Shared responsibility model

Building a Forge app brings with it new capabilities and responsibilities beyond those set out in the Cloud shared responsibility model.

We are developing a new native Node.js runtime to replace Forge's current runtime environment. This new runtime introduces several changes to the way security and egress controls work. Sandboxing and snapshots (including any related settings and restrictions) are no longer relevant in the new runtime as well. These changes may result in additional developer responsibilities to help uphold Forge's security.

This native Node.js runtime is available now as part of Forge's Early Access Program (EAP). For information about testing this new runtime, see Native Node.js runtime (EAP).

Forge’s EAP offers experimental features to selected users for testing and feedback purposes. These features are not supported or recommended for use in production environments. They are also subject to change without notice.

For more information, see Forge EAP, Preview, and GA.

For example, Forge apps can choose to implement one or more of the following capabilities, which change the division of security responsibilities between you and Atlassian.

Custom UI, which lets you define app user interfaces using static resources, such as HTML, CSS, JavaScript, and images.
UI kit, which lets you build intuitive and familiar app user interfaces by composing built-in Atlassian components.
Web triggers, which is a mechanism to invoke Forge applications through incoming HTTP calls.

This page is intended to help you understand your responsibilities when building and supporting a Forge app, and what responsibilities Atlassian takes care of. Also make sure you have read and are adhering to the Developer terms and Marketplace partner agreement.

Responsibility	Custom UI	UI kit	Web triggers
App elements
Authentication of requests to the app	Atlassian	Atlassian	You
Authorization of requests to the app	Atlassian & You	Atlassian & You	You
Input validation and output encoding	You	Atlassian & You	You
Application logic	You	You	You
Application framework	Atlassian & You	Atlassian	Atlassian
Data storage	Atlassian & You	Atlassian & You	Atlassian & You
Software development lifecycle (SDLC) activities	Atlassian & You	Atlassian & You	Atlassian & You
Tenant safety	Atlassian	Atlassian	Atlassian
Operational elements
Logging	Atlassian & You	Atlassian & You	Atlassian & You
Monitoring and alerting	Atlassian	Atlassian	Atlassian
Network security	Atlassian	Atlassian	Atlassian
Runtime/Server security	Atlassian	Atlassian	Atlassian
Vulnerability management and disclosure	Atlassian & You	Atlassian & You	Atlassian & You
Bug bounty	Atlassian & You	Atlassian & You	Atlassian & You
Security incident response	Atlassian & You	Atlassian & You	Atlassian & You
Disaster recovery	Atlassian & You	Atlassian & You	Atlassian & You
Security features
User identity and access management	Atlassian	Atlassian	Atlassian
DoS protection	Atlassian	Atlassian	Atlassian
Abuse prevention	Atlassian & You	Atlassian & You	Atlassian & You

App elements

Authentication of requests to the app

Ensure that every request made to the application is sufficiently authenticated.

Your responsibilities:

Authenticate web triggers. For example, if you're building a Slack integration, this would involve verifying the request from Slack.

Atlassian's responsibilities:

Authenticate the user before invoking your Forge application.

Authorization of requests to the app

Ensure that every request made to the application is sufficiently authorized.

Your responsibilities

You must use asUser() whenever you are performing an operation on behalf of a user. This ensures your app has at most the permissions of the calling user.
Before making calls asApp(), you must verify expected permissions (for example, from product context) with the permissions REST APIs before making the request.

Atlassian's responsibilities

Obtain user consent for asUser() calls before invoking your Forge application.
Ensure that only users with access to the site can interact with apps.

Input validation and output encoding

Ensure sufficient input validation and output encoding is applied within the application.

Your responsibilities

Treat all user input as unsafe and untrusted by validating and sanitizing all input.
Encode all output. Ensure data is treated as data and not as code , especially in different browser contexts. This includes data you may get back from Atlassian's APIs, as the required output encoding depends on how the data is being used in your app.

Atlassian's responsibilities:

Appropriately encode all HTML output for UI kit components.

Application logic

Your responsibilities

Find business logic flaws through testing.
Apply defense in depth to mitigate business logic flaws. This may include applying the principle of least privilege.

Application framework

Ensure the framework used to build apps is free of security bugs, and fixes are delivered in line with Atlassian's security bug fix policy SLOs.

Your responsibilities:

Ensure the frameworks used in your custom UI app are up-to-date with the latest security patches.

