Hi @OleksandrKravchenko, thank you for your response. However, this was not what I asked.
Atlassian has had a lengthy discussion with vendors about exactly this topic (see Upcoming changes to Data Center App Approval) and as a result of that discussion, after hearing arguments from the Marketplace Partner community, Atlassian changed course and decided that it would suffice to provide a vulnerability report from any scanner the Marketplace Partner deemed fit. This way, Atlassian would not dictate which scanner to use, and each vendor could implement a proactive approach to vulnerability scanning.
It seems now with your announcement that Atlassian has changed course, 1.5 years after the initial announcement, without any discussions or consultations and is applying the policy change with a 1 month notice.
So my question is: why did Atlassian change course? Considering all the feedback provided in the initial thread (which are repeated once again in this thread) from Marketplace Partners. Did you weight that feedback and did you come to a different conclusion? If so, why? Or did you discard that feedback and should we have the same discussion all over again? And if so, can you please postpone your policy change until we’ve actually had that discussion?
It seems silly to me that we are having the same talk without having any clue as to why Atlassian is changing course.
CC: @tpettersen
PS: @OleksandrKravchenko if you are not the person responsible for making this decision and are merely executing on the decided policy change, please tag the person with whom we should have this conversation instead.