) or achieve (.zip) |
Silver Certified
Important:
All Bronze Certified checks listed above are included.
Apart from passing the checks, the publisher must provide Support for the listing and have it in the organization profile to obtain the Silver badge. To see the detailed requirements for Silver and Gold badges, please visit Certification Requirements page.
Step | Name | Description |
|---|---|---|
Step 1 | Malware analysis | What we check for: Malware detection with the help of antivirus engines. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
Step 2 | Vulnerabilities in 3rd party dependencies | What we check for: Any vulnerabilities in 3rd party dependencies. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
Step 3 | Static code analysis – only for Custom Activities | What we check for: A comprehensive, top enterprise-level series of static code security measures and checks. What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file. |
Gold Certified
Important:
All Bronze and Silver checks listed above are included.
Step | Name | Description |
|---|---|---|
Step 1 | Dynamic code analysis | What is being checked: Malicious behavior at runtime. For this stage we also require a vendor-provided workflow with all the necessary configurations (inputs, outputs etc.) that will cover and test all the functionalities provided through the listing. |
Step 2 | Pen-testing performed only for Custom Activities | What we check for: Manual inspection of the source code, package and other artifacts combined with results of previous checks. |
Benefits
Marketplace Security Certification signals that the listing has undergone a due vetting process that checks if best practices and industry security standards are being followed.
Due to the badges that reflect the level of security a listing went through, they will help to differentiate between different types of listings.
Users will be more inclined to use a listing that has undergone the UiPath Marketplace Security Certification process.
The listings that undergo this process will gain more exposure as they will be promoted through the Marketplace Bundles.
The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.
Updated about a month ago