Your organization’s Asset Inventory page allows you to create categories for assets across your organization.
Asset Inventory is a centralized interface within the HackerOne Platform that allows you to control and manage assets across various security testing engagements. This feature helps manage the scope across all customer segments. Over time, it becomes a unified record for global external assets and security testing efforts and simplifies the attack surface management process.
HackerOne Assets customers get access to complete Asset Inventory features to manage their attack surface as well as the testing scopes.
Overview
You can choose how to group assets based on tags; by default, they are grouped by domain. Clicking on a group opens a detailed list of all assets under that tag. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities. Open vulnerabilities that have been triaged and verified are carried over from programs such as Bug Bounty Inbox.
Permissions
The Asset Inventory is only viewable to organization and program admins or users with Asset Manager or Asset Viewer permissions.
Role | View assets | Manage scope | Add/remove tags | Review asset submissions |
Organization admin | Yes | Yes | Yes | Yes |
Program admin | Yes | Yes (only to programs they manage) | No | No |
Asset Manager permission | Yes | Yes | Yes | Yes |
Asset viewer permission | Yes | No | No | No |
Attack Surface Coverage Dashboard
Your Attack Surface Coverage dashboard gives an overview of your entire attack surface. It summarizes the total number of in-scope and out-of-scope assets across your program and also shows a summary of vulnerabilities found based on region, language, technology, or business unit.