If you’ve managed Jira apps for any length of time, you’ve probably come across two key terms in the Atlassian ecosystem: Forge and Connect. Both are development frameworks that power Marketplace apps, but they are very different in how they handle hosting, data, and security.
For Jira admins, IT approvers, and cloud architects tasked with keeping environments secure, understanding these differences is crucial. The architecture behind an app isn’t just a developer concern, it directly impacts how you evaluate risk, meet compliance requirements, and ensure a smooth user experience.
Let’s break down what makes Forge and Connect different, why Forge is shaping the future of Atlassian apps, and how you can quickly spot the right apps for your team.
First, What are Forge and Connect?
- Atlassian Connect was introduced when Atlassian moved to cloud. It allows vendors to build cloud apps but host their own backend services outside Atlassian’s infrastructure. Many early Marketplace apps use Connect because it was the first available option.
- Atlassian Forge is a newer platform that takes a different approach. Apps built on Forge run entirely within Atlassian’s infrastructure. Instead of spinning up their own servers, vendors deploy to a secure, serverless environment managed by Atlassian.
📌 Learn more: Atlassian Forge Overview | Atlassian Connect Framework
Architectural differences that matter
| Connect Apps | Forge Apps | |
|---|---|---|
| Hosting | Vendor-managed infrastructure | Atlassian-managed infrastructure |
| Data flow | Data may pass through or be stored on vendor servers | Data stays within Atlassian cloud |
| Security oversight | Vendor responsible for securing backend | Atlassian enforces security and isolation |
| Performance | Depends on vendor’s infrastructure | Optimized within Atlassian’s environment |
For admins, these differences change how you think about app reviews:
- Connect apps often require your security team to vet the vendor’s hosting practices, data handling, and operational controls.
- Forge apps inherit Atlassian’s secure, serverless environment; reducing the unknowns and the paperwork.
Why Forge is better aligned with secure cloud practices
Modern cloud security practices emphasize shared responsibility. Atlassian already invests heavily in securing its infrastructure. Forge leverages that by keeping app code and data inside Atlassian’s managed environment.
Benefits of Forge for admins and IT teams:
- Reduced vendor risk: No third‑party servers means fewer unknowns in your data flow.
- Simpler compliance checks: Forge apps align automatically with Atlassian’s data residency and privacy controls.
- Consistent performance: Forge apps scale and update alongside Atlassian’s platform.
Example: If your organization enforces strict EU data residency, a Forge-built app that carries the Runs on Atlassian badge doesn’t require additional vendor-side validation, it inherits Atlassian’s residency guarantees.
Implications for Maintenance, Approvals, and User Data
🔧 Maintenance
Forge apps often require less operational maintenance from vendors because Atlassian handles the infrastructure. That translates into:
- Faster updates
- Fewer outages caused by external servers
- More predictable app lifecycles
📝 Approvals
For admins navigating security reviews:
- Forge apps simplify questionnaires and risk assessments.
- Many Forge apps carry additional trust badges like Runs on Atlassian or Cloud Fortified, giving you instant signals of maturity.
🔒 User Data
With Forge, sensitive data is handled within Atlassian’s secure environment:
- No custom data pipelines
- Built-in compliance with Atlassian’s Marketplace policies
- Easier to justify during internal audits
How to Identify Forge and Runs on Atlassian Apps
Knowing the difference between Forge and Connect is great—but how do you spot them when you’re actually evaluating apps on the Atlassian Marketplace?
When you visit an app’s Marketplace listing, Atlassian displays trust badges near the top of the page, typically just below the app name or pricing. These badges are your quick indicators of how the app is built and managed:
Built on Forge
This badge shows the app is developed using Atlassian’s Forge platform. That means the app’s backend runs in Atlassian’s secure serverless environment—no vendor‑managed servers.
Runs on Atlassian
Apps with this badge are not only built on Forge but also hosted entirely within Atlassian’s infrastructure. Your data never leaves Atlassian’s trusted environment, simplifying compliance reviews and reducing vendor risk.
Cloud Fortified
This badge signals the app meets Atlassian’s enterprise‑grade standards: 24×5 support SLAs, proactive monitoring, and ongoing vulnerability scans.
📌 See Atlassian’s official program details:
🔎 Quick tips when reviewing an app listing
- Check the badges first: Look for Built on Forge or the Runs on Atlassian badge at the top of the page.
- Review the “Privacy & Security” tab: Many vendors outline data handling, certifications, and architecture details there.
- Look for links to a vendor’s Trust Center: A sign they’re transparent about security and compliance.
Ricksoft’s commitment: Our apps and their badges
At Ricksoft, we’ve embraced these higher standards because we believe they’re the future of the Atlassian ecosystem. Many of our flagship Jira and Confluence apps already meet these trust signals: built on Forge, Runs on Atlassian, and Cloud Fortified, with ongoing participation in Atlassian’s Marketplace Security Bug Bounty Program.
👉 Explore our latest app badges and security status on our Security & Compliance hub or dive deeper into certifications at our Ricksoft Trust Center.
Final thoughts
For Jira admins and IT teams, app architecture isn’t just technical trivia, it’s part of your risk management and operational playbook.
Atlassian’s shift toward Forge signals a maturing Marketplace where security and reliability are built in, not bolted on.
Next time you’re evaluating an app, look beyond the feature list. Ask about architecture, check for trust badges, and leverage the growing ecosystem of Forge apps to build a safer, more compliant Jira environment for your team.
