The security posture and compliance profile of Atlassian cloud apps is a shared responsibility between you (the app developer) and Atlassian. As an app developer, understanding your role in these responsibilities is essential to ensure the secure use of the Atlassian platform and APIs.
The exact division of responsibilities differs, depending on the platform your app is built upon either Forge, Connect, or OAuth 2.0 (3LO) integration. These responsibilities include requirements relating to security controls, logging, monitoring, and other elements of app security that help to ensure the protection of our shared users.
Firstly, make sure you have read and are adhering to the Developer terms and Marketplace partner agreement. Then verify that each of your apps meets the guidelines in the shared responsibility model. By doing so, you'll adopt best practices and protect your app from common vulnerabilities.
If you need help or have any questions about the model, the Atlassian Ecosystem team is here to help you be successful. Create a post on community.developer.atlassian.com, and you'll find both Atlassian team members and the friendly developer community available to provide guidance.
This table highlights the division of responsibilities between Connect, Forge, and OAuth 2.0 (3LO) apps.
| Responsibility | Atlassian Connect | Forge | OAuth 2.0 (3LO) |
|---|---|---|---|
| App elements | You | You and Atlassian | You |
| Operational elements | You and Atlassian | You and Atlassian | You |
| Security features | You | Atlassian | You |
App elements describes all the technical aspects of an app, such as:
Aspects around running and operating the app, such as:
Security features for apps limited to:
For more detail, see the appropriate SRM page for your app:
Rate this page: