Skip to main content

HackerOne Community Edition

Key Features & Benefits

Here at HackerOne, we are huge Open Source fans. Open source powers our platform, our infrastructure, and the way in which we engage with our community. As part of our mission to make the Internet safer, we want to make it easier for your Open Source project security program too.

As such, we are offering our popular HackerOne Pro platform as a free service for eligible Open Source projects for vulnerability submission and coordination, bug bounties, and more.

HackerOne's Community Edition is the leading platform for running an effective security program. With it you can provide a safe, structured environment for your users, developers, and hackers to submit vulnerability reports.

HackerOne's Community Edition includes tools for managing these reports, responding to them, and where appropriate, paying bounties to reward your community for their contributions.

Security Page

Your Security Page declares your project's vulnerability coordination policy to hackers.

Hacker Reputation

Each hacker's historic performance on the platform. Helpful for building community.

Private Hacker Invite

Start by inviting a few trusted hackers in a private program by reputation or username.

Discussions

Integrated tools for discussing submitted vulnerabilities from your community.

API

Utilize our API to sync your data with your internal data analytics tool.

Analytics

Query more advanced metrics to track metrics measuring your program's ROI.

Duplicate Detection

Intelligent Pattern matching finds common issues and identifies duplicate reports.

Free

Entirely free for eligible open source projects*.

* Free HackerOne Professional subscription. If you pay out cash bounties, HackerOne will charge the usual 20% payment processing fee.

Some Of Our Customers

Ruby
Rails
Django
Discourse
Gitlab
Github
Brave
Sentry

Requirements

We have a fairly simple set of eligibility requirements:

Open Source projects

Projects in scope must only be Open Source projects that are covered by an OSI license.

Be ready

Projects must be active and at least 3 months old (age is defined by shipped releases/code contributions).

Create a policy

You add a SECURITY.md in your project root that provides details for how to submit vulnerabilities (example).

Advertise your program

Display a link to your HackerOne profile from either the primary or secondary navigation on your project's website.

Be active

You maintain an initial response to new reports of less than a week.

To apply, submit the form below and include the name of your project, your project website, and share some details about why you would like to receive HackerOne Community. Please note: all approvals at the discretion of HackerOne and decisions are final.

Apply for HackerOne Community Edition

FAQ

The Platform


Do I need to host HackerOne Community Edition myself?

No. We provide the Community Edition as a SaaS (software as a service) offering. This means no setup or deployment is required. You will be all good to go!

How long will the Community Edition be available for free?

We will provide the platform for free as long as your project is actively using it and maintaining the 1-week response time requirement. If you stop using the platform or stop being responsive, we may revoke this offer.

Are there any hidden costs?

No. HackerOne's Community Edition is entirely free for your project to use.

What is the difference between HackerOne's Community Edition and HackerOne Professional?

The primary difference is that with HackerOne Professional we provide dedicated customer support and program assistance. While we provide basic support (primarily around setup/configuration), paid support is not included with HackerOne's Community Edition.

Is HackerOne's Community Edition itself Open Source?

No.

Can I integrate HackerOne's Community Edition to look and feel consistent with my project's website?

Yes, there are limited customization options available such as adding a company logo and cover image.

Can I integrate my project's single sign-on service to authenticate with HackerOne's Community Edition?

If your project's SSO provider supports SAML 2.0, it can be easily used for authentication.

Can I export all data from HackerOne Community Edition in case I want to move to a different platform?

HackerOne allows you to export your data anytime you want. Your data belongs to you, and you can take it with you.

Application Process


How long will it take for my application to be reviewed?

Most reviews are completed within 1 business week.

What are you looking for when approving an application?

Our primary goal is to ensure that we are providing HackerOne's Community Edition for projects that are (a) genuinely Open Source, (b) are non-commercial, (c) will be able to run an effective security program, and (d) will utilize it as intended.

Is my Open Source eligible if a company invests in building it?

It depends. If the application is for the betterment of the Open Source project and will be operated and run to serve that project, the application will likely be accepted. If a company is applying to save the costs of buying HackerOne Professional, we probably won't accept it.

If my application is rejected, who can I talk to?

All applications will receive a response from us and you are welcome to respond to that email - there will be a human behind it who can respond to your specific queries. Please note though, all decisions are final and are at the discretion of HackerOne. If, however,you feel you were rejected in error, please drop us a line at community-edition@hackerone.com.

Workflow Integration


Where can I learn more about using HackerOne's Community Edition?

We have a library of useful support resources at https://support.hackerone.com.

Can I integrate HackerOne's Community Edition with my code hosting platform (e.g. GitHub/GitLab)?

We support a number of different integrations, and we're always adding new ones regularly.

Bug Bounty Programs


Do I have to pay hackers for vulnerability reports?

No, you can simply use HackerOne's Community Edition for vulnerability submission and coordination. Paying hackers for bounties is an option.

How do I put money into HackerOne's Community Edition as a budget for bounties and then pay hackers?

You can either attach a credit card to your account or send HackerOne money as a prepayment for any bounties, and we will 'credit' the program for that amount. This provides a great way to reward hackers financially for approved and validated reports.

Does HackerOne charge transaction fees for bounty payments?

The 20% platform fee covers everything: the compliance checks, payment fulfillment, and year end 1099. This platform fee is on top of the bounty you award to Hackers. For example, if you decide to award a $1,000 bounty, the total cost to you will be $1,200, with $1,000 going to the Hacker and $200 to HackerOne.