Matrix42 Marketplace Quality Gate
The Matrix42 Marketplace Quality Gate describes the necessary Steps to guarantee a good and stable quality for the delivered Add-ons by the Marketplace Vendors.
Certification workflow steps
Vendor workflow steps
 |
The vendor should consider the product breaking changes provided by the Matrix42 Development Team |
 |
|
 |
The Vendor shall guarantee that its Add-on is available for the current release version and the LTSB of the Matrix42 Standard Product and that it is free of defects |
| |
|
 |
A Matrix42 Developer Identity certifies an individual to develop secure Matrix42 Extensions for the Matrix42 Digital Workspace Platform |
| |
|
 |
Goals of this document are to understand your add-on and identify possible risk to platform stability |
Matrix42 Marketplace workflow steps
 |
The Marketplace team performs a virus scan |
 |
|
 |
The Marketplace team checks the installations files. Check for existing executable files (exe, bat, etc...) and PowerShell Scripts |
| |
|
 |
The check is performed automatically |
| |
|
 |
The check is performed automatically |
| |
|
 |
The Marketplace team tests the Add-on for the current release version and the LTSB of the Matrix42 Standard Product |
| |
|
 |
Checks the delivered add-on informations in the Marketplace Backend: Name, Descriptions, Use Cases, Categories, product image, product price etc. Generate SKU, Define license metric etc. |
| |
|
 |
The Add-on will be published if no defects are found |
Consider Matrix42 product breaking changes provided by Matrix42 Development Team (Vendor)
The vendor should consider the product breaking changes provided by the Matrix42 Development Team. To be able to receive this information you have to be added into the mailing distrubution list. You can find the release notes here.
Please send an E-mail to the Marketplace team marketplace@matrix42.com
Discontinuation of Post-Install PS Scripts
We acknowledge that allowing custom PowerShell scripts for the installation and uninstallation of Configuration Packages (Extensions) has introduced security and operational risks. Moreover, this feature is incompatible with the nature of immutable containers, which can be re-created at any time. Therefore, we plan to gradually discontinue this functionality.
Removal of Legacy Components and Changes to Pre-requisites
Please review the attached document for details on the impacted changes and analyze how they might affect your solutions.
Digital Signature of the Extension – Matrix42 Developer Identity (Vendor)
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications. In order to sign a Extension, the Userrole "Matrix42 Extension Developers" is needed. This role can be assigned by the Tenantmanager of the Vendor.
https://help.matrix42.com/030_DWP/070_DevOps_Portal/What_is_a_Digital_Signature%3F
Matrix42 Developer Identity
A Matrix42 Developer Identity certifies an individual to develop secure Matrix42 Extensions for the Matrix42 Digital Workspace Platform. With these certificates, a developer can ensure that his/her Extensions are not malware and are not tampered with when a consumer is downloading/installing them via the Matrix42 DevOps Services
https://help.matrix42.com/030_DWP/070_DevOps_Portal/Matrix42_Developer_Identities
Demo of the Extension if necessary (Vendor)
When the Add-on has a certain complexity, a demo of the Extension is needed. This is the case especially for Third-Party Connectors.
Publish the Add-on in Extension Gallery (Vendor)
The Add-on will ONLY be published in the Extension Gallery if it was successfully tested by Marketplace team.
(Recommended) Implement uninstall support (VENDOR)
While not mandatory, we recommend to implement uninstall support
Deliver an user manual: Installation and configuration (Vendor)
The user manual is pretended to describe the add-on functionality and covering installation and usage of the Extension.
Goals of this document are to understand your add-on and identify possible risk to platform
stability.
Perform a virus and white labeling scan with Veracode (Marketplace Team)
The Marketplace team performs a virus and white labeling scan using Veracode. This scan also checks for Assembly vulnerabilities.
Check installation files - Configuration Package (Marketplace Team)
- Check for existing executable files (exe, bat, etc...)
- Check for existing SQL Scripts that can harm the system
- Check for existing PowerShell Scripts
- Check for schema files that change default attributes and tables
- Check schema files for OwnerIds (and User specific Ids in general)
- Check for overriding Product page files
- Check for existing Product assemblies
Check white labeling (Marketplace Team)
The check is performed automatically.
Check digital signing (Marketplace Team)
The check is performed automatically.
Testing the Add-on (Marketplace Team)
The Marketplace team tests the Add-on for the current release version and the LTSB of the Matrix42 Standard Product.
Add-on Certification (Marketplace Team)
https://help.matrix42.com/80Marketplace/040Partnership/Matrix42_Marketplace_Product_Certification
Publish the Add-on (Marketplace Team)
The Add-on will be published if no defects are found.