Your organization’s Asset Inventory page allows you to create categories for assets across your organization.
Asset Inventory is a centralized interface within the HackerOne Platform that allows you to control and manage assets across various security testing engagements. This feature helps manage the scope across all customer segments. Over time, it becomes a unified record for global external assets and security testing efforts and simplifies the attack surface management process.
HackerOne Assets customers get access to complete Asset Inventory features to manage their attack surface as well as the testing scopes.
Overview
You can choose how to group assets based on tags; by default, they are grouped by domain. Clicking on a group opens a detailed list of all assets under that tag. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities. Open vulnerabilities that have been triaged and verified are carried over from programs such as Bug Bounty Inbox.
Permissions
Who can see assets?
All organization members can view assets, even if they’re not part of a group with Asset Viewer or Asset Manager permissions—you may see assets in contexts like adding users or assigning reports. However, you will not be able to open the Asset Inventory page.
Who can access asset inventory?
To use the full Asset Inventory interface—where you can view, filter, tag, and manage assets—you must have one of these permissions:
Asset Viewer
Asset Manager
Organization Admin
Program Admin (only for their assigned programs)
Role | View assets | Manage scope | Add/remove tags | Review asset submissions |
Organization admin | Yes | Yes | Yes | Yes |
Program admin | Yes | Yes (only to programs they manage) | No | No |
Asset Manager permission | Yes | Yes | Yes | Yes |
Asset viewer permission | Yes | No | No | No |
Attack Surface Coverage Dashboard
Your Attack Surface Coverage dashboard gives an overview of your entire attack surface. It summarizes the total number of in-scope and out-of-scope assets across your program and also shows a summary of vulnerabilities found based on region, language, technology, or business unit.