Changelog

As part of our ongoing efforts to enhance security and improve our services for Atlassian Marketplace partners and customers, we're pleased to announce an important update to the Continuous Scanning process for Marketplace Data Center (DC) apps.

What's Changing?

Previously, the Data Center Security Scanner was configured to scan only the latest version of Marketplace DC Apps. Given the higher adoption rate of our Long Term Support (LTS) versions of Data Center products and to ensure broader security coverage for our customers, we will now include not only the latest version of the apps, but also app versions that support the current and previous Data Center LTS versions.

Additional Updates

1. Increased Volume of Tickets in AMS: With the expanded scope of our continuous scanning efforts, we anticipate an increased volume of tickets in Atlassian Marketplace Security (AMS). To focus on risk reduction and workload management, while providing you with the best service possible, we will communicate the initial set of vulnerabilities in weekly batches according to severity/vulnerability class starting Jun 23, 2025. We will start with Critical vulnerabilities and continue with High, Medium, and Low. You can learn more about the severity levels in our Security Bug Fix Policy.

2. Expanded Scanning Tools: As part of our continuous scans, we will be employing three scanners to ensure comprehensive security coverage:

   • Malware Scanner

   • Software Composition Analysis (SCA) Scanner

   • 🆕 Static Application Security Testing (SAST) Scanner

Why This Matters

• Comprehensive Security Coverage: By expanding the scan to include app versions compatible with both current and previous Data Center LTS versions, we ensure that vulnerabilities in older, yet widely used, app versions are detected and addressed.

• Multi-Layered Security Analysis: Utilizing a combination of Malware Scanner, Software Composition Analysis (SCA) Scanner, and Static Application Security Testing (SAST) Scanner allows us to identify a wider range of potential security issues. This multi-faceted approach helps us uncover vulnerabilities related to malicious code, outdated libraries, and insecure coding practices, providing a thorough security assessment for your applications.

We believe these changes will significantly benefit our customers by providing enhanced security assurance and support. Thank you for your continued collaboration and commitment to maintaining high standards in the Atlassian Marketplace. If you have any questions or need further assistance, please do not hesitate to reach out to our support team.

We are introducing a new billing model: maximum quantity billing.

With maximum quantity billing, customers are charged for the highest number of seats they reach in a given month, and any seats added during the month are billed on a prorated basis. While Marketplace partners are not required to take any action, we recommend partners familiarize themselves with the sales type associated with charges that will appear in reporting for maximum quantity billing.

This model will modify the current per-user pricing structure for monthly Atlassian Marketplace cloud app subscriptions and will be rolled out to customers starting in early August, with full GA expected by the end of October.

For more details, please refer to this Quick reference guide.

We’ve published new documentation explaining how grace periods work for licenses. To help you programmatically identify grace period status, the getLicensesAPI now includes an inGracePeriod field.

This field enables you to determine if a license is:

• Currently in a grace period → inGracePeriod: Yes

• Was previously in a grace period, but is no longer → inGracePeriod: No

• Never had a grace period → inGracePeriod field will be absent

📝 Note: There are no UI changes associated with this update - the information is available only via API.

Following its Preview release, we’re excited to announce that the Runs on Atlassian program is now generally available.

This means that customers can now see the Runs on Atlassian badge for eligible apps on the Atlassian Marketplace. Similarly, customers can also filter for eligible apps.

Check out Runs on Atlassian documentation to know more about the program, as well as the eligibility requirements and the next steps you can take.

We’ve started the customer rollout for the Runs on Atlassian program. This means that some customers can now see the Runs on Atlassian badge for eligible apps on the Atlassian Marketplace and on the Connected apps page of Atlassian Administration.

To ensure a smooth transition, we’re progressively rolling this out to customers over the next few days. We’ll provide another update upon completion.

Check out Runs on Atlassian documentation to know more about the program.

We are removing the functionality for importing workflows from Marketplace apps. Customers won't be able to import workflows hosted in apps directly starting from 23 June 2025.

The workaround for https://developer.atlassian.com/platform/marketplace/knowledge-base/how-do-i-import-a-workflow-into-a-jira-cloud-instance/ will no longer be available.

Marketplace team has updated the logic for calculating the saleType provided via the transactions report.

To address the varied use cases regarding enhancements in pricing and packaging of apps on the Marketplace, we are transitioning from assessing sale type value based on the changes in user count from prior transactions. Instead, we will adopt a method that considers the relationship between the gross list price and the editions available. This new approach allows us to shift our focus from the variability in user count to a more comprehensive and inclusive rationale.

With this update in logic:

• The type of sale will be defined by the interplay between the gross list price and the editions offered. The gross list price represents the total amount a customer must pay based on the listed price, without accounting for any deductions or adjustments.

