Archive
Highlighted

Obfuscating python code while giving it for certification

Explorer

Hi All,

I have created an add-on and would like to certify it , I have written python code and kept it inside the bin directory. I read in the document that the Splunk team looks into the source code to check any security vulnerabilities. Is it possible to certify the add-on by just packaging obfuscated .pyc file and not the source cod ?. just wanted to know in details.

Thanks,
Sudarshan

0 Karma
Highlighted

Re: Obfuscating python code while giving it for certification

SplunkTrust
SplunkTrust

The certification program is now over and replaced by the app inspect badge.

While there is a CLI and REST version of the AppInspect system at the time for writing (15th September 2018) the REST API is a newer version and will provide a valid value as to whether your add-on will receive the App Inspect badge or not.

More details on the App Inspect API including Postman examples here

I found the PostMan version very easy to use.

Although that said, I'm unsure how many Splunk users would be comfortable with installing a binary with the pyc file and not the source code...

0 Karma