These OpenPlace Standards, including recommended best practices, are to ensure that developer is developing OpenPlace Solutions that meet OneStream solution development requirements.
SOLUTION DEVELOPMENT & MANAGEMENT STANDARDS
All developers are encouraged to utilize an industry-standard PMI-approved software development methodology (e.g., Agile, Waterfall, Scrum, and Kanban) to manage the development of their solution development for any solutions to be submitted into OpenPlace.
All developers shall perform commercially reasonable unit testing, performance testing, and quality assurance testing on all solutions that are submitted to OpenPlace.
All developers shall perform Security testing and provide testing logs to OneStream upon request.
All developers are encouraged to test for any functional issues or bugs.
All OpenPlace Solutions that, in OneStream’s sole opinion, cause performance or functional issues with OneStream Offering(s) may, in OneStream’s sole discretion, be immediately suspended and removed from OpenPlace without prior notification. Such OpenPlace Solutions will not be reinstated until the developer has resolved the issue within such OpenPlace Solution and has resubmitted it for approval by OneStream.
SOLUTION CODING STANDARDS
All OpenPlace Solutions shall follow fundamental programming principles specified in Appendix A (“ Fundamental Programming Best Practices ”).
All OpenPlace Solutions shall follow fundamental data architecture and database design standards specified in Appendix B (“ Fundamental Data Architecture & Database Design Best Practices ”).
Except as otherwise agreed upon OneStream, all OpenPlace Solutions shall only use the OneStream Business Rule API (BRApi). All published and non-published public functions may change with future OneStream platform releases upon the discretion of OneStream without prior notification. In the event Partner wishes to submit a request to have a non-published function exposed in the BRApi namespace, Partner shall submit the request in accordance with process specified in Appendix I (“Requesting Exceptions for OpenPlace Solutions”).
OpenPlace Solutions are permitted to directly query OneStream core tables or core solutions (e.g., TXM, OFC, ACM, SML, etc.); however, Partner Solutions are prohibited from updating, modifying, editing, or writing to such core tables or core solutions.
Except as otherwise agreed upon by OneStream, OpenPlace Solutions shall not have literal SQL strings sent into solution assets. All SQL queries must be parameterized to prevent opening vulnerabilities to malicious attacks, including SQL injection attacks.
OpenPlace solutions shall have all parameters set to validated pre- and post-run to ensure security and data validity.
OpenPlace Solutions with long-running synchronous jobs will be subject to suspension.
OpenPlace Solutions with egregious use of error logging will be subject to suspension.
OpenPlace Solutions are required to have commented code.
OpenPlace Solutions are required to have commercially reasonable error-handling checks and user messages.
OpenPlace Solutions are required to have a solution installer or install procedure.
OpenPlace Solutions are required to have a solution uninstaller that uninstalls all artifacts and data created by every Partner Solution. Partner can optionally, in addition, provide a partial uninstall routine.
SOLUTION DOCUMENT REQUIREMENTS.
OpenPlace Solutions must provide a OpenPlace Solution and name and Developer name.
OpenPlace Solutions must have the formatting as specified in Appendix C (“Solution Overview Template”).
OpenPlace shall provide OneStream the items required for the PartnerPlace listing as specified in the Appendix H (“OpenPlace Listing Artifacts Guide”).
SCANS AND REVIEW REQUIREMENTS
All OpenPlace solutions will be scanned by OneStream using Marketplace Solution Tools (“MST”) and/ or other third-party code-checking tools. MST is available on the Solution Exchange, within Marketplace, and it is recommended that developers utilize this tool during development and prior to solution submission. MST’s current functionality will scan for the following warnings and critical items:
Unsafe SQL Queries
Parameters of Command Type with unused SQL queries
Unsupported solution file type
Unsupported file type
Solution initialization failure
Missing Using () statement on database connection
Missing return type on function
References to direct assemblies (.dll)
External database connections
References to external processes
Security violations regarding certain users and group modifications
At the sole discretion of OneStream, OpenPlace Solution submissions may be subject to a manual code review process prior to obtaining approval from OneStream. If the submission has been encrypted, the submission will need to be resent in an unencrypted format.
At the sole discretion of OneStream, OpenPlace Solution submissions are subject to a manual security review and scan by OneStream in an unencrypted format. If the submission has been encrypted by any means, it must be re-submitted in an unencrypted format. All OpenPlace Solutions will undergo security tests, including, but not limited to the following:
Access control: Rights granted to each user do not expose other pieces of information that may be sensitive or private
Access control: Ways to escalate privilege within the solution or to use the solution to elevate OneStream privileges
Injection flaws: Manipulation of the communication to inject through SQL, OS commands, malicious code, and any other method.
OpenPlace Solutions must pass all installation tests, including but not limited to: (I) loading and uncompressing all OpenPlace Solution files; (ii) verification of all created tables, dashboards, and business rules present based on the OpenPlace Solution’s install guide; (iii) data structure and scheme match the OpenPlace Solution’s install guide; (iv) all OpenPlace Solution business rules compile successfully; and (v) the OpenPlace Solution loads successfully.
OpenPlace Solutions must pass all uninstall tests: (I) within the solution “settings” options for “uninstall;” and (ii) within the uninstall dashboard have a selection to: (1) uninstall fully (required), and (2) uninstall UI (optional as needed for the solution).
OpenPlace Solutions are required to pass all uninstall full tests, including but not limited to: (I) execute uninstall full option; (ii) verify all solution dashboards, so that all UI elements, and business rules are no longer present; and (iii) verify all solution tables and data are no longer present.
NAMING CONVENTION STANDARDS
OpenPlace Solutions are required follow the OneStream Solution naming convention standards as specified in Appendix G (“Naming Convention Standards).
OPERATIONAL SOLUTION SUPPORT REQUIREMENTS
OpenPlace Solutions are developer Community supported. Developers are encouraged but not required to support any OpenPlace solutions they release on OpenPlace.
PUBLISHING CUSTOM DLL REQUEST
OpenPlace Solutions must only use native core OneStream platform DLLs.