There’s obviously more to security than humans, technology, and vendors with all of their implementations and expertise. At Heroku we believe that security is a byproduct of excellence in engineering.

All too often, software is written solely with the happy path in mind, and security assurances of that software has its own dangerous assumptions. A mature security program should challenge assumptions of security controls, move to testing continuously, and prepare for the unexpectable.

This means asking hard questions about the bigger picture. Think bigger than the development lifecycle, backing away from the fixations of confirming effective corrections and remediations. This means taking...

After a successful two-month Beta period, PostgreSQL 11 is now the default version for all new provisioned Heroku Postgres databases. All Postgres extensions, tooling, and integration with the Heroku developer experience are ready to use, giving you the power of PostgreSQL 11 with the ease and usability of Heroku for building data-centric applications.

We'd like to re-emphasize a few features - among the many released in Postgres 11 - that we are particularly excited about.

This blog post is adapted from a talk given by Amy Unger at RailsConf 2018 titled "Knobs, buttons & switches: Operating your application at scale."

We've all seen applications that keel over when a single, upstream service goes down. Despite our best intentions, sometimes an unexpected outage has us scrambling to make repairs. In this blog post, we'll take a look at some tools you can integrate into your application before disaster strikes. We'll talk about seven strategies that can help you shed load, fail gracefully, and protect struggling services. We'll also talk about the technical implementations of these techniques—particularly in Ruby, though the...

Progressive web apps enable websites to function more like native mobile apps in exchange for some flexibility. You get native mobile app functionality (or close to it) without all the overhead of app store approvals and tons of platform-specific native code. Users can install a progressive web app to their home screen and launch it just like a native app. However, the app is launched into a pseudo-app frame that has some restrictions and only allows access to pages that are sub-paths of the initial path of the...

The recent introduction of Platform Events and Change Data Capture (CDC) in Salesforce has launched us into a new age of integration capabilities. Today, it's possible to develop custom apps that respond to activity in Salesforce. Whether you're creating a memorable customer interaction or implementing an internal workflow for employees, consider an event-sourced design to improve responsiveness and durability of the app.

In this article, we'll look at an event-sourced app architecture that consumes the Salesforce Streaming API using the elegant jsforce JavaScript library in a Node app on Heroku.

Streaming with jsforce

In summer 2018, the open-source jsforce library...