Atlassian Forge vs Connect Apps: Which Is More Secure? (2026)

Q: What is the difference between Atlassian Forge and Connect apps?

Atlassian Forge apps run entirely within Atlassian's own cloud infrastructure — no external servers, no data leaving the Atlassian platform. Connect apps run on external servers hosted by the app vendor — Jira sends data to the vendor's infrastructure when the app is used. Forge apps have stronger security and data residency guarantees; Connect apps offer more flexibility for developers but require trust in the vendor's infrastructure.

Q: Are Forge apps GDPR compliant?

Atlassian states that Forge, as part of the Atlassian Platform, has completed ISO 27001 and SOC 2 evaluation processes and that contractual, technical, and organizational measures are in place to help ensure Forge complies with GDPR. Because Forge apps run inside Atlassian's infrastructure, they inherit Atlassian's data processing agreements and residency commitments. Connect apps are governed by separate DPAs with each individual vendor.

Q: What does 'Runs on Atlassian' mean?

'Runs on Atlassian' is the official badge awarded to Atlassian Forge apps on the Marketplace. It indicates that the app runs entirely within Atlassian's cloud — Atlassian-hosted compute, Atlassian-managed storage, Atlassian data residency. No customer data is sent to third-party servers. Enterprise procurement teams often require this badge as a baseline for apps approved for internal use.

Q: Will Atlassian Connect apps stop working?

Atlassian has phased out new Connect app listings on the Marketplace from September 2025. Existing Connect apps continue to work, but Atlassian has announced plans to eventually sunset Connect in favor of Forge. Enterprise teams evaluating new apps should prefer Forge-native options to avoid future migration risk.

Two platforms, two architectures

The Atlassian Marketplace currently hosts apps built on two different technical platforms: Connect (the older, established approach) and Forge (Atlassian's newer serverless platform, first available in 2021). Both platforms let developers extend Jira and Confluence — but they run in fundamentally different places.

How Connect apps work

Connect apps are built and hosted by the app vendor on their own external servers. When you install a Connect app and use it, Jira sends requests and data to the vendor's server infrastructure. The vendor's code processes that data, returns results to Jira, and may store data on their own systems.

Connect — data flow

Your Jira Cloud → Vendor's external server → Vendor's external storage → Response back to Jira

The flexibility of Connect is valuable for developers — they can use any language, any cloud provider, any database. But the security implication is clear: your Jira data travels outside the Atlassian platform to a server controlled by a third party.

How Forge apps work

Forge apps run as serverless functions inside Atlassian's own infrastructure. The code lives on Atlassian's cloud, executes on Atlassian's compute, and stores data in Atlassian's key-value store. There are no public-facing endpoints for the app — Atlassian invokes the functions internally. The vendor never needs to run a server.

Forge — data flow

Your Jira Cloud → Atlassian Forge runtime → Atlassian-managed storage → Response back to Jira

From a security perspective, this changes the trust boundary entirely. You're not trusting a third-party vendor's infrastructure — you're trusting Atlassian's, which you're already trusting by using Jira Cloud in the first place.

Security comparison: Forge vs Connect

Security factor	Forge	Connect
Data leaves Atlassian?	No — runs inside Atlassian	Yes — routed to vendor servers
Data residency	Inherits Atlassian's residency settings	Depends on vendor's server location
GDPR compliance	Covered by Atlassian's DPA	Separate DPA required per vendor
ISO 27001 / SOC 2	Covered by Atlassian's certifications	Depends on vendor's own certifications
Public endpoint exposure	None — no public endpoints	Yes — vendor exposes webhook/API endpoints
Vendor security review	Simplified — Atlassian trusts own runtime	Detailed — vendor must document data handling
"Runs on Atlassian" badge	Yes	No
Platform future	Active development — Atlassian's strategic platform	End of new listings Sept 2025; support timeline unclear

What this means for enterprise Atlassian admins

If your organization has data residency requirements — GDPR, HIPAA, financial services regulations, or internal policies mandating that data stays within a defined geographic or vendor boundary — Forge apps are the safer default. When data never leaves Atlassian's infrastructure, your Atlassian-level data processing agreements and residency settings cover the app automatically.

For Connect apps, you need to investigate each vendor individually: Where are their servers? Do they have a DPA? What is their own ISO or SOC 2 status? In a large organization with many installed apps, this becomes a significant procurement overhead.

