This integration is configured through the Invicti ASPM product.
Bug bounty overview
What is bug bounty integration?
Bug bounty integrations allow you to ingest vulnerability findings reported through external bug bounty programs directly into Invicti ASPM. This brings researcher-reported vulnerabilities into the same unified view as your automated scanner findings, enabling consistent triage, prioritization, and remediation workflows across all vulnerability sources.
Invicti AppSec Core includes a preconfigured Invicti SCA scanner that is automatically activated with your package. The integrations on this page are for teams using Invicti ASPM who want to connect their own SCA tools instead. See AppSec Core scanners overview for details on the built-in scanner.
How it works
Bug bounty integrations connect Invicti ASPM to your bug bounty platform and pull in validated findings on a scheduled or on-demand basis:
- Finding ingestion — pulls accepted and validated vulnerability reports from your bug bounty program into ASPM.
- Deduplication — compares incoming bug bounty findings against existing vulnerabilities from automated scanners to avoid duplicate tracking.
- Unified triage — bug bounty findings appear alongside SAST, DAST, SCA, and other scanner results in the ASPM vulnerability view, enabling consistent SLA and workflow management.
- Status synchronization — updates to vulnerability status in ASPM (such as marking a finding as resolved) can be reflected back to the bug bounty platform.
Why integrate bug bounty findings?
Bug bounty programs surface vulnerabilities that automated scanners often miss — particularly complex business logic flaws, chained vulnerabilities, and application-specific edge cases that require human creativity to discover. Centralizing these findings in ASPM alongside your automated results gives security teams a complete picture of their application risk without managing separate tools or tracking spreadsheets.
Supported bug bounty platforms
The following bug bounty integration is available through Invicti ASPM:
| Platform | Type | Authentication |
|---|---|---|
| HackerOne | Connection | API token |
Need help?
The Invicti Support team is ready to provide technical assistance. Go to Help Center