View categories

Categories

Heroku Architecture
- Compute (Dynos)
  - Dyno Management
  - Dyno Concepts
  - Dyno Behavior
  - Dyno Reference
  - Dyno Troubleshooting
- Stacks (operating system images)
- Networking & DNS
- Platform Policies
- Platform Principles

Command Line

Deployment
- Deploying with Git
- Deploying with Docker
- Deployment Integrations

Continuous Delivery & Integration
- Continuous Integration

Language Support
- Node.js
- Ruby
  - Working with Bundler
  - Rails Support
- Python
  - Background Jobs in Python
  - Working with Django
- Java
  - Working with Maven
  - Java Database Operations
  - Java Advanced Topics
  - Working with Spring Boot
- PHP
- Go
  - Go Dependency Management
- Scala
- Clojure

Databases & Data Management
- Heroku Postgres
  - Postgres Basics
  - Postgres Getting Started
  - Postgres Performance
  - Postgres Data Transfer & Preservation
  - Postgres Availability
  - Postgres Special Topics
- Heroku Key-Value Store
- Apache Kafka on Heroku
- Other Data Stores

Monitoring & Metrics
- Logging

App Performance

Add-ons
- All Add-ons

Collaboration

Security
- App Security
- Identities & Authentication
  - Single Sign-on (SSO)
- Compliance

Heroku Enterprise
- Private Spaces
  - Infrastructure Networking
- Enterprise Accounts
- Enterprise Teams
- Heroku Connect (Salesforce sync)
  - Heroku Connect Administration
  - Heroku Connect Reference
  - Heroku Connect Troubleshooting

Patterns & Best Practices

Extending Heroku
- Platform API
- App Webhooks
- Heroku Labs
- Building Add-ons
  - Add-on Development Tasks
  - Add-on APIs
  - Add-on Guidelines & Requirements
- Building CLI Plugins
- Developing Buildpacks
- Dev Center

Accounts & Billing

Troubleshooting & Support

Integrating with Salesforce

Penetration Testing and Network Scanning

Last updated August 31, 2021

Table of Contents

Researchers

Coordinated penetration tests and network security scans are allowed on Heroku.

Heroku does not require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks. Any large volume testing must follow our load testing guidelines.

If you are a Heroku customer and you would like to report a vulnerability or have a security concern regarding Heroku, please email security@salesforce.com.

For other security inquiries, please open a support ticket.

Researchers

As part of our commitment to working with security researchers to make our platform safer, Heroku operates a bug bounty program to reward those who find and report bugs in our platform.

To report vulnerabilities related to Heroku:

Privately share details of the suspected vulnerability with Heroku by submitting them via the HackerOne Disclosure Assistance Form
Provide full details of the suspected vulnerability so the Heroku security team may validate and reproduce the issue

Valid findings will be considered for compensation in accordance with our bounty program rules.

Keep reading

App Security

Feedback

Log in to submit feedback.

WebSocket Security Understanding TLS on Heroku