Assets form the foundation of your program scope on the Intigriti platform. Clear and well-managed assets help researchers understand what is in scope, reduce ambiguity during testing, and ensure vulnerabilities are reported against the correct systems. By adding, importing, and maintaining assets accurately, you enable consistent targeting, meaningful reporting, and efficient program management across your organization.
⚙️Roles: Company Admin
Add assets manually
You can add assets one by one directly in the platform.
Go to Admin and open Assets.
Click Add asset.
Select the asset type.
Enter the asset name and any additional details required for that asset type.
Save your input by clicking Create Assets.
Once added, the asset becomes available on program level and can be added to their scope.
💡Note: Asset descriptions are defined at program level. This means descriptions need to be added once the asset is added to a program. This approach allows you to tailor descriptions per program, for example by sharing different context, documentation, or focus depending on the program’s scope and goals.
Import assets in bulk using CSV
Bulk import allows you to add multiple assets at once using a CSV file. This is useful when onboarding large asset inventories.
Go to Admin and open Assets.
Click Import.
Download the CSV template to ensure correct formatting.
Fill in the CSV file with your asset data, following the template structure.
Upload the completed CSV file.
Review the import summary and confirm the import.
Assets included in the CSV file are created based on the values provided. Any errors are highlighted so you can correct them before completing the import.
Manage assets
You can edit asset details, add required skills, update custom fields, or archive / delete assets that are no longer relevant.
⚠️Beware: Changes made to an asset’s type, name, or source are automatically applied to all program scopes where the asset is included and result in the creation of a new scope version.
Asset types
Intigriti supports multiple asset types to reflect the different technologies and environments that can be tested within a program. Choosing the correct type helps researchers understand what is in scope and how it should be tested.
Here are the available types:
Type | Details | Examples |
URL / Domain | Identifies a web resource. Use the base domain name (e.g., example.com) for general scope or a complete URL for a specific path/application (e.g., example.com/app1). | |
Wildcard | Specifies multiple domains or subdomains using wildcard characters (*, {placeholder}). | www.example.*, *.vpn.example.net, {customer}.example.com |
Android | An Android mobile application, typically identified by its Google Play Store link or package name. | com.example.app |
iOS | An Apple iOS mobile application, typically identified by its App Store link or identifier. | 12345678, |
IP Range | A range of IP addresses, often specified using CIDR notation. | 172.200.0.0/16, 2001:db8::/48, 104.16.100.52 |
Device | A specific hardware device or piece of equipment. | IoT Thermostat Model X, Router Firmware v2.1 |
Source code | The source code of an application or program. | |
AI Model | An AI model that can be used to make predictions or decisions. | A machine learning model file ( |
Other | For assets that don't fit neatly into the predefined categories. Provide a clear description. | Browser extension, |
Best Practices
Use a pragmatic level of granularity when defining assets so they are specific enough to be meaningful but not overly fragmented.
For APIs with multiple endpoints, define them as a single asset and use the asset description to list available endpoints and link relevant documentation. This keeps your asset structure clean while giving researchers the context they need.
Avoid grouping unrelated systems or large clusters under a single asset, as this reduces reporting accuracy and limits meaningful insights.
Try to avoid using the Other asset type unless it is really needed, as it prevents researchers from easily finding relevant assets and matching them correctly.
Always add a short, clear description to each asset. Asset descriptions help clarify scope expectations and provide asset-specific guidance, reducing confusion and unnecessary questions.