cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

SharePoint PnP Security Review

Paul Bullock
MVP

‎Sep 05 2017 01:56 AM

‎Sep 05 2017 01:56 AM

SharePoint PnP Security Review

Hi

 

Does anyone know if the PnP programme has undertaken any security reviews or source code checks?

 

I am working on a project that I feel the tools in the PnP program would be ideal such as the PnP PowerShell library, but i cannot use the library until the organisation I am working with approves the library on a security aspect.

 

Has anyone encountered this situation or have any recommendations for tools to perform security reviews on the code?

 

Thanks

Paul

8,243 Views
0 Likes
4 Replies
Reply
4 Replies

‎Sep 05 2017 04:03 AM

‎Sep 05 2017 04:03 AM

Re: SharePoint PnP Security Review

this is a good question for @Vesa Juvonen

1 Like
Reply
best response confirmed by VI_Migration (Silver Contributor)
Vesa Juvonen

‎Sep 05 2017 06:20 AM

‎Sep 05 2017 06:20 AM

Solution

Re: SharePoint PnP Security Review

Not aware of any official security checks around the PnP. Might have been done a one-off in the customer engagements/projects, but not from our side. PnP is using native oob APIs exposed from SharePoint, so there should not be any surprises from that perspective. In general, though PnP is open source, community driven initiative, with obvious implications from supportability perspective. 

 

Just a quote around the supportability from the monthly communications - https://dev.office.com/blogs/pnp-august-2017-release. 

 

What's supportability story around PnP material?

Following statements apply across all of the PnP samples and solutions, including samples, core component(s) and solutions, like PnP Partner Pack.

  • PnP guidance and samples are created by Microsoft & by the Community
  • PnP guidance and samples are maintained by Microsoft & community
  • PnP uses supported and recommended techniques
  • PnP implementations are reviewed and approved by Microsoft engineering
  • PnP is open source initiative by the community – people who work on the initiative for the benefit of others, have their normal day job as well
  • PnP is NOT a product and therefore it’s not supported through Premier Support or other official support channels
  • PnP is supported in similar ways as other open source projects done by Microsoft with support from the community by the community
  • There are numerous partners that utilize PnP within their solutions for customers. Support for this is provided by the Partner. When PnP material is used in deployments, we recommend being clear with your customer/deployment owner on the support model
2 Likes
Reply
Juan Carlos González Martín

‎Sep 05 2017 07:01 AM

‎Sep 05 2017 07:01 AM

Re: SharePoint PnP Security Review

I would suggest you to take a look at Rencore tools even knowing there are more intended to check if you are applying best practices when developing on top of SPO
2 Likes
Reply
Paul Bullock

‎Sep 05 2017 07:25 AM - edited ‎Sep 06 2017 05:01 AM

‎Sep 05 2017 07:25 AM - edited ‎Sep 06 2017 05:01 AM

Re: SharePoint PnP Security Review

Thanks Vesa for replying so quickly.

 

This is the answer I was looking for. I do appreciate the effort and work that has gone into the programme, what it has become over the years is very impressive. Thats why I am querying this, so I can use this library, but I have to follow a security process for due diligence. :)

 

Paul

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Vesa Juvonen

‎Sep 05 2017 06:20 AM

‎Sep 05 2017 06:20 AM

Solution

Re: SharePoint PnP Security Review

Not aware of any official security checks around the PnP. Might have been done a one-off in the customer engagements/projects, but not from our side. PnP is using native oob APIs exposed from SharePoint, so there should not be any surprises from that perspective. In general, though PnP is open source, community driven initiative, with obvious implications from supportability perspective. 

 

Just a quote around the supportability from the monthly communications - https://dev.office.com/blogs/pnp-august-2017-release. 

 

What's supportability story around PnP material?

Following statements apply across all of the PnP samples and solutions, including samples, core component(s) and solutions, like PnP Partner Pack.

  • PnP guidance and samples are created by Microsoft & by the Community
  • PnP guidance and samples are maintained by Microsoft & community
  • PnP uses supported and recommended techniques
  • PnP implementations are reviewed and approved by Microsoft engineering
  • PnP is open source initiative by the community – people who work on the initiative for the benefit of others, have their normal day job as well
  • PnP is NOT a product and therefore it’s not supported through Premier Support or other official support channels
  • PnP is supported in similar ways as other open source projects done by Microsoft with support from the community by the community
  • There are numerous partners that utilize PnP within their solutions for customers. Support for this is provided by the Partner. When PnP material is used in deployments, we recommend being clear with your customer/deployment owner on the support model

View solution in original post

2 Likes
Reply