Categories

Heroku Architecture
- Compute (Dynos)
  - Dyno Management
  - Dyno Concepts
  - Dyno Behavior
  - Dyno Reference
  - Dyno Troubleshooting
- Stacks (operating system images)
- Networking & DNS
- Platform Policies
- Platform Principles

Developer Tools
- Command Line
- Heroku VS Code Extension

Deployment
- Deploying with Git
- Deploying with Docker
- Deployment Integrations

Continuous Delivery & Integration (Heroku Flow)
- Continuous Integration

Language Support
- Node.js
  - Working with Node.js
  - Node.js Behavior in Heroku
  - Troubleshooting Node.js Apps
- Ruby
  - Rails Support
  - Working with Bundler
  - Working with Ruby
  - Ruby Behavior in Heroku
  - Troubleshooting Ruby Apps
- Python
  - Working with Python
  - Background Jobs in Python
  - Python Behavior in Heroku
  - Working with Django
- Java
  - Java Behavior in Heroku
  - Working with Java
  - Working with Maven
  - Working with Spring Boot
  - Troubleshooting Java Apps
- PHP
  - PHP Behavior in Heroku
  - Working with PHP
- Go
  - Go Dependency Management
- Scala
- Clojure
- .NET
  - Working with .NET

Databases & Data Management
- Heroku Postgres
  - Postgres Basics
  - Postgres Getting Started
  - Postgres Performance
  - Postgres Data Transfer & Preservation
  - Postgres Availability
  - Postgres Special Topics
  - Migrating to Heroku Postgres
- Heroku Key-Value Store
- Apache Kafka on Heroku
- Other Data Stores

AI
- Model Context Protocol
- Vector Database
- Heroku Inference
  - Inference Essentials
  - AI Models
  - Inference API
  - Quick Start Guides
- Working with AI

Monitoring & Metrics
- Logging

App Performance

Add-ons
- All Add-ons

Collaboration

Security
- App Security
- Identities & Authentication
  - Single Sign-on (SSO)
- Private Spaces
  - Infrastructure Networking
- Compliance

Heroku Enterprise
- Enterprise Accounts
- Enterprise Teams
- Heroku Connect (Salesforce sync)
  - Heroku Connect Administration
  - Heroku Connect Reference
  - Heroku Connect Troubleshooting

Patterns & Best Practices

Extending Heroku
- Platform API
- App Webhooks
- Heroku Labs
- Building Add-ons
  - Add-on Development Tasks
  - Add-on APIs
  - Add-on Guidelines & Requirements
- Building CLI Plugins
- Developing Buildpacks
- Dev Center

Accounts & Billing

Troubleshooting & Support

Integrating with Salesforce

Penetration Testing and Network Scanning

Last updated August 31, 2021

Table of Contents

Researchers

Coordinated penetration tests and network security scans are allowed on Heroku.

Heroku does not require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks. Any large volume testing must follow our load testing guidelines.

If you are a Heroku customer and you would like to report a vulnerability or have a security concern regarding Heroku, please email security@salesforce.com.

For other security inquiries, please open a support ticket.

Researchers

As part of our commitment to working with security researchers to make our platform safer, Heroku operates a bug bounty program to reward those who find and report bugs in our platform.

To report vulnerabilities related to Heroku:

Privately share details of the suspected vulnerability with Heroku by submitting them via the HackerOne Disclosure Assistance Form
Provide full details of the suspected vulnerability so the Heroku security team may validate and reproduce the issue

Valid findings will be considered for compensation in accordance with our bounty program rules.

Keep reading

App Security

Feedback

Log in to submit feedback.

WebSocket Security Understanding TLS on Heroku