Onboarding
Account Management
Security Program Management
Invites
Engagement Management
Engagement Brief
Submission Management
Receiving Rewards

Commenting on a Submission

Program owners can use comments to communicate with you on your submissions. Generally, you will receive a comment on your submission if you need to provide more information or clarify something in your report.

When you receive a new message, you will receive an e-mail notification that someone commented on your submission. You can click on the link in the e-mail or log in to Bugcrowd to respond.

email

To add or respond to a comment:

  1. Go to the submission for which you want to add or respond to a comment.

  2. In the Activity > Send a message section, select one of the following based on your requirement:

    • Everyone - Send comment to everyone involved in the submission and the general public (if you choose to disclose the report)
    • Bugcrowd - Private comments are available to you only when the private comment is initiated by the Bugcrowd ASE. If you want to initiate a private conversation with ASE, submit a support ticket through the Bugcrowd Support Portal. If Bugcrowd ASE initiates a private comment with you, then you can have a private conversation with Bugcrowd using this option.

    researcher-send-comment

  3. In the text box, type the message. You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

    comments-description

  4. To add attachments, click Add Attachments. For more information, see uploading attachments to your comments.

  5. Click Send message to send the message.

    send-message

Uploading Attachments to Your Comments

There may be times when a program owner will request more information from you or ask that you further demonstrate your findings. To provide additional evidence of your findings, you can attach a file, such as video, image, or PDF, to your comment when you respond to the program owner. This makes it easy for you to share sensitive information without uploading it to a third party, like Vimeo or YouTube.

Supported file types include:

  • .avi
  • .gif
  • .jpg
  • .mov
  • .mpeg
  • .pdf

Maximum Video Size: Videos must not exceed 20 MB.

Using Syntax Highlighting

In your submissions, you can add syntax highlighting to your code blocks so that they are easier to read. For example:

puts "Highlight me!"

To enable syntax highlighting, you’ll need to create a fenced code block by adding triple back ticks before and after the code block and and specifying the language that you’re using.

For the previous example, the markdown for the fenced code block looks like this:

    ```ruby

    puts "Highlight me!"

    ```

For more information on syntax highlighting and the supported languages, see syntax highlighting.

Editing a Comment

Editing prior to notifications: If you are able to edit the comment within two minutes after adding the comment, then the notifications to other users around the comment will use the updated text. Integrations will trigger right away and will not receive the updated text.

To edit a comment, click the icon on the right side of the comment and click Edit.

edit-comment

Make the required changes and click Save Comment.

edit-message-box

The “Comment Updated” message is displayed.

Deleting a Comment

You can delete comments and/or private notes.

To edit a comment, click the icon on the right side of the comment and click Delete.

delete-comment

A pop-up message asking for confirmation is displayed. Click OK.

The comment is deleted and [DELETED] is displayed in the activity feed.

deleted-message

Onboarding
Account Management
Security Program Management
Invites
Engagement Management
Engagement Brief
Submission Management
Receiving Rewards
Visit bugcrowd.com