Leading up to the launch of the Runs on Atlassian, program, the Forge CLI experience of the program is now in preview.
The app you're building may be eligible for Runs on Atlassian. To check if your app is eligible, go to the Forge documentation.
The Runs on Atlassian program helps customers easily identify Forge apps that have no data egress and have data residency-enabled storage. The program applies the Runs on Atlassian badge on eligible apps, which helps communicate capabilities that can benefit enterprise customers that may have strict data privacy requirements.
In general, Runs on Atlassian addresses the following requirements from customers:
Eligibility for the Runs on Atlassian badge will be automatically detected and applied on apps that meet the qualifications. Partners do not need to apply or opt in to receive the badge.
To determine whether your Forge apps meet the requirements for Runs on Atlassian, start by checking your manifest file for egress permissions. You can also use the Forge CLI to check the eligibility of an app.
Eligible apps do not list any of the following in the manifest:
Eligible apps must also do either of the following:
As new Forge storage capabilities are introduced, in EAP or Preview stages, these features may not support data residency until they reach general availability.
The Cloud Fortified and Cloud Security Participant badges remain important signals on the investments partners have made in ensuring their apps adhere to advanced trust practices. As long as eligible, an app can have one or more, or even all three badges.
During the EAP, partners can do the following.
We're introducing a new command in the Forge CLI that lets partners check if their apps qualify for Runs on Atlassian. See Eligibility check of apps to know more.
Start by checking your manifest file for declarations that you can remove. We've also introduced improvements to the Forge platform that may help in removing egress from your apps. See Removal of egress to know more.
We’ve recently updated the Forge public roadmap, making it easier to track in progress and upcoming improvements to Forge. If you haven’t already, we recommend bookmarking the roadmap and changelog so you can stay across new Forge features that let you build your app more natively.
| Partners | Customers |
|---|---|
|
TODAY API and CLI to help partners test whether apps qualify for Runs on Atlassian and identify a path towards earning the badge. FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace. |
FUTURE Field training to help sales teams and Solution Partners communicate Runs on Atlassian to customers. FUTURE Apps will be featured in customer-facing launch and Runs on Atlassian badge will go live on Atlassian Marketplace. |
While Runs on Atlassian is a big step toward trust and transparency in the Atlassian Marketplace, we do recognize that there can be tension between functionality and the tight data containment Runs on Atlassian represents.
We also acknowledge that not all apps can be eligible for Runs on Atlassian, for example, integrations that communicate with external services by nature. Other apps may need certain capabilities to be delivered to the Forge platform before they can qualify. Some partners may already have robust security and data protection controls in their own infrastructure and they may decide that Runs on Atlassian doesn’t enhance the way they position themselves to customers.
We’re committed to building platform improvements that will expand eligibility for Runs on Atlassian
and we need collaboration from partners to identify and prioritize improvements that have
the greatest impact. If you have a feature request that will help you qualify for Runs on Atlassian,
please open a FRGE ticket
and apply the runs-on-atlassian tag.
Sending logs or analytics to services outside of Atlassian is considered data egress. Such data can sometimes contain potentially sensitive information.
As we get closer to the launch of Runs on Atlassian, we’ll be introducing controls that allow app admins to enable or disable access to analytics and log sharing during app installation. This will allow apps using analytics platforms to still quality for Runs on Atlassian while putting customers in full control of their data.
Customers tell us they value the transparency of the Privacy and Security tab but observe inconsistencies in partner-attested data. Over time, we may shift to programmatically verifying certain fields based on the Forge manifest to standardize the information displayed to customers.
Runs on Atlassian apps will be marked with a badge on the Marketplace listing. Customers will also be able to filter for apps by the badge.
Runs on Atlassian will also appear in the admin app management experiences, where customers will be able to verify that apps already installed are Runs on Atlassian.
Note, the designs and experience will change over time as we learn from both customers and partners leading up to the launch.
Yes, customers will know.
The following updates are considered major updates:
Major updates require app admins to manually approve the update itself. If a major update results in an app no longer qualifying for Runs on Atlassian, this information will be surfaced to the admin at the time of the update. See Major version upgrades for more details.
No, removing egress is considered a minor update.
A major update is triggered when a new URL is added or when an existing URL is assigned to a new egress category, but not when egress URLs are removed.
Note, removing an existing URL of an external provider
from the providers section of the manifest is considered a major update. This means site admins
may need to provide consent when updating their app.
See Major version upgrades for more details.
At the moment, we do not support making only one app edition eliglble for Runs on Atlassian. All editions of an app must either be Runs on Atlassian or not. This is due to the fact that scopes and permissions must be the same across all editions of an app. We’re considering adding support and we encourage partners to get in touch if this is something you need.
Rate this page: