Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

Not applicable

Qlik Branch Extension Security/Verification

Does Qlik verify the contributions or projects on Qlik Branch? If not, is there a way for Qlik users to certify that particular extensions are safe or do not have glaring vulnerabilities? Some of our clients are concerned about allowing unverified third-party Javascript packages to run on their servers.

Thanks in advance.

Cheers,

Andrew

Tags (1)
3 Replies
Not applicable

Re: Qlik Branch Extension Security/Verification

Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.

MVP
MVP

Re: Qlik Branch Extension Security/Verification

Maybe also have a look at Alexander's comment here:

Can extensions carry security risk? | Qlik Community

Employee
Employee

Re: Qlik Branch Extension Security/Verification

Hey Andrew,

As other poster stated I would recommend _everyone_ to verify the source code on their own.

You wouldn't copy / paste a load script from a page on the internet into your app and the same rule of thumb should go for Extensions.

Now with that said, since extensions are just normal objects the usual section access and security rules apply so a extension can't access anything apart from what the user is allowed to see. We also do checks for click-jacking and obvious malicious code for the projects posted on Branch.

Community Browser