Community App Guidelines
Last updated
Was this helpful?
Last updated
Was this helpful?
The app-level metadata must include the following:
A descriptive "name", "title", and "summary".
One or more "categories".
The app's "description" (typically represented by Readme.md) must be a markdown document that includes the following:
A description of what this app does, with some common use cases.
Clear and comprehensive information on how the app handles any user data, including whether any data, metadata, or diagnostic information is collected and/or transferred outside of DNAnexus.
Expectations on the app's performance (e.g. runtime for typical inputs under default parameters).
Each field in the app's input/output spec must include the following:
A descriptive "name", "label", and "help".
One or more "patterns", for file inputs that require a particular file format.
The app's JSON "details" hash must include the following:
A "whatsNew" key, whose value is a string that discusses what is new with each app version.
A "citations" key, whose value is an array of zero, one, or more strings of Digital Object Identifiers (such as "doi:10.1093/bioinformatics/btv098") for publications associated with the software.
A "contactEmail" key, whose value is a string with a valid email that can be contacted for any inquiries about this app.
An "upstreamProjects" key, whose value is an array of hashes, each of which describes the licenses associated with software or packages included in this app, as discussed . This is required to ensure compliance with open-source licenses.
The app's "version" must follow .
The app's run specification ("runSpec") must include the following:
A default (non-empty) "timeoutPolicy".
A value for "release" no lower than the highest two supported versions.
For new apps they should use the highest version supported, currently "24.04"
A link to an app FAQ page, if available, should be added to the app's Readme.md file.
The app must list "org-dnanexus_tools_admin" in the "developers" array. You may not remove this entry throughout the app series lifetime (regardless of publishing new app versions).
For any app versions that require network access, the Readme.md associated with each such version should include a clear, visible section outlining why network access is needed.
The app may not request "developer", "projectCreation", or "allProjects" access permissions (of any kind). At this point DNAnexus does not support third party apps with those permissions.
The app may not request "project" access permissions that are higher than "VIEW".
If the app runs any other apps, applets, workflows or global workflows, these may not be run in "detached" mode.
Apps may not include any software that has known publicly disclosed vulnerabilities. If such vulnerabilities arise after an app has been published, a new version must be published within the agreed upon timeline in the DPAA and the old marked as deprecated.
If an app has the ability to access the internet, the app's developers should add a warning about possible leakage of sensitive data, to the app's Readme.md file. This warning should inform app users that they are responsible for ensuring that when the app accesses the internet, no personal identifiable information (PII), protected health information (PHI), or other sensitive data is exposed or otherwise made accessible.
The app algorithm is a maintained/supported version of the algorithm and is within 1 year of the latest release.
Apps are updated to run on supported execution environments and cluster specs.
Priority support items are engaged within a week of opening the request.
Open comments or support items are engaged within a month of opening the request.
A link to the app developer's support page, if available, is added to the app's Readme.md file.
If the app makes any API calls to the DNAnexus platform, those need to be done using the , which point to internal API endpoints and internal job tokens. The app must not contact external DNAnexus API endpoints, and must not make API calls using tokens other than the job's token.