From 3f5cb3aafc6bf99a5bf23bf6e573b8b8dc4f21a0 Mon Sep 17 00:00:00 2001 From: nicoletacoman Date: Thu, 29 Jan 2026 14:27:39 +0100 Subject: [PATCH 1/2] Update QSM --- .../en/docs/marketplace/upload-content/governance-process.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/marketplace/upload-content/governance-process.md b/content/en/docs/marketplace/upload-content/governance-process.md index 822c98e7128..b581c12b674 100644 --- a/content/en/docs/marketplace/upload-content/governance-process.md +++ b/content/en/docs/marketplace/upload-content/governance-process.md @@ -21,7 +21,7 @@ Mendix checks the following: There should be no use of GPL, LGPL, or MPL licenses. For more details, refer to [Open-Source Software Licenses](/appstore/submit-content/#license). * For malware in the *.mpk* files, using the [VirusTotal](https://www.virustotal.com/gui/home/upload) tool. -* For third-party vulnerabilities, using the [Snyk](https://snyk.io/) tool. +* For third-party vulnerabilities, using QSM. If critical or high vulnerabilities are found, the component is rejected. * That the component can be used without errors in a specific Studio Pro version, if the component is a widget, a module, a connector, or an industry template. * That the documentation mentions all the details per the template, for example, dependencies, configuration, and how to use the component. * That the grammar, alignment, and spelling for the component's description and documentation are correct. @@ -31,7 +31,7 @@ Mendix checks the following: It may sometimes take a few iterations for a component to be approved, depending on the issues identified. To avoid a high number of necessary iterations, make sure you have followed the [Guidelines for Content Creators](/appstore/guidelines-content-creators/) and have performed the checks above before you submit a component for approval. {{% alert color="info" %}} -Review and approval by Mendix is required only for the first version of a publicly-listed component. Subsequent versions of a public component do not need review or approval by Mendix. +All subsequently uploaded versions of a public component must be scanned and approved by Mendix. Private Marketplace content does not require any review or approval. {{% /alert %}} From b098389874efb9cfddac1d96cf8d07c8401aa3ea Mon Sep 17 00:00:00 2001 From: nicoletacoman Date: Mon, 2 Feb 2026 13:15:22 +0100 Subject: [PATCH 2/2] Removed outdated checks --- .../en/docs/marketplace/upload-content/governance-process.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/en/docs/marketplace/upload-content/governance-process.md b/content/en/docs/marketplace/upload-content/governance-process.md index b581c12b674..bb005a9128f 100644 --- a/content/en/docs/marketplace/upload-content/governance-process.md +++ b/content/en/docs/marketplace/upload-content/governance-process.md @@ -20,11 +20,7 @@ Mendix checks the following: * The licenses used in the uploaded *.mpk* files, using the [Fossology](https://fossology.osuosl.org/repo/) tool . There should be no use of GPL, LGPL, or MPL licenses. For more details, refer to [Open-Source Software Licenses](/appstore/submit-content/#license). -* For malware in the *.mpk* files, using the [VirusTotal](https://www.virustotal.com/gui/home/upload) tool. * For third-party vulnerabilities, using QSM. If critical or high vulnerabilities are found, the component is rejected. -* That the component can be used without errors in a specific Studio Pro version, if the component is a widget, a module, a connector, or an industry template. -* That the documentation mentions all the details per the template, for example, dependencies, configuration, and how to use the component. -* That the grammar, alignment, and spelling for the component's description and documentation are correct. * That the logo is related to the component's functionality. * That the screenshots are related to the configuration required to use the component in the end-user's app.