View categories

Categories

Heroku Architecture
- Compute (Dynos)
  - Dyno Management
  - Dyno Concepts
  - Dyno Behavior
  - Dyno Reference
  - Dyno Troubleshooting
- Stacks (operating system images)
- Networking & DNS
- Platform Policies
- Platform Principles
- Buildpacks

Developer Tools
- AI Tools
- Command Line
- Heroku VS Code Extension

Deployment
- Deploying with Git
- Deploying with Docker
- Deployment Integrations

Continuous Delivery & Integration (Heroku Flow)
- Continuous Integration

Language Support
- Node.js
  - Node.js Behavior in Heroku
  - Troubleshooting Node.js Apps
  - Working with Node.js
- Ruby
  - Rails Support
    - Working with Rails
  - Working with Bundler
  - Working with Ruby
  - Ruby Behavior in Heroku
  - Troubleshooting Ruby Apps
- Python
  - Working with Python
  - Background Jobs in Python
  - Python Behavior in Heroku
  - Working with Django
- Java
  - Java Behavior in Heroku
  - Working with Java
  - Working with Maven
  - Working with Spring Boot
  - Troubleshooting Java Apps
- PHP
  - Working with PHP
  - PHP Behavior in Heroku
- Go
  - Go Dependency Management
- Scala
- Clojure
- .NET
  - Working with .NET

Databases & Data Management
- Heroku Postgres
  - Postgres Basics
  - Postgres Getting Started
  - Postgres Performance
  - Postgres Data Transfer & Preservation
  - Postgres Availability
  - Postgres Special Topics
  - Migrating to Heroku Postgres
- Heroku Key-Value Store
- Apache Kafka on Heroku
- Other Data Stores

AI
- Inference Essentials
- Inference API
- Inference Quick Start Guides
- AI Models
- Tool Use
- AI Integrations
- Vector Database

Monitoring & Metrics
- Logging

App Performance

Add-ons
- All Add-ons

Collaboration

Security
- App Security
- Identities & Authentication
  - Single Sign-on (SSO)
- Private Spaces
  - Infrastructure Networking
- Compliance

Heroku Enterprise
- Enterprise Accounts
- Enterprise Teams

Patterns & Best Practices

Extending Heroku
- Platform API
- App Webhooks
- Heroku Labs
- Building Add-ons
  - Add-on Development Tasks
  - Add-on APIs
  - Add-on Guidelines & Requirements
- Building CLI Plugins
- Developing Buildpacks
- Dev Center

Accounts & Billing

Troubleshooting & Support

Integrating with Salesforce
- Heroku AppLink
  - Heroku AppLink Reference
  - Getting Started with Heroku AppLink
  - Working with Heroku AppLink
- Heroku Connect (Salesforce sync)
  - Heroku Connect Administration
  - Heroku Connect Reference
  - Heroku Connect Troubleshooting
- Other Salesforce Integrations

Add-on Security Requirements

Table of Contents [expand]

Security Guidelines
Reporting Security Vulnerabilities to Heroku
Reporting Security Vulnerabilities to Customers

Last updated January 21, 2026

Add-on partners must follow these requirements before offering their services with Heroku.

Security Guidelines

For guidelines on how to build a secure add-on service, refer to the Salesforce documentation for AppExchange partners. Some of this documentation is specific to AppExchange and not relevant to Heroku, but they are the guidelines for maintaining a Security Policy and how to Prevent Secure Coding Violations are relevant for Heroku add-ons.

Reporting Security Vulnerabilities to Heroku

Add-on providers can report suspected Heroku security vulnerabilities as outlined out in the Heroku Security Policy.

For less urgent matters, reach out to the Heroku team at heroku-ecosystem-partners@salesforce.com for assistance.

Reporting Security Vulnerabilities to Customers

Add-on partners must provide timely, clear, and actionable notifications to affected customers about any identified security vulnerability, including necessary steps for customers to assess and mitigate risks.

Add-on partners must also respond to triaged support requests from customers about potential security vulnerabilities.

Feedback

Log in to submit feedback.