Atlassian's responsibilities

Apply secure development culture and practices when building the app framework.
Remediate defects and vulnerabilities within the framework.
Publish security bug fixes within the security bug fix SLO.

Data storage

Ensure that data is appropriately stored and read by your app.

Your responsibilities

Ensure that sensitive security data, such as pre-shared keys, API keys, or encryption keys are not hardcoded in the source code. Secure storage, such as encrypted environment variables, should be used to supply keys at runtime.
Ensure that keys are rotated on a regular basis. You should rotate sensitive API keys at least every 90 days.
Ensure that authorisation controls exist to segregate data access between different user roles within the same tenant.

Atlassian's responsibilities

Encrypt data at rest for data stored within Forge app storage.
Segregate data storage to prevent cross-tenant access. This includes Forge app storage.

Software development lifecycle (SDLC) activities

Apply secure software development practices when building and maintaining your app.

Your responsibilities

Periodically scan for vulnerabilities in third-party dependencies using tools, such as OWASP Dependency-Check or other similar tools.
Perform regular threat modeling to identify and prioritize threats that may impact the security of your app.
Perform static analysis of your app to identify patterns of insecure code.

Tenant safety

Atlassian's responsibilities

Ensure strong isolation between tenants. An app installed on tenant A cannot communicate with an app installed on tenant B.

Operational elements

Logging

Your responsibilities

Ensure your application does not log personally identifiable information (PII), authentication tokens, and user-generated content (UGC), or confidential data.

Atlassian's responsibilities

Maintain robust logging that includes an audit trail of actions performed by an app.
Restrict access to logs based on organization permissions.

Monitoring and alerting

Atlassian's responsibilities

Proactively monitor the health of the platform raising alerts in response to degraded performance, security, or abuse events.

Network security

Atlassian's responsibilities

Use TLS to encrypt all traffic, including HSTS.
Ensure data is appropriately handled. This includes ensuring caching of data does not negatively impact the security of apps or the platform.

Runtime/Server security

Atlassian's responsibilities

Ensure the platform infrastructure is hardened.
Scan for security misconfiguration vulnerabilities.
Provide a secure runtime for apps that prevents bypassing security controls.

Vulnerability management and disclosure

Your responsibilities

Mitigate application security vulnerabilities within the set timelines.
Promptly notify Atlassian of security vulnerabilities discovered in your app in accordance with the Marketplace partner agreement.

Atlassian's responsibilities

Disable applications that haven't mitigated vulnerabilities within the set timelines.
Mitigate security vulnerabilities in the platform within the Security bug fix policy.
Communicate with Marketplace partners about vulnerabilities in the platform or applications that may affect their apps.

Bug bounty

Your responsibilities

Consider establishing a bug bounty program that has your application in scope.

Atlassian's responsibilities

Maintain a bug bounty program that includes the Forge platform in scope.

Security incident response

Your responsibilities

Establish a security incident response plan , so you are better prepared to respond to security breaches and incidents.
Promptly notify Atlassian upon discovery of any security incident in accordance with the Atlassian developer terms.
Keep developer account contact information up to date for security incidents.

Atlassian's responsibilities

Maintain a security incident response plan that includes the ability to detect and respond to apps.
Identify, detect, and respond to security incidents.

Disaster recovery

Your responsibilities

Establish a disaster recovery and business continuity plan to minimize or eliminate interruptions to the functioning of your apps during an incident.

Atlassian's responsibilities

Ensure data stored by Atlassian on behalf of your app (in Forge data storage) is backed up, and can be restored in an incident.
Maintain incident response plans.

Security features

User identity and access management

Atlassian's responsibilities

Provide APIs/systems for authentication.
Authenticate users and group membership.
Provide a mechanism for applications to verify user/app access to product content, such as the Jira get bulk permissions API or the Confluence check content permissions API.

DoS protection

Atlassian's responsibilities

Detect DoS attacks against applications, or caused by applications.
Mitigate DoS attacks against applications.
Suspend apps that may be misbehaving/performing a high volume of requests.

Abuse prevention

Your responsibilities

Ensure your app does not exceed the Forge platform quotas and limits.

Atlassian's responsibilities

Detect and mitigate apps that disrupt the normal operation of Forge or other Forge apps.
Enforce platform limits (storage, request throughput, etc).