To change the settings of your bounty program:
Configure your general settings under Engagements > Dashboards > Settings. You can also get to it by clicking the kabob menu in the top right corner of an engagement card and selecting Settings. You can set up these settings:
Option | Detail |
Information | Configure what information shows on your program's Security Page. You can choose from these fields: |
Product Edition | Select your product editions. You can choose between Bounty Professional and Bounty Enterprise. |
Authentication | Configure your authentication settings. You can set up SAML and IP allowlists. |
User Management | Invite and manage users in your program. You can manage which groups each member is a part of. |
Group Management | Add and edit various groups in your program. You can also add and remove users to these groups. |
Billing | Enter your billing info in the Overview, Credit Card, and Prepayment tabs. |
Under Program Settings > Program configure these settings for your program:
Option | Detail |
Customize your program's guidelines and scope you want to communicate to hackers. | |
Customize your report form that hackers will use to send vulnerabilities about your program. | |
Set your program's Response Service Level Agreements (SLA) by configuring your target business days. | |
Metrics Display | Select the metrics you want to display on your program's page to communicate to hackers the statistics about your program. |
Email Notifications | Every report activity triggers email notifications sent to members in your program. Select what content you want to include. |
Configure what tabs you want showing in your inbox. | |
Set how you want your hacker invitations managed. | |
Configure your Signal Requirement settings. | |
Configure bounty and reward settings. | |
Select whether your program would like to give swag as a reward. | |
Set default common responses to reply in your reports. | |
Set triggers to execute automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with a given trigger word. | |
Configure your integrations with other services to streamline your workflow. | |
API | Create API tokens. |
Hackbot | Hackbot is HackerOne's free automated service that provides you with guidance regarding your reports by providing contextual advice and actionable items to improve your user experience. Configure which actions you want Hackbot to suggest. |
Once your program settings have been configured and you exit the setup environment, your program will be live as a confidential, invitation-only program.