• We are introducing a new sale type referred to as DOWNGRADE. If there is a reduction in the gross list price compared to previous transactions, or if the edition is downgraded while the gross list price remains unchanged, the transaction will be classified as a downgrade.

• The same will be reflected in the user experience for partner reporting

These changes will be applicable to transactions from May 15, 2025. We encourage partners to read the quick reference guide here to know more about this change.

Atlassian has made the decision to move customer GA for multi-instance pricing to the fourth quarter of 2025.

While we recognize the significance of this decision, we are confident that it is a crucial step towards developing the most streamlined and efficient processes for our partners and shared customers.

We will share more details on a more precise GA date at a later time.

As part of our recent publication of the Security Requirements for Data Center apps, requiring developers to perform SAST Scans and our ongoing commitment to building trust with customers, Atlassian will be introducing a new Static Application Security Testing (SAST) scanning capability for Data Center Marketplace apps starting Jun 2, 2025. This initiative is part of our continuous effort to ensure the safety and integrity of Marketplace apps.

With a focus on risk reduction, workload management, and to provide you with the best service, we’ll be communicating the initial set of vulnerabilities in weekly batches according to severity/vulnerability class, starting with Critical and continuing with High, Medium, and Low (learn more about the severity levels in the Security Bug Fix Policy here.) The first batch will be released onJun 2, 2025 with subsequent batches released every Monday thereafter, continuing until all issues have been communicated to partners.

For more details, please refer to: SAST Scanner for Data Center Apps

We have identified an issue, specific to 0$ transactions on Marketplace transactions reports. Previously, for a given entitlement & transaction order ID, the discount amount and refund information was not displayed for a 0$ transaction. This issue was identified across approximately 3,500 transactions spread across marketplace partners.

The issue has now been fixed as of May 16, 2025, and transactions reports will display a comprehensive transaction breakdown - with discounts, refunds as and when applied.

Partners can fetch this data using the lastUpdated field of API’s mentioned below. Change is live in production starting May 16, 2025,

• Get transactions API

• Export transactions API

We’re excited to announce that app editions are now GA in the Marketplace. Editions provide partners with a more unique way to price and package their apps, enabling them to create both standard and advanced versions of their app(s).

Customers can now access advanced editions by checking the overview or pricing tab on the app listing to see if both standard and advanced options are available.

If you’re interested in learning more about editions and how to build them, visit our developer documentation here.

As of May 12, 2025, the previously announced update to the /rest/2/addons (Get apps) API is now live.

What’s changed?
To strengthen data privacy on the Atlassian Marketplace, the "user count" field in the response now returns -1 for all apps. This prevents the unintended exposure of user metrics.

Action Required
No action is needed if your systems already handle a -1 value in this field.

Based on internal analysis and bug reports, we had identified a couple of issues in the identification of type for license events in Marketplace reports:

• For some cases, converted events were not flowing due to being considered as non-converted and vice versa.

• For some cases, churn events were getting tagged as renewal and vice versa.

As part of this fix, we are adding additional checks on start and end dates to find and categorise events accurately. In terms of impact to reports:

• License events report - Counts in each metric might differ due to change in type.

• Churn report - Based on events getting added or removed from churn type, number and percentages will change.

• Renewal report - Based on events getting added or removed from renewal type, number and percentages will change.

• Conversion report - Based on events getting added or removed from conversion type, number and percentages will change.

In order to facilitate a smooth transition, we are updating historical records from May 1, 2025 for now. In the coming weeks, we will be backfilling data from May 1, 2024 to give a more accurate historical view.

Note: This change only impacts the events. Licenses and Transaction are not impacted

Update #1: We are introducing a new revenue share incentive to help partners establish successful apps on Forge.

• Beginning 1 January 2026, partners will pay 0% revenue share for eligible Forge earnings, up to $1 million in lifetime Forge revenue. Lifetime revenue is calculated across all Forge apps owned by a partner, from the date eligible apps begin earning revenue on the Marketplace. This is a temporary incentive, and may change in the future.

Update #2: We are also introducing new Marketplace revenue share rates that will go into effect 1 January 2026. Percentages reflect the commission amount retained by Atlassian, with remaining earnings paid out to the partner.

• The rate for Connect apps will increase to 20% and subsequently increase to 25% on 1 July 2026.

• The standard rate for Forge apps will increase to 16% and subsequently increase to 17% on 1 July 2026.

We’re currently reviewing the changes announced to the partner discount amount and discount array fields, which were originally scheduled to go live on 5 May 2025. To ensure a smooth rollout and allow time to resolve queries, we are extending this timeline by 3 weeks.

At this time, no changes will be made to the existing behavior. We will share a revised go-live date and further details once our review is complete.

Thank you for your patience and understanding.

• Originally Announced On: 30 Apr 2025
  Original Go-Live Date: 5 May 2025

• Related Documentation: QRG