Skip to main content
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Qlik Branch Extension Security/Verification

Does Qlik verify the contributions or projects on Qlik Branch? If not, is there a way for Qlik users to certify that particular extensions are safe or do not have glaring vulnerabilities? Some of our clients are concerned about allowing unverified third-party Javascript packages to run on their servers.

Thanks in advance.

Cheers,

Andrew

3 Replies
Not applicable
Author

Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.

swuehl
MVP
MVP

Maybe also have a look at Alexander's comment here:

Can extensions carry security risk? | Qlik Community

Alexander_Thor
Employee
Employee

Hey Andrew,

As other poster stated I would recommend _everyone_ to verify the source code on their own.

You wouldn't copy / paste a load script from a page on the internet into your app and the same rule of thumb should go for Extensions.

Now with that said, since extensions are just normal objects the usual section access and security rules apply so a extension can't access anything apart from what the user is allowed to see. We also do checks for click-jacking and obvious malicious code for the projects posted on Branch.