diff --git a/content/en/docs/marketplace/upload-content/_index.md b/content/en/docs/marketplace/upload-content/_index.md index a4aff9dc0c9..96ee6898007 100755 --- a/content/en/docs/marketplace/upload-content/_index.md +++ b/content/en/docs/marketplace/upload-content/_index.md @@ -191,7 +191,7 @@ Note that it may take a short while before the component becomes visible. For details on the approval process, refer to [Governance Process](/appstore/submit-content/governance-process/). -Every new public component or component version is scanned through QSM, and, if no vulnerabilities are found, it is automatically uploaded. In case of vulnerabilities, Mendix manually checks the component or component version. +Every new public component or component version is scanned through [QSM](/appstore/partner-solutions/qsm/), and, if no vulnerabilities are found, it is automatically uploaded. In case of vulnerabilities, Mendix manually checks the component or component version. ## Updating Existing Marketplace Content {#updating} diff --git a/content/en/docs/marketplace/upload-content/governance-process.md b/content/en/docs/marketplace/upload-content/governance-process.md index bb005a9128f..565524318b5 100644 --- a/content/en/docs/marketplace/upload-content/governance-process.md +++ b/content/en/docs/marketplace/upload-content/governance-process.md @@ -17,16 +17,19 @@ Mendix strongly recommends performing the following checks before you submit you Mendix checks the following: -* The licenses used in the uploaded *.mpk* files, using the [Fossology](https://fossology.osuosl.org/repo/) tool . +* The licenses used in the uploaded *.mpk* files, using [QSM](/appstore/partner-solutions/qsm/). There should be no use of GPL, LGPL, or MPL licenses. For more details, refer to [Open-Source Software Licenses](/appstore/submit-content/#license). -* For third-party vulnerabilities, using QSM. If critical or high vulnerabilities are found, the component is rejected. -* That the logo is related to the component's functionality. -* That the screenshots are related to the configuration required to use the component in the end-user's app. +* Any third-party vulnerabilities, using QSM. + Every new public component and every new version of a component packaged as an MPK file is automatically scanned by QSM. + If no vulnerabilities are detected, the component is uploaded automatically. + If vulnerabilities are identified, the upload is rejected, and the component remains in **My Drafts** with a **Declined** status. Developers can open the context menu for the declined component and navigate to the **Scan Overview** page to review the detected vulnerabilities. It may sometimes take a few iterations for a component to be approved, depending on the issues identified. To avoid a high number of necessary iterations, make sure you have followed the [Guidelines for Content Creators](/appstore/guidelines-content-creators/) and have performed the checks above before you submit a component for approval. {{% alert color="info" %}} +Components with the `.mxmodule` extension are not scanned by QSM, but are approved manually. + All subsequently uploaded versions of a public component must be scanned and approved by Mendix. Private Marketplace content does not require any review or approval.