US flag signifying that this is a United States Federal Government website An official website of the United States government

What the PaaS offers

What the PaaS offers

As a Platform as a Service, is responsible for maintenance and security of the platform. Customers are responsible for maintenance and security of their custom code running on the platform.

Here’s a chart to illustrate this in three example use cases:

Diagram of responsibilities, described in text below

App #1 uses a standard buildpack. (A buildpack provides support for a programming language.) The customer is only responsible for the app code and its dependencies.

App #2 uses a custom buildpack, so the customer’s responsibility expands from the app code to managing the custom buildpack and its dependencies. If you choose to use a custom buildpack, you are responsible for:

  • Ensuring your application framework/runtime and all dependencies are supported versions with no known vulnerabilities.
  • Continually updating your runtime and dependencies as new vulnerabilities are discovered and fixed.
  • Maintaining a best practice baseline configuration for your application framework/runtime that meets all applicable security standards.

App #3 is a Docker setup, where the customer is fully responsible for their Docker container and custom image. Learn about this feature. is always responsible for the following components at its platform level:

  • Operating system
  • Continuous monitoring
  • Anti-malware
  • Network security
  • Versioning
  • Scaling
  • Logging
  • Alerting