Runs on Atlassian

The Runs on Atlassian program helps customers identify Forge apps that can benefit enterprise customers with strict data privacy requirements. The Runs on Atlassian badge is automatically applied to eligible apps on the Atlassian Marketplace.

Runs on Atlassian addresses the following requirements from customers:

1. Apps exclusively use Atlassian-hosted compute and storage.
2. Apps support data residency that matches data residency provided by the host product.
3. Customers are in control of data egress, such as analytics and logs, and can fully block data egress at any time.

The Forge CLI provides a programmatic way to verify the above requirements.

Eligibility requirements

Eligibility for the Runs on Atlassian badge is automatically detected and applied on apps that meet the qualifications. Partners do not need to apply or opt in to receive the badge.

To determine whether your Forge apps meet the requirements for Runs on Atlassian, start by checking your manifest file for egress permissions. You can also use the Forge CLI to check the eligibility of an app.

Your app must not egress data, with the exception of egress for analytics purposes. If your app sends data for analytics and does not send in-scope End-User Data, then it is eligible for Runs on Atlassian.

Apps use analytics data to identify trends and insights, which can be used to improve app performance. These trends and insights can fall under different categories, such as web analytics and product analytics. In the context of Runs on Atlassian, you must not mark tools that don't capture analytics data as analytics egress.

Ready to dive right in?

Here are some things you can do to start making your apps eligible for Runs on Atlassian.

Feedback

While Runs on Atlassian is a big step toward trust and transparency in the Atlassian Marketplace, we do recognize that there can be tension between functionality and the tight data containment Runs on Atlassian represents.

We also acknowledge that not all apps can be eligible for Runs on Atlassian, for example, integrations that communicate with external services by nature. Other apps may need certain capabilities to be delivered to the Forge platform before they can qualify. Some partners may already have robust security and data protection controls in their own infrastructure and they may decide that Runs on Atlassian doesn’t enhance the way they position themselves to customers.

We’re committed to building platform improvements that will expand eligibility for Runs on Atlassian and we need collaboration from partners to identify and prioritize improvements that have the greatest impact. If you have a feature request that will help you qualify for Runs on Atlassian, please open a FRGE ticket and apply the runs-on-atlassian tag.

FAQ

Will apps that use external analytics platforms be excluded from Runs on Atlassian?

Sending data to analytics tools and services outside of Atlassian is not considered data egress, provided that:

• the app is only egressing data for the purpose of analytics,
• and the data egress for analyrics does not include in-scope End-User Data.

We're introducing controls that allow app admins to enable or disable access to analytics and log sharing during app installation, as well as after installation. This allows apps using analytics platforms to still qualify for Runs on Atlassian while putting customers in full control of their data.

Will there be changes to the Privacy and Security tab?

Customers tell us they value the transparency of the Privacy and Security tab but observe inconsistencies in partner-attested data. Over time, we may shift to automatically verifying certain fields based on the Forge manifest to standardize the information displayed to customers.

How will Runs on Atlassian show up to customers?

Runs on Atlassian apps are marked with a badge on the Marketplace listing. Customers can also filter for apps by the badge.

The Runs on Atlassian badge also appears in the app management experiences, where customers can verify whether or not their currently installed apps are eligible for Runs on Atlassian.

If an app receives an update that invalidates Runs on Atlassian eligibility, will customers know?

Yes, customers will know if an app update invalidates eligibility.

The following updates are considered major updates:

• Adding remotes.
• Adding or modifying web trigger module functions. This includes:
  • Adding a new dynamic web trigger.
  • Modifying a static web trigger to dynamic.
• Adding or modifying the category of an existing egress permission.
• Modifying inScopeEUD from false to true for an egress permission element for the first time.

Major updates require admins to manually approve the update itself. If a major update results in an app no longer qualifying for Runs on Atlassian, this information will be surfaced to the admin at the time of the update. See Major version upgrades for more details.

Will removing egress from my app require a major version update?

No, removing egress is considered a minor update.

A major update is triggered when a new URL is added or when an existing URL is assigned to a new egress category, but not when egress URLs are removed.

Note, removing an existing URL of an external provider from the providers section of the manifest is considered a major update. This means admins may need to provide consent when updating their app. See Major version upgrades for more details.

Can I create an app edition that qualifies for Runs on Atlassian alongside one that does not?

At the moment, we do not support making only one app edition eliglble for Runs on Atlassian. All editions of an app must either be Runs on Atlassian or not. This is due to the fact that scopes and permissions must be the same across all editions of an app. We’re considering adding support and we encourage partners to get in touch if this is something you need.