AppMarket Submission Policies for Plug-Ins
Developers can extend the Appian platform using plug-ins that can add new functionality to your Appian applications. Plug-ins that are being developed need to adhere to the policies outlined below in order to be deployed to an Appian cloud environment and optionally be shared on the Appian AppMarket and downloadable via the Admin Console.
The Appian AppMarket contains a diverse range of business applications and technical applications or extensions that have been built for the Appian platform. Members of the Appian community can contribute to the AppMarket and download free listings or request more information on paid listings.
- Plug-ins must not contain any known vulnerabilities, malware or viruses.
- Plug-ins must not contain default passwords, auth keys, key pairs or other credentials for any reason.
- Plug-ins must not include software that collects and exports customer data without the customer's knowledge and express consent.
- Plug-ins must not include any proprietary third party libraries that require a license to be distributed or deployed in production.
- Plug-ins must include the source code.
- Appian reserves the right to retain the plug-ins' source code.
- Appian reserves the right to review and edit the description, documentation, or any other attribute provided along with plug-ins.
- Appian reserves the right to reject plug-ins that do not comply with the policies described here or for any other reason considered appropriate by the company.
- Only plug-ins compatible with supported versions of Appian are available through the Appian AppMarket.
- Plug-ins for which version compatibility isn't clearly documented, will be removed from the Appian AppMarket.
- The content is free to use with a licensed product, but it is made available as-is.
- Customers are responsible for validating and testing plug-ins before deployment in production.
- Customers are responsible for validating plug-in functionality in their applications before upgrading to new versions of Appian Software.
- All plug-ins are use-at-your-own-risk, and their functionality is not guaranteed by Appian. All plug-ins should be tested thoroughly.
Cloud Deployment Guidelines
- Only plug-ins that meet the following guidelines will be eligible for deployment in Appian Cloud sites. The list is not all-inclusive, but instead it outlines the minimum requirements for a component to be considered Cloud approved:
- Source code is available for review.
- Must meet all policies described in the Policies section.
- The Administrator service context must not be used.
- The code must not access the file system.
- External libraries must not require commercial licenses for distribution or production deployment.
- Class files must not be named
com.appian.*. Plug-ins built by Appian are permitted to use subpackages of
- Plug-ins must not directly use a specific set user or users other than the user provided via the initial constructor.
- Servlets are permitted (pending review), filters are not.
- Cloud customers need to submit all plug-ins, intended for public use on the AppMarket or private use, to receive approval before deployment.
- Currently, AppMarket plug-ins can be deployed using the Admin Console, and private plug-ins can be deployed by opening a support case.
- Starting in 24.1, AppMarket and private plug-ins can be deployed to a Cloud environment via the Admin Console.