marketplace
latest
false
UiPath logo, featuring letters U and I in white

Marketplace User Guide

Last updated Sep 5, 2024

Marketplace Security Certification Overview

The purpose of the Marketplace Security Certification is to increase the level of trustworthiness of the content published on UiPath Marketplace by introducing extra security verification checks applied to all submissions.

The listings will have a badge attached to the page attesting the level of quality and security they went through.

The Marketplace Security Certification will be applied to all listings that fulfill a series of rigorous quality content standards.

The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.

Certification Steps for Paid Content

With the introduction of monetization on the Marketplace, the steps for certifying the content will be as follows:

  1. Content Quality Check - assessment of the automation’s use cases based on the Standards for Quality Content.
  2. If the listing passes the quality check step, then you will be informed and provided with the SDK library required to be embedded in the code. For more details on this topic, please visit SDK - Licensing your Package.
  3. Security and Functionality - It is mandatory to resubmit the code with the embedded library on the Marketplace so that the security and functionality steps can take place.
  4. If the listing passes the security and functionality checks, then it will be published on the Marketplace.

Note:
  • Throughout the Marketplace Security Certification Process, the Marketplace Team will keep vendors informed about the status of their listing and the updates that are required from their end.
  • The Marketplace Security Certification Process will remain the same as is for free listings

Security Framework

The Marketplace Security Certification applies to all listings prior to being published on UiPath Marketplace. This program comes as an enhancement to the previous curation process all published listings have undergone before being published on the Marketplace.

There are two levels of security based on the number and type of checks performed. The levels are reflected through the badges showcased on each listing page.

  1. Silver Certified
  2. Gold Certified

Silver Certified

Phase 1: Content Quality Check

Name

Description

Content Review

What we check for: the accuracy of the information submitted in the Upload Form

What is being checked: all fields in the Upload Form need to be filled in accordingly to our Publishing Guidelines

Phase 2: Security Checks

Name

Description

Malware analysis

What we check for: Malware/malicious files and other similar security checks.

What is going to be scanned: Source code and the direct-downloadable file (.nupkg) or archive (.zip) provided by the Marketplace Partner.

Security Best Practices Scans

What we check for: Multi-technology software analytics, security measurement, and malicious code.

What is going to be scanned: Source code

Phase 3: Functionality Testing

Name

Description

Functionality Testing

What we check for: The functionalities provided by the listing according to the Description and User Guide as well as similar additional checks.

What is going to be checked: Source code and the direct-downloadable file (.nupkg) or achieve (.zip)

Gold Certified

Important:

All Silver Certified checks listed above are included.

Apart from passing the checks, the Marketplace Partner must provide Support for the listing and have it in the Company profile to obtain the Silver badge. To see the detailed requirements for Silver and Gold badges, please visit Certification Requirements page.

 

Step

Name

Description

Step 1

Malware analysis

What we check for: Malware detection with the help of antivirus engines.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Step 2

Vulnerabilities in 3rd party dependencies

What we check for: Any vulnerabilities in 3rd party dependencies.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Step 3

Static code analysis – only for Custom Activities

What we check for: A comprehensive, top enterprise-level series of static code security measures and checks.

What is going to be scanned: Source code and build artifacts. E.g.: the source code .zip archive and the direct-downloadable .nupkg file.

Step 4

Dynamic code analysis

What is being checked: Malicious behavior at runtime. For this stage we also require a vendor-provided workflow with all the necessary configurations (inputs, outputs etc.) that will cover and test all the functionalities provided through the listing.

Step 5

Pen-testing performed only for Custom Activities

What we check for: Manual inspection of the source code, package and other artifacts combined with results of previous checks.

Benefits

  • Marketplace Security Certification signals that the listing has undergone a due vetting process that checks if best practices and industry security standards are being followed.
  • Due to the badges that reflect the level of security a listing went through, they will help to differentiate between different types of listings.
  • Users will be more inclined to use a listing that has undergone the UiPath Marketplace Security Certification process.
  • The listings that undergo this process will gain more exposure as they will be promoted through the Marketplace Bundles.
  • The certified listings will also be included in marketing campaigns to increase their level of visibility and usage among end-users.

Quality Content Standards

Here are some tips that may help you when creating content for listing:

 

General Guidelines

High Reusability

When thinking about creating Content, keep in mind that it should be highly reusable in the sense that it can be used in multiple processes and can be easily adapted to different cases, by a large number of users.

User Friendliness

Another important aspect is the complexity of the Content configuration. Marketplace Customers are not always technical people and appreciate more an easy to configure tool. This should also reflect in the way the Overview of the component is written.

Extend/Enhance/Improve UiPath products

Integrations between UiPath and other products make great Content as they can improve the usage of a large number of tools and products.

Diversity

It is recommended that the Content brings something new or a fresh approach.

The listings which will be submitted for certification should not only meet the above General Criteria but also the following criteria:

 

Additional Criteria for Gold Certified Listings

Difficult to Replicate

The effort required to develop the automation should be reasonably high so that it cannot be replaced easily.

Completeness

The listing should cover a large part of all the major functionalities to automate requirements for the chosen Application or Platform.

Originality

It is important not to duplicate functionalities already available in the official/core/UiPath Team activities in UiPath Studio or already present on the Marketplace unless the Content has an extended functionality on top of the existing ones.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.