How does Qlik distribute its release software assets?
Qlik distributes its release software assets through GitHub.
How are the files secured and served?
No external party can upload or modify content in the Qlik Download repositories. Access is controlled by Qlik’s corporate authentication.
- The write access is exclusive to current Qlik employees and only to members of Qlik’s release management and security team.
- The Qlik Community download page consists of an embedded Qlik Sense app.
- The app is published through a Qlik Cloud tenant that is secured witgh Qlik’s corporate authentication.
- Only a handful of Qlik employees are authorized to access the Qlik Cloud tenant.
- No other employees or external parties can alter the information in the download app.
Qlik software is secured from malicious content as described in Secure SDLC Policy in .
- Distributed installers are signed by Qlik, which the customer can validate in the file details after download. Any manipulation of the file content will invalidate the signature, and the OS will throw an error during installation.
- Qlik software installer that is not signed by Qlik or displays any error should not be installed or trusted by customers.
