What the cloud.gov PaaS offers
As a Platform as a Service, cloud.gov is responsible for maintenance and security of the cloud.gov platform. Customers are responsible for maintenance and security of their custom code running on the platform.
Here’s a chart to illustrate this in three example use cases:
App #1 uses a standard buildpack. (A buildpack provides support for a programming language.) The customer is only responsible for the app code and its dependencies.
App #2 uses an unsupported/custom buildpack, so the customer’s responsibility expands from the app code to managing the unsupported/custom buildpack and its dependencies. If you choose to use a custom buildpack, you are responsible for:
- Ensuring your application framework/runtime and all dependencies are supported versions with no known vulnerabilities.
- Continually updating your runtime and dependencies as new vulnerabilities are discovered and fixed.
- Maintaining a best practice baseline configuration for your application framework/runtime that meets all applicable security standards.
App #3 is a Docker setup, where the customer is fully responsible for their Docker container and custom image. Learn about this experimental feature.
cloud.gov is always responsible for the following components at its platform level:
- Operating system
- Continuous monitoring
- Network security