HackerOne Community Edition

Security testing that matches your priorities and needs.

Apply Now

Hacker-Powered Security for the Open Source Community

Open source software powers HackerOne. It powers our software, our infrastructure, and our model for engaging with our community. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure.

As such, we offer a version of our popular HackerOne Bounty program for free to eligible open source projects. Use HackerOne to coordinate vulnerability reports, pay out bug bounties, and more.

Security by the community, for the community

HackerOne Community Edition gives you access to the most trusted hacker-powered security platform. With HackerOne, your contributors, users, and hackers will have a safe, place to submit vulnerability reports, making it easier for you to keep your project secure.

Features

Security Page

Your Security Page declares your project's vulnerability coordination policy to hackers.

Hacker Reputation

Each hacker's historic performance on the platform. Helpful for building community.

Private Hacker Invite

Start by inviting a few trusted hackers in a private program by reputation or username.

Discussions

Integrated tools for discussing submitted vulnerabilities from your community.

API

Utilize our API to sync your data with your internal data analytics tool.

Analytics

Query more advanced metrics to track metrics measuring your program's ROI.

Duplicate Detection

Intelligent Pattern matching finds common issues and identifies duplicate reports.

Free

Entirely free for eligible open source projects*.

* Free HackerOne Professional subscription. If you pay out cash bounties, HackerOne will charge the usual 20% payment processing fee.

Trusted By

Ruby
Rails
Django
Discourse
Brave
Sentry

Requirements

Open Source projects

Projects in scope must only be Open Source projects that are covered by an OSI license.

Be ready

Projects must be active and at least 3 months old (age is defined by shipped releases/code contributions).

Create a policy

You add a SECURITY.md in your project root that provides details for how to submit vulnerabilities (example).

Advertise your program

Display a link to your HackerOne profile from either the primary or secondary navigation on your project's website.

Be active

You maintain an initial response to new reports of less than a week.

To apply, submit the form below and include the name of your project, your project website, and share some details about why you would like to receive HackerOne Community. Please note: all approvals at the discretion of HackerOne and decisions are final.

Apply Now

Community Edition Application

FAQ

The Platform

Do I need to host HackerOne Community Edition myself?

How long will the Community Edition be available for free?

Are there any hidden costs?

What is the difference between HackerOne's Community Edition and HackerOne Professional?

Is HackerOne's Community Edition itself Open Source?

Can I integrate HackerOne's Community Edition to look and feel consistent with my project's website?

Can I integrate my project's single sign-on service to authenticate with HackerOne's Community Edition?

Can I export all data from HackerOne Community Edition in case I want to move to a different platform?

Application Process

How long will it take for my application to be reviewed?

What are you looking for when approving an application?

Is my Open Source eligible if a company invests in building it?

If my application is rejected, who can I talk to?

Workflow Integration

Where can I learn more about using HackerOne's Community Edition?

Can I integrate HackerOne's Community Edition with my code hosting platform (e.g. GitHub/GitLab)?

Bug Bounty Programs

Do I have to pay hackers for vulnerability reports?

How do I put money into HackerOne's Community Edition as a budget for bounties and then pay hackers?

Does HackerOne charge transaction fees for bounty payments?