Manually Adding Assets

In addition to automatically discovered assets, you can manually add assets to your Bugcrowd Asset Inventory. This ensures that all relevant assets — including domains, IPs, web applications — are tracked and included in your security programs.

Add asset

You can manually add assets from any asset view page:

  • All assets
  • Domains (including Zone or Record pages)
  • Network (including IP Address or ASN pages)
  • Services (including Web Application)

To add a new asset:

  1. Navigate to the asset view page where you want to add the asset.
  2. Click the + Add asset button (top right).
  3. The Add Asset form will open.

Completing the Add Asset Form

The Add Asset form is divided into sections: Details, Programs and Collections, Security Posture, and Properties.

1. Details

  • Name (required): A name to identify the asset.
  • URL / Location (optional): Enter a valid URL, IPv4, or IPv6 address. Alternatively, link to a relevant resource or organization website.
  • Type (required): Choose the basic categorization (Zone, Record, Web Application, IP Address, ASN). Note: The type of asset you select will automatically populate the appropriate Properties fields for that specific asset type (e.g., domains show domain-specific properties, IP addresses show IP-specific properties).
  • Tags (optional): Apply tags to group and track assets.
  • Description (optional): Provide context for internal use (purpose, features, ownership).
  • External ID (optional): UUID from an external asset management system, if applicable.

2. Programs and Collections

  • Assign Security Programs: Add this asset as a target within one or more Bugcrowd Security Programs.
  • Add to Collections: Group this asset into one or more collections for categorization and security testing.

3. Security Posture

Define the risk and operational context of the asset:

  • Business Criticality: Critical, High, or Moderate.
  • Exposure Status: Internet-facing, Internal-only, Partner-network-exposed.
  • Environment: Production, Staging, Development, Test.
  • Sensitivity: Public, Internal, Confidential, Regulated (PCI, HIPAA).

Note: These fields are required for a Risk Score to be generated for an asset. For more information, please see Asset Risk Score documentation.

4. Properties

  • This section dynamically updates based on the Asset Type selected.
  • For example, selecting Zone enables domain-specific fields - CDN provider and Hosting provider.

Saving the Asset

  1. Complete all required fields.
  2. Review your entries for accuracy.
  3. Click Submit.
  4. The asset will appear in the selected asset view page and in the All assets view.

Additional Information

  • Manually added assets are treated the same as discovered assets in terms of tracking, posture, and risk scoring.
  • Assign assets to programs and collections during creation to ensure they’re covered immediately.
  • You can edit metadata and posture later from the Asset Inventory table.
Quickstart Expand to see sub-pages
Onboarding Expand to see sub-pages
Organization Management Expand to see sub-pages
Security Program Management Expand to see sub-pages
Engagement Management Expand to see sub-pages
Target Management Expand to see sub-pages
Single-Sign-On Expand to see sub-pages
Security Expand to see sub-pages
Roles and Permissions Expand to see sub-pages
Submission Management Expand to see sub-pages
Funds Management Expand to see sub-pages
Integration Management Expand to see sub-pages
Reporting Organization Expand to see sub-pages
Reporting Security Program Expand to see sub-pages
Incident management Expand to see sub-pages
Visit bugcrowd.com