Skip to main content
Community Edition

HackerOne Community Edition

Security testing that matches your priorities and needs.

Hacker-Powered Security for the Open Source Community

Hacker-Powered Security for the Open Source Community

Open source software powers HackerOne. It powers our software, our infrastructure, and our model for engaging with our community. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure.

As such, we offer a version of our popular HackerOne Bounty program for free to eligible open source projects. Use HackerOne to coordinate vulnerability reports, pay out bug bounties, and more.

Security by the Community, for the Community

Security by the Community, for the Community

HackerOne Community Edition gives you access to the most trusted hacker-powered security platform. With HackerOne, your contributors, users, and hackers will have a safe, place to submit vulnerability reports, making it easier for you to keep your project secure.


* Free HackerOne Enterprise subscription. If you pay out cash bounties, HackerOne will charge a 5% payment processing fee.

Trusted By


  • Open Source Projects
    Projects in scope must only be Open Source projects that are covered by an OSI license.
  • Be Ready
    Projects must be active and at least 3 months old (age is defined by shipped releases/code contributions).
  • Create a Policy
    You add a in your project root that provides details for how to submit vulnerabilities (example).
  • Advertise Your Program
    Display a link to your HackerOne profile from either the primary or secondary navigation on your project’s website.
  • Be Active
    You maintain an initial response to new reports of less than a week.

Community Edition Application

To apply, submit the form below and include the name of your project, your project website, and share some details about why you would like to receive HackerOne Community. Please note: all approvals at the discretion of HackerOne and decisions are final.

Do I need to host HackerOne Community Edition myself?
How long will the Community Edition be available for free?
Are there any hidden costs?
What is the difference between HackerOne's Community Edition and other HackerOne product editions?
Is HackerOne's Community Edition itself open source?
Can I integrate my project's single sign-on service to authenticate with HackerOne's Community Edition?
Can I export all data from HackerOne Community Edition in case I want to move to a different platform?
How long will it take for my application to be reviewed?
What are you looking for when approving an application?
Is my open source eligible if a company invests in building it?
If my application is rejected, who can I talk to?
Where can I learn more about using HackerOne's Community Edition?
Can I integrate HackerOne's Community Edition with my code hosting platform (e.g. GitHub/Gitlab)?
Do I have to pay hackers for vulnerability reports?
How do I put money into HackerOne's Community Edition as a budget for bounties and then pay hackers?
Does HackerOne charge transaction fees for bounty payments?