Last updated Dec 10, 2024

Leading up to the launch of the Runs on Atlassian program, the Forge CLI experience of the program is now in preview.

The app you're building may be eligible for Runs on Atlassian. To know more about the program, go to the Marketplace documentation. To check if your app is eligible for Runs on Atlassian, go to the Forge CLI documentation.

Introduction to Runs on Atlassian

The Runs on Atlassian program helps customers easily identify Forge apps that have no data egress and have data residency-enabled storage. The program applies the Runs on Atlassian badge on eligible apps, which helps communicate capabilities that can benefit enterprise customers that may have strict data privacy requirements.

In general, Runs on Atlassian addresses the following requirements from customers:

No data egress by default and give customers controls to manage the risk of egress through logs
Support data residency that matches data residency provided by the host product
Provide a programmatic way for Atlassian to verify the above requirements

Eligibilty requirements

Eligibility for the Runs on Atlassian badge will be automatically detected and applied on apps that meet the qualifications. Partners do not need to apply or opt in to receive the badge.

To determine whether your Forge apps meet the requirements for Runs on Atlassian, start by checking your manifest file for egress permissions. You can also use the Forge CLI to check the eligibility of an app.

Eligible apps do not list any of the following in the manifest:

External resource domains (Custom UI external permissions, fetch.backend, fetch.frontend, etc.)
Remotes
Connect modules

Eligible apps must also do either of the following:

use data residency-enabled Forge storage,
or store data in-product using product entity properties.

As new Forge storage capabilities are introduced, in EAP or Preview stages, these features may not support data residency until they reach general availability.

The Cloud Fortified and Cloud Security Participant badges remain important signals on the investments partners have made in ensuring their apps adhere to advanced trust practices. As long as eligible, an app can have one or more, or even all three badges.

Sample manifest structure

The following are examples of how the manifest file may look, depending on the eligibility of an app for Runs on Atlassian.

Runs on Atlassian

Example

1
2
permissions:
  scopes:
    - read:content-details:confluence
    - read:content.property:confluence
    - write:content.property:confluence

Not Runs on Atlassian

Example

1
2
permissions:
  external:
    fetch:
      backend:
        - '*.example-dev.com'
  fonts:
    - 'https://www.example-dev.com/fonts.css'
  scripts:
    - 'https://www.example-dev.com/script.js'

Example

1
2
remotes:
  - key: remote-backend
    baseUrl: "https://backend.example.com"
    operations:
      - compute
      - fetch
      - other

Eligibility check of apps

You can check the eligibility for Runs on Atlassian for any app at any time. During app deployment, the Forge CLI automatically for checks eligibility as well. You can also check the eligibility for a previous major version of an app.

To know more about checking app eligibility for Runs on Atlassian, go to the Forge CLI documentation.

Eligibility check at any time

Navigate to the app's top-level directory and check its eligibility by running:

1
2
forge eligibility

If your app is eligible, you should see output similar to:

1
2
App [2.14.0] in [development] is eligible for Runs on Atlassian.

If your app is not eligible, you should see output similar to:

1
2
App [2.16.0] in [development] is not eligible for Runs on Atlassian.
- App is using remote services
- App has Connect modules

You will see all possible reasons for ineligibility, which helps narrow down the necessary changes to the app.

Eligibility check at app deployment

When deploying your app to any environment, the Forge CLI automatically detects any changes that may impact the app's eligibility for Runs on Atlassian.

If your app is eligible, you should see output similar to:

1
2
App [2.14.0] in [development] is eligible for Runs on Atlassian.

If your app is not eligible, you should see output similar to:

1
2
App [2.16.0] in [development] is not eligible for Runs on Atlassian. Run forge eligibility to know more.

By running forge eligibility, you should see output similar to:

1
2
App [2.16.0] in [development] is not eligible for Runs on Atlassian.
- App is using remote services
- App has Connect modules

You will see all possible reasons for ineligibility, which helps narrow down the necessary changes to the app.

Eligibility check for previous major versions

You can check the eligibility for a previous major version of an app at any time. This helps narrow down at which major version the app has lost its eligibility for Runs on Atlassian.

Navigate to the app's top-level directory and check the eligibility of a major version by running:

1
2
forge eligibility --major-version [version]

If the app was eligible for Runs on Atlassian at the specified major version, you should see output similar to:

1
2
App [1.18.0] in [development] is eligible for Runs on Atlassian.

Removal of egress

Consider doing the following as necessary:

1. Remove *.atlassian.net for loading media links

In Custom UI apps, loading media links, such as uploaded files, images, and other media hosted on the product domain (for example, https://hello.atlassian.com/path-to-user-avatar.png) is a common cause of egress. This has been necessary because the product domain is different from the domain where Custom UI is hosted. This has required developers to declare *.atlassian.net in the app’s permissions.

We’ve since shipped a change to our content delivery network (CDN), so all Custom UI apps now allow-list the host product by default. This means you no longer need to declare egress to load media links hosted on the product domain. Atlassian-hosted avatars now load by default as well, so you no longer need to include *.wp.com egress permission from Custom UI apps.

2. Remove api.media.atlassian.com for Atlassian product API redirects

Similarly, we’ve shipped a change that lets Atlassian product API redirects be treated as internal traffic by the Forge Node.js runtime. You can now remove these backend egress declarations from your app’s manifest. Note, you may still need to include such declarations in other egress sections for Custom UI apps, like for media, images, and others.

Public roadmap and changelog

We’ve recently updated the Forge public roadmap, making it easier to track in progress and upcoming improvements to Forge. If you haven’t already, we recommend bookmarking the roadmap and changelog so you can stay across new Forge features that let you build your app more natively.

Timeline: Partner and customer launches

Partners	Customers
TODAY API and CLI to help partners test whether apps qualify for Runs on Atlassian and identify a path towards earning the badge. FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace.	FUTURE Field training to help sales teams and Solution Partners communicate Runs on Atlassian to customers. FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace.

Partners

Customers

TODAY API and CLI to help partners test whether apps qualify for Runs on Atlassian and identify a path towards earning the badge.

FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace.

FUTURE Field training to help sales teams and Solution Partners communicate Runs on Atlassian to customers.

FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace.