Important Update: Starting May 14, 2025, domains will no longer be managed separately within each program. Instead, they are managed centrally as company-level assets. As part of this transition, previously duplicate domains with identical names and types have been automatically merged into single, unique asset entries. External APIs and existing integrations are not affected by this update.
Key takeaways:
Assets are managed centrally at the company level.
Company Admins can create, edit, and archive/unarchive company assets. Edits affect all programs using the asset.
Program Admins/Editors can create company assets, add/remove them to/from their program scope and manage program-specific details like tiers and descriptions.
Who this article is for:
Company Admins
Program Admins
Program Editors
What are assets
An asset in the platform represents a unique resource, such as a domain (example.com), an application (iOS or Android app), or an IP range, that belongs to your entire company.
Key characteristics of assets include:
Company-level ownership: assets are fundamentally resources owned and managed at the company level.
Centralized list: All your company's assets reside in a single, authoritative list, providing a unified inventory.
Unique entries: An asset is considered unique based on its name and type. Each resource such as a specific domain is listed only once in the central inventory, even if it's used across multiple programs. This ensures there are no duplicates and keeps the asset list clean and consistent.
Status tracking: Every asset has a status (e.g., Active or 'Archived') indicating its current relevance. You can archive assets that are deprecated or temporarily inactive, and reactivate them later if needed.
Your assets form the available pool of resources that Program Admins and Editors can add to the scope of their specific programs. 'asset' is the standard term for these centrally managed resources.
How to manage assets
Manage assets as a Company Admin
Company Admins have primary control over the company's asset inventory:
Create asset: Add new, unique assets to the company list.
Edit asset: Modify thename or type of a company asset. Important: Changes to the company asset are being pushed to all program assets creating a new scope vers ion.
Archive asset: You can mark assets as no longer relevant by archiving them. If an asset is still linked to an active program, you'll need to explicitly confirm its removal from that program's scope before it can be archived.
Unarchive asset: You can easily bring archived assets back into use. Once unarchived, they can be re-added to any program scope as needed.
βDelete asset: Permanently remove an asset from the company list. Important: This action is only possible if the asset is currently archived and has no submissions linked to it (e.g., a created asset like example.com that never received submissions).
Managing assets as a Program Admin/Editor
Program Admins and Editors manage how company assets relate to their specific programs:
Create asset: Add new, unique assets to the company list.
Add to scope: Select new or existing company assets and add them to your program's scope.
Remove from scope: Take an asset out of your program's scope without affecting the central company asset list or its presence in other programs.
Specify tier: Assign program-specific bounty tiers to assets within your scope.
Add description: Add program-specific descriptions to assets within your scope.
β
π‘Editing restriction: Please note that core asset details (such as name or type) cannot be edited within a program. These changes must be made at the company level by a Company Admin to ensure consistency across all programs and avoid unintended impact.
Asset Types
When creating or editing an asset, you can assign it a specific type. This helps categorize your assets accurately and will supports future platform capabilities.
Here are the available types:
Type | Details | Examples |
URL / Domain | Identifies a web resource. Use the base domain name (e.g., example.com) for general scope or a complete URL for a specific path/application (e.g., example.com/app1). | www.example.com, myprogram.com, www.example.com/app1, www.example.com/app2 |
Wildcard | Specifies multiple domains or subdomains using wildcard characters (*, {placeholder}). | www.amazon.*, *.vpn.example.net, {customer}.example.com |
Android | An Android mobile application, typically identified by its Google Play Store link or package name. | com.example.app, Google Play Store link |
iOS | An Apple iOS mobile application, typically identified by its App Store link or identifier. | App Store hyperlink, App Store ID |
IP Range | A range of IP addresses, often specified using CIDR notation. | 172.200.0.0/16, 2001:db8::/48, 104.16.100.52 |
Device | A specific hardware device or piece of equipment. | IoT Thermostat Model X, Router Firmware v2.1 |
Other | For assets that don't fit neatly into the predefined categories. Provide a clear description. | Source Code Repository, Internal API Endpoint, Hardware Appliance XYZ |
Best Practices
Do: Regularly review your company asset list for accuracy and completeness.
Do: Use the 'Archive' function for assets that are truly deprecated or no longer relevant.
Do: Coordinate with other Company Admins (if applicable) on a consistent strategy for naming and managing assets.
Don't: Create a new company asset if an identical one already exists. Search the list first.
Don't: Forget that editing a company asset impacts all programs using it. Communicate changes if necessary.
Common pitfalls:
Forgetting to add newly created company assets to the relevant program scopes.
Not archiving old or unused assets, leading to a cluttered company asset list.
Expert tips:
Utilize the program-specific description field to add context relevant only to that program's testers.
Establish clear internal guidelines on who is responsible for creating and maintaining company assets.