How safe are community contributed steps?

Have all community contributed steps been checked against trojans and other dangers? If not, what should I look out for?
(At the moment I’m looking at using the step “Slack - Detailed Notification | By bobjwalker”)

Hi @cecilia

Welcome to the forum!

Thanks for your question.

It’s definitely a good idea to always be cautious when using any third-party code, be it a community step template or otherwise.

The Slack notification step was last updated by Bob Walker (bobjwalker) - He’s the VP of the Customer Solutions team (and my colleague), so that particular one should be absolutely fine to use but it’s always worth reviewing that, and any other step so that you’re comfortable with the step being included in your Octopus instance.

As you may be aware the Community step templates are publicly available step templates that have been contributed by the Octopus Community. That includes Octopus users, along with Octopus Staff.

Whilst we don’t specifically scan for viruses of trojans in a step, in order for a script to be published in the library, it goes through a review process by a member of the Octopus Customer Solutions team. This is to ensure that the step is of sufficient quality, and also conforms to our standards for contributing.

Octopus also supports the library in case of issues with templates where the author no longer wishes to maintain the template. You can find out more about how to raise an issue with them here.

Octopus Community step templates integration is enabled by default, but it can be disabled. Ultimately it’s for you and your organization to decide whether or not to use the library steps. It’s also possible to examine the source code that will be executed in our community library before you choose to add a Step.

I hope that helps provide reassurance, but if you have any questions, please let me know!

Best regards,

Thanks. I’ll try it. :slight_smile:

You’re welcome!

If you have any questions, just let us know :slight_smile: