| title | Asset Types |
|---|---|
| path | /programs/asset-types.html |
| id | programs/asset-types |
HackerOne provides functionality to allow you to define your program's scope by listing assets that are considered in or out of scope for your program.
HackerOne supports the following types of assets:
| Type | Details |
|---|---|
| CIDR | Any valid IPv4 or IPv6 CIDR range. Examples:
|
| URL | A valid URI, per our uri_validator.rb (which mostly relies on the standard ruby library “uri” and matches the official URI RFC spec) Examples:
|
| Apple Store App ID | A standard apple identifier. Example:
|
| Testflight | A standard apple identifier. (https://developer.apple.com/testflight/) Example:
|
| Other .ipa | A standard apple identifier. Example:
|
| Google Play | A standard APK identifier. (https://developer.android.com/studio/build/application-id.html) Example:
|
| Windows Store App | Either a store ID like '9WZDNCRFHVJL' or an identifier name like 'Microsoft.SDKSamples.ApplicationDataSample' Examples:
|
Source Code, Downloadable Executables and Hardware identifiers are not validated. You are free to use this in whatever suits your naming conventions.
You can edit your scopes in your settings under program's Settings > Program > Scope.