Solutions
- Initiatives
  - Business Initiatives
    What is your cybersecurity need?
  - Secure the Attack Surface
    Protect your evolving assets.
  - Secure Software Development
    Scale app security across the SDLC.
  - Digital Brand Trust
    Build your brand and protect your customers.
  - Ensure Compliance
    Meet compliance requirements and more.
  - Hidden Placeholder
    Hidden Placeholder
- Industries
Products
- Explore
  - Explore the Products
    Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
  - Security Assessments
    Test your organization's security preparedness with HackerOne Assessment.
    
    Pentest
    Establish a compliant vulnerability assessment process.
  - Response
    The first step in receiving and acting on vulnerabilities discovered by third-parties.
  - Bounty
    Continuous testing to secure applications that power organizations.
  - Clear + Gateway
    Highly vetted, specialized researchers with best-in-class VPN.
  - Services
    Enhance your hacker-powered security program with our Advisory and Triage Services.
Why HackerOne
- For Business
- For Hackers
Company
- About HackerOne
- In the News
  - Press
  - Press Archive
Resources
- Resources
- Events
  - Events
  - Security@ Conference
Contact Us

HackerOne Community Edition

Security testing that matches your priorities and needs.

Hacker-Powered Security for the Open Source Community

Open source software powers HackerOne. It powers our software, our infrastructure, and our model for engaging with our community. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure.

As such, we offer a version of our popular HackerOne Bounty program for free to eligible open source projects. Use HackerOne to coordinate vulnerability reports, pay out bug bounties, and more.

Security by the community, for the community

HackerOne Community Edition gives you access to the most trusted hacker-powered security platform. With HackerOne, your contributors, users, and hackers will have a safe, place to submit vulnerability reports, making it easier for you to keep your project secure.

Features

Security Page

Your Security Page declares your project's vulnerability coordination policy to hackers.

Hacker Reputation

Each hacker's historic performance on the platform. Helpful for building community.

Private Hacker Invite

Start by inviting a few trusted hackers in a private program by reputation or username.

Discussions

Integrated tools for discussing submitted vulnerabilities from your community.

API

Utilize our API to sync your data with your internal data analytics tool.

Analytics

Query more advanced metrics to track metrics measuring your program's ROI.

Duplicate Detection

Intelligent Pattern matching finds common issues and identifies duplicate reports.

Free

Entirely free for eligible open source projects*.

* Free HackerOne Enterprise subscription. If you pay out cash bounties, HackerOne will charge a 5% payment processing fee.

Trusted By

Requirements

Open Source projects

Projects in scope must only be Open Source projects that are covered by an OSI license.

Be ready

Projects must be active and at least 3 months old (age is defined by shipped releases/code contributions).

Create a policy

You add a SECURITY.md in your project root that provides details for how to submit vulnerabilities (example).

Advertise your program

Display a link to your HackerOne profile from either the primary or secondary navigation on your project's website.

Be active

You maintain an initial response to new reports of less than a week.

To apply, submit the form below and include the name of your project, your project website, and share some details about why you would like to receive HackerOne Community. Please note: all approvals at the discretion of HackerOne and decisions are final.

Apply Now

Community Edition Application

FAQ

The Platform

Do I need to host HackerOne Community Edition myself?

No. We provide the Community Edition as a SaaS (software as a service) offering. This means no setup or deployment is required. You will be all good to go!

How long will the Community Edition be available for free?

We will provide the platform for free as long as your project is actively using it and maintaining the 1-week response time requirement. If you stop using the platform or stop being responsive, we may revoke this offer.

Are there any hidden costs?

No. HackerOne’s Community Edition is entirely free for your project to use.

What is the difference between HackerOne's Community Edition and other HackerOne product editions?

The primary difference is that with HackerOne's paid product offerings, we provide dedicated customer support and program assistance. While we provide basic support (primarily around setup/configuration), paid support is not included with HackerOne's Community Edition.

Is HackerOne's Community Edition itself Open Source?

No.

Can I integrate HackerOne's Community Edition to look and feel consistent with my project's website?

Yes, there are limited customization options available such as adding a company logo and cover image.

Can I integrate my project's single sign-on service to authenticate with HackerOne's Community Edition?

If your project's SSO provider supports SAML 2.0, it can be easily used for authentication.

Can I export all data from HackerOne Community Edition in case I want to move to a different platform?

HackerOne allows you to export your data anytime you want. Your data belongs to you, and you can take it with you.

Application Process

How long will it take for my application to be reviewed?

Most reviews are completed within 1 business week.

What are you looking for when approving an application?

Our primary goal is to ensure that we are providing HackerOne's Community Edition for projects that are (a) genuinely Open Source, (b) are non-commercial, (c) will be able to run an effective security program, and (d) will utilize it as intended.

Is my Open Source eligible if a company invests in building it?

It depends. If the application is for the betterment of the Open Source project and will be operated and run to serve that project, the application will likely be accepted. If a company is applying to save on the costs of buying HackerOne's paid product offerings, we probably won't accept it.

If my application is rejected, who can I talk to?

All applications will receive a response from us, and you are welcome to respond to that email -- there will be a human behind it who can respond to your specific queries. Please note though, all decisions are final and are at the discretion of HackerOne. If, however, you feel you were rejected in error, please drop us a line at community-edition@hackerone.com.

Workflow Integration

Where can I learn more about using HackerOne's Community Edition?

We have a library of useful support resources at https://docs.hackerone.com.

Can I integrate HackerOne's Community Edition with my code hosting platform (e.g. GitHub/GitLab)?

We support a number of different integrations, and we're always adding new ones regularly.

Bug Bounty Programs

Do I have to pay hackers for vulnerability reports?

No, you can simply use HackerOne's Community Edition for vulnerability submission and coordination. Paying hackers for bounties is an option.

How do I put money into HackerOne's Community Edition as a budget for bounties and then pay hackers?

You can either attach a credit card to your account or send HackerOne money as a prepayment for any bounties, and we will 'credit' the program for that amount. This provides a great way to reward hackers financially for approved and validated reports.

Does HackerOne charge transaction fees for bounty payments?

The 5% payment processing fee (greatly reduced for Community Edition programs) goes towards compliance checks, payment fulfillment, and year end 1099. This fee is on top of the bounty you award to Hackers. For example, if you decide to award a $1,000 bounty, the total cost to you will be $1,050, with $1,000 going to the hacker and $50 to HackerOne.