Matrix42 Marketplace Quality Gate
The Matrix42 Marketplace Quality Gate describes the necessary Steps to guarantee a good and stable quality for the delivered Add-ons by the Marketplace Vendors.
Certification workflow steps
Vendor workflow steps
 |
The vendor should consider the product breaking changes provided by the Matrix42 Development Team |
 |
|
 |
We recommend the use of Veracode for this purpose! |
| |
|
 |
The Vendor shall guarantee that its Add-on is available for the current release version and the LTSB of the Matrix42 Standard Product and that it is free of defects |
| |
|
 |
A Matrix42 Developer Identity certifies an individual to develop secure Matrix42 Extensions for the Matrix42 Digital Workspace Platform |
| |
|
 |
Goals of this document are to understand your add-on and identify possible risk to platform stability |
Matrix42 Marketplace workflow steps
 |
The Marketplace team performs a virus scan |
 |
|
 |
The Marketplace team checks the installations files. Check for existing executable files (exe, bat, etc...) and PowerShell Scripts |
| |
|
 |
The check is performed automatically |
| |
|
 |
The check is performed automatically |
| |
|
 |
The Marketplace team tests the Add-on for the current release version and the LTSB of the Matrix42 Standard Product |
| |
|
 |
Checks the delivered add-on informations in the Marketplace Backend: Name, Descriptions, Use Cases, Categories, product image, product price etc. Generate SKU, Define license metric etc. |
| |
|
 |
The Add-on will be published if no defects are found |
Consider Matrix42 product breaking changes provided by Matrix42 Development Team (Vendor)
The vendor should consider the product breaking changes provided by the Matrix42 Development Team. To be able to receive this information you have to be added into the mailing distrubution list.
Please send an E-mail to the Marketplace team marketplace@matrix42.com
Discontinuation of Post-Install PS Scripts
We acknowledge that allowing custom PowerShell scripts for the installation and uninstallation of Configuration Packages (Extensions) has introduced security and operational risks. Moreover, this feature is incompatible with the nature of immutable containers, which can be re-created at any time. Therefore, we plan to gradually discontinue this functionality.
Removal of Legacy Components and Changes to Pre-requisites
Please review the attached document for details on the impacted changes and analyze how they might affect your solutions.
Security Code scan - Use Veracode in Build piplines (Vendor, optional)
We recommend the use of Veracode for this purpose!
Veracode is a leading provider of security testing for apps and programs. Veracode's app analysis tools can be applied to web and mobile apps, as well as microservices in most common programming languages and frameworks.
The vendor has also to perform a virus scan before uploading the extension to ensure the package is virus free.
Extension TestStudio: Test your Add-on (Vendor)
The Vendor shall guarantee that its Add-on is available for the current release version and the LTSB of the Matrix42 Standard Product and that it is free of defects, that the use of the Add-on does not cause any defects or impair the Matrix42 Standard Products
Digital Signature of the Extension – Matrix42 Developer Identity (Vendor)
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications
https://help.matrix42.com/030_DWP/070_DevOps_Portal/What_is_a_Digital_Signature%3F
Matrix42 Developer Identity
A Matrix42 Developer Identity certifies an individual to develop secure Matrix42 Extensions for the Matrix42 Digital Workspace Platform. With these certificates, a developer can ensure that his/her Extensions are not malware and are not tampered with when a consumer is downloading/installing them via the Matrix42 DevOps Services
https://help.matrix42.com/030_DWP/070_DevOps_Portal/Matrix42_Developer_Identities
Deliver an user manual: Installation and configuration (Vendor)
The user manual is pretended to describe the add-on functionality and covering following topics:
Installation and configuration: The Installation and Configuration document describes the steps necessary to install and configure your add-on and is part of the certification process. This document will be used internally by Matrix42.
Goals of this document are to be able to install and configure your add-on on the Matrix42 System.
Tested Use Cases: The Test Plan document describes all Test Cases of your add-on and is part of the certification process. This document will be used internally by Matrix42.
Goals of this document are to be able to test your add-on and identify potential quality issues.
Design and Architecture: The Design document describes the design of your Add-on and is part of the certification process. This document will be used internally by Matrix42.
Goals of this document are to understand your add-on and identify possible risk to platform
stability.
Perform a virus scan (Marketplace Team)
The Marketplace team performs a virus scan.
Check installation files - Configuration Package (Marketplace Team)
- Check for existing executable files (exe, bat, etc...)
- Check for existing SQL Scripts that can harm the system
- Check for existing PowerShell Scripts
- Check for schema files that change default attributes and tables
Check white labeling (Marketplace Team)
The check is performed automatically.
Check digital signing (Marketplace Team)
The check is performed automatically.
Testing the Add-on (Marketplace Team)
The Marketplace team tests the Add-on for the current release version and the LTSB of the Matrix42 Standard Product.
Add-on Certification (Marketplace Team)
https://help.matrix42.com/80Marketplace/040Partnership/Matrix42_Marketplace_Product_Certification
Publish the Add-on (Marketplace Team)
The Add-on will be published if no defects are found.