From this link (Get started with monday code): "You must use the storage, logging, and enviornment management included in our SDK to be considered secure by our standards.
For example, if you integrate with an external database to store customer data, your app will not be considered as secure as if you used the bundled storage."
May I know if this means I cannot use Datadog for logging or Mixpanel for product analytics?
On a related note, I went through the checklist for publishing an app but do not see any requirement about the exclusive use of monday code to handle data.
May I know if the security standard is enforced at a later step that I have not reached? Or what is the story here?
You can use an external service to store or analyze your app. The difference here is that, when using external services, you will be asked to prove that those services are secure whereas when using monday code, those questions are skipped for you during the review process since it’s on the monday platform.
There is no obligation to use monday-code or its storage, logging, and environment management.
They just presume security if you use them and keep all data within the monday controlled environment.
But monday-code is still relatively new, and I’ll refrain from hyperbole, but its logging and storage leave a lot to be desired from what I’ve seen.
Logging is missing structured logs, alerting, anomaly detection. There is no metrics or tracing support at all.
Storage is just a simple key/value store. No relational storage, no multiple index support (so you can’t read the same data from different keys, such as by internal and external item IDs.)