Skip to main content

Asset Inventory

Organizations: Manage your attack surface with Asset Inventory

Updated over a week ago

Your organization’s Asset Inventory page allows you to create categories for assets across your organization.

Asset Inventory is a centralized interface within the HackerOne Platform that allows you to control and manage assets across various security testing engagements. This feature helps manage the scope across all customer segments. Over time, it becomes a unified record for global external assets and security testing efforts and simplifies the attack surface management process.

HackerOne Assets customers get access to complete Asset Inventory features to manage their attack surface as well as the testing scopes.

Overview

You can choose how to group assets based on tags; by default, they are grouped by domain. Clicking on a group opens a detailed list of all assets under that tag. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities. Open vulnerabilities that have been triaged and verified are carried over from programs such as Bug Bounty Inbox.

Permissions

Who can see assets?

All organization members can view assets, even if they’re not part of a group with Asset Viewer or Asset Manager permissions—you may see assets in contexts like adding users or assigning reports. However, you will not be able to open the Asset Inventory page.

Who can access asset inventory?

To use the full Asset Inventory interface—where you can view, filter, tag, and manage assets—you must have one of these permissions:

  • Asset Viewer

  • Asset Manager

  • Organization Admin

  • Program Admin (only for their assigned programs)

Role

View assets

Manage scope

Add/remove tags

Review asset submissions

Organization admin

Yes

Yes

Yes

Yes

Program admin

Yes

Yes (only to programs they manage)

No

No

Asset Manager permission

Yes

Yes

Yes

Yes

Asset viewer permission

Yes

No

No

No

Attack Surface Coverage Dashboard

Your Attack Surface Coverage dashboard gives an overview of your entire attack surface. It summarizes the total number of in-scope and out-of-scope assets across your program and also shows a summary of vulnerabilities found based on region, language, technology, or business unit.

Did this answer your question?