The Security Program model in Bugcrowd enables you to connect assets and asset groups to Security Programs via targets.
When assets or asset groups are assigned to Security Programs, a target object is created. This target links the asset(s) to the program and can then be added and assigned to specific engagement scopes.
This ensures submissions and vulnerabilities are mapped directly to the assets they affect, improving visibility into risk and streamlining program management.
Before You Begin
- Enable Asset Inventory: Ensure Asset Inventory is enabled for your organization.
- Permissions: Only Organization Owners can assign assets or groups to Security Programs.
- Multi-Program Support: Assets and groups can be mapped to one or more Security Programs.
- Vulnerability Mapping: Vulnerabilities reported against a target are automatically mapped back to the assigned asset(s).
-
Archived Assets:
- Archiving an asset does not remove its target from existing programs or engagements.
- Vulnerability data continues to flow back to the archived asset.
- Groups: Assigning an asset group to a Security Program assigns all assets within that group to the program.
Navigation
- Log in to your Bugcrowd organization.
- Go to Assets.
- Select any asset view (e.g., All assets, Domain, Network, or Service).
- Locate the asset you want to assign.
- From the row-level actions menu (…), select Assign to Security Program…
Assigning an Asset
- From the Assign asset to Security Program modal, select one or more programs.
- Click Assign.
- A confirmation message appears: “Successfully added 1 asset to the security programs.”
Removing an Asset
- Go to the row-level actions menu (…) for the asset.
- Select Remove from Security Program…
- In the modal, choose the Security Program(s) to remove the asset from.
- Click Remove.
- The asset is unlinked from the selected program(s).