Links

Community App Guidelines

This is not a replacement for the Community App DPAA. This is meant to be a guide for the actual app building and support. Non-adherence to these guidelines can result in removal of an app from the DNAnexus Platform.

Guidelines

Built in a Well-Documented, User-Friendly Manner

  1. 1.
    The app-level metadata must include the following:
    1. 1.
      A descriptive "name", "title", and "summary".
    2. 2.
      One or more "categories".
  2. 2.
    The app's "description" (typically represented by Readme.md) must be a markdown document that includes the following:
    1. 1.
      A description of what this app does, with some common use cases.
    2. 2.
      Clear and comprehensive information on how the app handles any user data, including whether any data, metadata, or diagnostic information is collected and/or transferred outside of DNAnexus.
    3. 3.
      Expectations on the app's performance (e.g. runtime for typical inputs under default parameters).
  3. 3.
    Each field in the app's input/output spec must include the following:
    1. 1.
      A descriptive "name", "label", and "help".
    2. 2.
      One or more "patterns", for file inputs that require a particular file format.
  4. 4.
    The app's JSON "details" hash must include the following:
    1. 1.
      A "whatsNew" key, whose value is a string that discusses what is new with each app version.
    2. 2.
      A "citations" key, whose value is an array of zero, one, or more strings of Digital Object Identifiers (such as "doi:10.1093/bioinformatics/btv098") for publications associated with the software.
    3. 3.
      A "contactEmail" key, whose value is a string with a valid email that can be contacted for any inquiries about this app.
    4. 4.
      An "upstreamProjects" key, whose value is an array of hashes, each of which describes the licenses associated with software or packages included in this app, as discussed here. This is required to ensure compliance with open-source licenses.
  5. 5.
    The app's "version" must follow Semantic Versioning 2.0.0.
  6. 6.
    The app's run specification ("runSpec") must include the following:
    1. 1.
      A default (non-empty) "timeoutPolicy".
    2. 2.
      A value for "release" no lower than the highest two supported versions.
      1. 1.
        For new apps they should use the highest version supported, currently "20.04" (i.e. at least Ubuntu 20.04) or later.

Built with Security Best Practices in Mind

  1. 1.
    The app must list "org-dnanexus_tools_admin" in the "developers" array. You may not remove this entry throughout the app series lifetime (regardless of publishing new app versions).
  2. 2.
    For any app versions that require network access, the Readme.md associated with each such version should include a clear, visible section outlining why network access is needed.
  3. 3.
    The app may not request "developer", "projectCreation", or "allProjects" access permissions (of any kind). At this point DNAnexus does not support third party apps with those permissions.
  4. 4.
    The app may not request "project" access permissions that are higher than "VIEW".
  5. 5.
    If the app makes any API calls to the DNAnexus platform, those need to be done using the settings provided by the app execution environment, which point to internal API endpoints and internal job tokens. The app must not contact external DNAnexus API endpoints, and must not make API calls using tokens other than the job's token.
  6. 6.
    If the app runs any other apps, applets, workflows or global workflows, these may not be run in "detached" mode.
  7. 7.
    Apps may not include any software that has known publicly disclosed vulnerabilities. If such vulnerabilities arise after an app has been published, a new version must be published within the agreed upon timeline in the DPAA and the old marked as deprecated.

Maintained and Kept Up to Date

  1. 1.
    The app algorithm is a maintained/supported version of the algorithm and is within 1 year of the latest release.
  2. 2.
    Apps are updated to run on supported execution environments and cluster specs.

Users are Supported in a Timely and Active Manner

  1. 1.
    Priority support items are engaged within a week of opening the request.
  2. 2.
    Open comments or support items are engaged within a month of opening the request.