Leading up to the launch of the Runs on Atlassian program, the Forge CLI experience of the program is now in preview.
The app you're building may be eligible for Runs on Atlassian. To know more about the program, go to the Marketplace documentation. To check if your app is eligible for Runs on Atlassian, go to the Forge CLI documentation.
To help partners more easily meet customer data residency needs, we have enabled data residency support for apps that choose to exclusively use Forge hosted storage. These apps will be able support data residency for in-scope data with less separate investment (compared to supporting data residency for external databases).
Forge will take care of the hosting, pinning, and migration of hosted data between supported locations, so partners can focus on building a high quality app for their customers.
This solution is designed to work harmoniously with product data residency and consequently is based on similar concepts and terminology.
For more information about how the Atlassian cloud addresses the data residency needs of organizations, see Manage data residency
Jira and Confluence users on the Atlassian cloud can move their data to any supported location. When this occurs, the Atlassian cloud infrastructure will migrate the customer’s product data to that location.
In line with this, we have enabled data residency support for apps that choose to use Forge hosted storage. Since Forge uses a similar cloud infrastructure for its hosted storage, partners that choose to store their app’s data on Forge hosted storage will enable Forge to move that data to an admin’s chosen location.
This means that the data from both product and all Forge apps using hosted storage will be hosted in the admin’s chosen location. As a result:
Apps that are eligible will be shown with a PINNED
status to the admin.
Forge will aim to execute its invocations from the same location as the host product. See Multi-region compute for more details.
A Forge app is eligible for PINNED
status if it stores
all its in-scope End-User Data exclusively on Forge's hosted storage.
Forge apps that store in-scope End-User Data on a remote back end are ineligible for PINNED
status. By default, Forge will assume that an app is storing such data remotely if it includes
the following in its manifest file:
If your app uses an external or remote backend but doesn’t use it to store in-scope End-User Data, your app is eligible for PINNED
status. However, you'll need to configure this accordingly in the manifest file. For information on how to do this,
see Remotes.
In addition, when an admin initiates moving their Jira or Confluence instance to a location,
they’ll see which apps can move at the same time. These will include Forge apps that are eligible
for PINNED
status can move at the same time as the product:
Forge developers will be responsible for defining, documenting, and communicating with their customers what data is in-scope and out-of-scope for data residency for their Forge app (see Atlassian’s in-scope data as an example). Admins use this list of information to understand an app’s suitability and compliance with relevant data residency regulations.
You’ll need to publish what data your app considers in-scope and out-of-scope for data residency in your own documentation.
You can leverage the Atlassian Marketplace of your app to advertise the app’s support for data residency (specifically, its eligibility for PINNED
status).
You can do this through your app’s Atlassian Marketplace listing. Specifically, when providing your app’s Privacy and Security information, respond accordingly to the following questions:
Questions | Correct option |
---|---|
Does your app support data residency options? If yes, please list the locations where in-scope End-User data is stored. | Yes. App stores End-User Data exclusively within Atlassian products and services which support data residency options, as outlined here (including storing all in-scope End-User Data exclusively within Atlassian Forge platform). |
Does your app support migration of in-scope End User Data between your data residency supported locations? | Yes. |
Upon updating this information, it will be available on your app’s Privacy and Security tab. For more information, see Privacy and Security tab in your Marketplace listing.
When an admin moves their Jira or Confluence data to a location, that product’s Product status
will then appear as PINNED
in the admin’s Data residency interface:
The PINNED
product status lets admins verify that their product’s in-scope product data is
hosted on the chosen location. You can learn more about how admins pin their product data in
Move product data to another location.
In-scope product data refers to all data stored by an Atlassian product that can be pinned. See Understand data residency for more information.
After an admin verifies that their product data is pinned to a location, they also need to verify
that all in-scope end-user data for an app is also pinned. Apps pinned to the same location as the product will be
displayed as PINNED
in the admin's Data residency interface:
The PINNED
app status provides admins with the verification that an app’s data is hosted in the
same location as the product.
When an admin installs an eligible Forge app on a product that is already PINNED
, the app will
automatically be displayed as PINNED
as well.
Admins can pin their product data and hosted Forge app data to a number of supported locations, namely:
Data residency for Forge hosted storage will automatically include any new location that the Atlassian cloud infrastructure supports.
Forge will aim to execute its invocations from the same location as the host product. This helps Forge optimize for an app’s reliability and performance (as well as facilitate security and fraud prevention).
To support some Atlassian cloud capabilities and maintain overall reliability, Forge may sometimes execute an app’s invocation from a location other than the location where the host product is.
Tracking, logging, and auditing is an integral part of supporting data residency. The Developer Console provides audit log features that will allow you to do this; these features provide records for related events (such as when an admin pins their product and app to a location).
Rate this page: