Certified Power BI visuals are Power BI visuals in AppSource that meet the Microsoft Power BI team code requirements. These visuals are tested to verify that they don't access external services or resources, and that they follow secure coding patterns and guidelines.
Certified Power BI visuals offer more features than non-certified visuals. For example, you can export to PowerPoint, or display the visual in received emails when a user subscribes to report pages.
What tests are done during the certification process?
The certification process tests include but aren't limited to:
- Code reviews
- Static code analysis
- Data leakage
- Data fuzzing
- Penetration testing
- Access XSS testing
- Malicious data injection
- Input validation
- Functional testing
Are certified Power BI visuals checked again with every new submission (upgrade)?
Yes. Every time a new version of certified visual is submitted to the Marketplace, the visual's version update goes under the same certification checks.
The version update certification is automatic. If the update is rejected because of a violation, an email is sent to the developer explaining what needs to be fixed.
Can a certified Power BI visual lose its certification after a new update?
No. A certified visual can't lose its certification with a new update. Instead, the update would be rejected.
https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-faq
Certification requirements
To get your Power BI visual certified, it must meet the requirements listed in this section.
General requirements
Power BI visual has to be approved by Partner Center. Before requesting certification, it is recommended that you publish your Power BI visual in AppSource.
Before submitting Power BI visual for certification,we verify that:
- The visual complies with the guidelines for Power BI visuals
- The visual passes all the required tests
- The compiled package exactly matches the submitted package
Code repository requirements
Although you don't have to publicly share your code in GitHub, the code repository has to be available for a review by the Power BI team. The best way to do this is by providing the source code (JavaScript or TypeScript) in GitHub.
The repository must contain:
- Code for only one Power BI visual. It can't contain code for multiple Power BI visuals, or unrelated code.
- A branch named certification (lowercase required). The source code in this branch has to match the submitted package. This code can only be updated during the next submission process, if you're resubmitting your Power BI visual.
If your Power BI visual uses private npm packages, or git submodules, you must provide access to the additional repositories containing this code.
To understand how a Power BI visual repository looks, review the GitHub repository for the Power BI visuals sample bar chart.
File requirements
Use the latest version of the API to write the Power BI visual.
The repository must include the following files:
- .gitignore - Add node_modules, .tmp and, dist to this file. The code
cannot include the node_modules, .tmp, or dist folders. - capabilities.json - If you are submitting a newer version of an existing
Power BI visual with changes to the properties in this file, verify that they
do not break reports for existing users. - pbiviz.json
- package.json. The visual must have the following package installed:
- "tslint" - Version 5.18.0 or higher
- "typescript" - Version 3.0.0 or higher
- "tslint-microsoftcontrib" - Version 6.2.0 or higher
- The file must contain a command for running linter - "lint": "tslint -c tslint.json -p tsconfig.json"
- package-lock.json
- tsconfig.json
Command requirements
Make sure that the following commands don't return any errors.
- npm install
- pbiviz package
- npm audit - Must not return any warnings with high or moderate level.
- TSlint from Microsoft with the required configuration. This command must not return any lint errors.
Compiling requirements
Use the latest version of powerbi-visuals-tools to write the Power BI visual.
Compile your Power BI visual with pbiviz package. If you're using your own build scripts, provide a npm run package custom build command.
Source code requirements
Make sure you follow the Power BI visuals additional certification policy list. If your submission doesn't follow these guidelines, you'll get a rejection email from Partner Center with the policy numbers listed in this link.
Follow the code requirements listed below to make sure that your code is in line with the Power BI certification policies.
Required:
- Only use public reviewable OSS components such as public JavaScript or TypeScript libraries.
- The code must support the Rendering Events API.
- Ensure DOM is manipulated safely. Use sanitization for user input or user data, before adding it to DOM.
- Use the sample report as a test dataset.
Not allowed:
- Accessing external services or resources. For example, no HTTP/S or WebSocket requests can go out of Power BI to any services.
- Using innerHTML, or D3.html(user data or user input).
- JavaScript errors or exceptions in the browser console, for any input data.
- Arbitrary or dynamic code such as eval(), unsafe use of settimeout(), requestAnimationFrame(), setinterval(user input function), and user input or user data.
- Minified JavaScript files or projects.
Power BI visuals additional certification
The policies listed in this section apply only to Power BI visuals offers.
Certification requirements
Code repository
Your visual source code must conform to the visual code repository requirements. The code repository for your visual should be available and correctly formatted.
Code quality
Your source code should be readable, maintainable, expose no functionality errors, and correspond to the provided visual's package.
Code security
Your source code should comply with all security and privacy policies. Source code must be safe and not pass or transmit customer data externally.
Code functionality
Running visual development related commands on top of your visual source code should not return any errors.
Visual consumption should not expose any errors or failures and must ensure the functionality of any previous version is preserved.
Update without advanced certification
Power BI Visual additional certification does not apply automatically to updated visuals. All updates to certified Power BI Visuals must also be certified as part of the submission process.
Duplicate offers
Visuals that rely on access to external services or resources are not eligible to be certified Power BI visuals. You may submit duplicate versions of visuals to the Marketplace: a non-certified version that uses external services or resources, and a certified version that does not use external services or resources. The offer that accesses external services or resources must clearly state so in the description.
https://docs.microsoft.com/en-us/legal/marketplace/certification-policies#1180-power-bi-visuals