Community App Guidelines

This guide is not a replacement for the Community App DPAA. This is meant to be a guide to the building and supporting an app that can be run on the DNAnexus Platform. Non-adherence to these guidelines can result in an app being removed from the Platform.


Built in a Well-Documented, User-Friendly Manner

  1. The app-level metadata must include the following:

    1. A descriptive "name", "title", and "summary".

    2. One or more "categories".

  2. The app's "description" (typically represented by must be a markdown document that includes the following:

    1. A description of what this app does, with some common use cases.

    2. Clear and comprehensive information on how the app handles any user data, including whether any data, metadata, or diagnostic information is collected and/or transferred outside of DNAnexus.

    3. Expectations on the app's performance (e.g. runtime for typical inputs under default parameters).

  3. Each field in the app's input/output spec must include the following:

    1. A descriptive "name", "label", and "help".

    2. One or more "patterns", for file inputs that require a particular file format.

  4. The app's JSON "details" hash must include the following:

    1. A "whatsNew" key, whose value is a string that discusses what is new with each app version.

    2. A "citations" key, whose value is an array of zero, one, or more strings of Digital Object Identifiers (such as "doi:10.1093/bioinformatics/btv098") for publications associated with the software.

    3. A "contactEmail" key, whose value is a string with a valid email that can be contacted for any inquiries about this app.

    4. An "upstreamProjects" key, whose value is an array of hashes, each of which describes the licenses associated with software or packages included in this app, as discussed here. This is required to ensure compliance with open-source licenses.

  5. The app's "version" must follow Semantic Versioning 2.0.0.

  6. The app's run specification ("runSpec") must include the following:

    1. A default (non-empty) "timeoutPolicy".

    2. A value for "release" no lower than the highest two supported versions.

      1. For new apps they should use the highest version supported, currently "20.04" (i.e. at least Ubuntu 20.04) or later.

  7. A link to an app FAQ page, if available, should be added to the app's file.

Built with Security Best Practices in Mind

  1. The app must list "org-dnanexus_tools_admin" in the "developers" array. You may not remove this entry throughout the app series lifetime (regardless of publishing new app versions).

  2. For any app versions that require network access, the associated with each such version should include a clear, visible section outlining why network access is needed.

  3. The app may not request "developer", "projectCreation", or "allProjects" access permissions (of any kind). At this point DNAnexus does not support third party apps with those permissions.

  4. The app may not request "project" access permissions that are higher than "VIEW".

  5. If the app makes any API calls to the DNAnexus platform, those need to be done using the settings provided by the app execution environment, which point to internal API endpoints and internal job tokens. The app must not contact external DNAnexus API endpoints, and must not make API calls using tokens other than the job's token.

  6. If the app runs any other apps, applets, workflows or global workflows, these may not be run in "detached" mode.

  7. Apps may not include any software that has known publicly disclosed vulnerabilities. If such vulnerabilities arise after an app has been published, a new version must be published within the agreed upon timeline in the DPAA and the old marked as deprecated.

  8. If an app has the ability to access the internet, the app's developers should add a warning about possible leakage of sensitive data, to the app's file. This warning should inform app users that they are responsible for ensuring that when the app accesses the internet, no personal identifiable information (PII), protected health information (PHI), or other sensitive data is exposed or otherwise made accessible.

Maintained and Kept Up to Date

  1. The app algorithm is a maintained/supported version of the algorithm and is within 1 year of the latest release.

  2. Apps are updated to run on supported execution environments and cluster specs.

Users are Supported in a Timely and Active Manner

Note that DNAnexus Support will provide support related to issues with launching an app. But DNAnexus cannot provide support related to bugs in a third-party app, or explain how a third-party can or should be used. Support inquiries on these and related matters will be passed to the vendor of the app in question.

  1. Priority support items are engaged within a week of opening the request.

  2. Open comments or support items are engaged within a month of opening the request.

  3. A link to the app developer's support page, if available, is added to the app's file.

Last updated