Enterprise security teams increasingly use the "Runs on Atlassian" badge as a fast filter. It's not a perfect signal — a badly written Forge app can still have security flaws in its own logic — but it does eliminate an entire category of risk: vendor infrastructure trust.

Note for procurement teams: "Runs on Atlassian" means the app's compute and storage run on Atlassian's infrastructure. It does not guarantee the absence of external API calls — a Forge app could still call a third-party AI API, for example. Check the app's Trust Center or privacy policy for the full picture. Apps built with Bring Your Own Key (BYOK) AI — like BYOK AI for Atlassian — provide additional control over AI data flows.

The Connect sunset timeline

Atlassian has signaled a clear strategic direction: Forge is the future, Connect is legacy. The transition is happening in phases:

Sept 2025

No new Connect app listings on the Atlassian Marketplace. New apps must be built on Forge to be listed.

Mar 2026

Connect descriptor update enforcement. Connect apps can no longer publish descriptor changes to the Marketplace.

Q4 2026+

Connect enters end-of-support. Existing Connect apps will continue to function for an extended period, but Atlassian's active investment moves fully to Forge.

For enterprise teams evaluating new Marketplace apps in 2026, this timeline matters. Choosing a Connect app today means a migration to Forge in the vendor's future roadmap — or a migration away from the app entirely when Connect support ends.

A developer's perspective: what you give up with Forge

Forge's security advantages come with real constraints for app developers. Forge functions have execution time limits, memory limits, and an opinionated runtime environment. Complex apps that need long-running processes, heavy computation, or access to custom infrastructure can't be built as pure Forge apps — they need a hybrid approach or remain on Connect.

For AI-powered apps that need to call external AI providers (OpenAI, Anthropic, etc.), this is handled through explicit external fetch permissions in the Forge manifest. Atlassian requires apps to declare all external calls, making the data flow auditable in a way that Connect never was.

The result is that complex enterprise apps may have legitimate reasons to be on Connect — for now. But the direction is clear: Forge is where Atlassian is investing, and new enterprise apps should default to Forge unless there's a specific technical reason they can't.

Forge-native apps from this publisher

All three apps in this catalog are built on Atlassian Forge — no external servers, no third-party storage:

Visual Progress Tracker for Jira — progress bars on issues, sprint gadget
Priority Scoring for Jira — RICE, WSJF, ICE scoring, Rovo AI, Board Health
CodeDoc AI for Confluence — AI-powered documentation from GitHub/GitLab

All carry the "Runs on Atlassian" badge. Data processed by any of these apps never leaves Atlassian's infrastructure.

Frequently asked questions

What is the difference between Atlassian Forge and Connect apps?

Forge apps run entirely within Atlassian's own cloud infrastructure — no data leaves the Atlassian platform. Connect apps run on external servers hosted by the app vendor — Jira data is sent to the vendor's infrastructure when the app is used. Forge provides stronger data residency and security guarantees; Connect offers more developer flexibility but requires trusting the vendor's external infrastructure.

Are Forge apps GDPR compliant?

Atlassian states that Forge has completed ISO 27001 and SOC 2 evaluations and that contractual, technical, and organizational measures are in place to support GDPR compliance. Because Forge apps run inside Atlassian's infrastructure, they inherit Atlassian's existing data processing agreements and residency commitments. Individual Connect app vendors are responsible for their own GDPR compliance separately.

What does "Runs on Atlassian" mean?

"Runs on Atlassian" is the official Marketplace badge for Forge apps. It indicates the app's compute and storage run entirely within Atlassian's cloud — no customer data is sent to third-party servers. Enterprise procurement teams often use this badge as a minimum requirement for approved apps. Note that it does not prevent apps from calling external APIs (such as AI providers) if explicitly declared in the app manifest.

Will Atlassian Connect apps stop working?

Atlassian stopped accepting new Connect app listings from September 2025 and is phasing Connect toward end-of-support. Existing Connect apps continue to work during the transition period. Enterprise teams evaluating new apps should prefer Forge-native options (those with the "Runs on Atlassian" badge) to avoid future migration risk.

All three apps — built on Forge, "Runs on Atlassian"

Visual Progress Tracker, Priority Scoring, and CodeDoc AI run entirely on Atlassian infrastructure. Free trials available on the Marketplace.

Browse apps on Marketplace →