The Security Program model in Bugcrowd enables you to connect assets and asset collections to Security Programs via targets.
When assets or asset collections are assigned to Security Programs, a target object is created. This target links the asset(s) to the program and can then be added and assigned to specific engagement scopes.
This ensures vulnerabilities are mapped directly to the assets they affect, improving visibility into risk and streamlining program management.
Before You Begin
- Enable Asset Inventory: Ensure Asset Inventory is enabled for your organization.
- Permissions: Only Organization Owners can assign assets or collections to Security Programs.
- Multi-Program Support: Assets and collections can be mapped to one or more Security Programs.
- Vulnerability Mapping: Vulnerabilities reported against a target are automatically mapped back to the assigned asset(s).
-
Archived Assets:
- Archiving an asset does not remove its target from existing programs or engagements.
- Vulnerability data continues to flow back to the archived asset.
- Collections: Assigning a collection to a Security Program assigns all assets within that collection to the program.
Navigation
- Log in to your Bugcrowd organization.
- Go to Assets.
- Select any asset view (e.g., All assets, Domain, Network, or Service).
- Locate the asset you want to assign.
- From the row-level actions menu (⋮), select Assign to Security Program…
Assigning an Asset
- From the Assign asset to Security Program modal, select one or more programs.
- Click Assign.
- A confirmation message appears:
“Successfully added 1 asset to the security programs.”
Assign Asset to Security Program
Confirmation Message
Removing an Asset
- Go to the row-level actions menu (⋮) for the asset.
- Select Remove from Security Program…
- In the modal, choose the Security Program(s) to remove the asset from.
- Click Remove.
- The asset is unlinked from the selected program(s).
Remove Asset Menu Option
Remove Asset from Security Program Modal
