Skip to main content
Asset Inventory

Organizations: Manage your attack surface with Asset Inventory

Updated over 4 months ago

Your organization’s Asset Inventory page allows you to create categories for assets across your organization.

Asset Inventory is a centralized interface within the HackerOne Platform that allows you to control and manage assets across various security testing engagements. This feature helps manage the scope across all customer segments. Over time, it becomes a unified record for global external assets and security testing efforts and simplifies the attack surface management process.

HackerOne Assets customers get access to complete Asset Inventory features to manage their attack surface as well as the testing scopes.

Overview


You can choose how to group assets based on tags; by default, they are grouped by domain. Clicking on a group opens a detailed list of all assets under that tag. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities. Open vulnerabilities that have been triaged and verified are carried over from programs such as Bug Bounty Inbox.

Permissions

The Asset Inventory is only viewable to organization and program admins or users with Asset Manager or Asset Viewer permissions.

Role

View assets

Manage scope

Add/remove tags

Review asset submissions

Organization admin

Yes

Yes

Yes

Yes

Program admin

Yes

Yes (only to programs they manage)

No

No

Asset Manager permission

Yes

Yes

Yes

Yes

Asset viewer permission

Yes

No

No

No

Attack Surface Coverage Dashboard

Your Attack Surface Coverage dashboard gives an overview of your entire attack surface. It summarizes the total number of in-scope and out-of-scope assets across your program and also shows a summary of vulnerabilities found based on region, language, technology, or business unit.

Did this answer your question?