The Bugcrowd API
React to platform events
Make your homegrown apps react to events in the platform, such as triage status of a vulnerability.
Flow findings into your SDLC
The Bugcrowd API allows you to easily create rich, custom connections to existing development and security systems.
Researchers: Integrate Bugcrowd with your toolbox
Researchers can use various programming languages to integrate the flexible Bugcrowd API with custom and commercial tools.
Partners: Easily build integrations
Partners can use the API to easily build certified integrations with Bugcrowd that streamline remediation for their own solutions.
BUGCROWD API
Enrich homegrown apps with Bugcrowd functionality
Using our industry-standard programmatic interface, customers have strengthened their security posture by integrating Bugcrowd functionality into their workflows. For example, you can use a webhook to make homegrown applications react to key event triggers, such as penetration-test-methodology-completed, vulnerability-triaged, or bug-bounty-reward-increased.
RESEARCHER USE CASES
For Researchers: Find valuable programs using your own tools
Researchers can use Node.js, Shell, Ruby, Python, and many other programming languages to integrate the Bugcrowd API with their custom tools and with commercial tools such as Burp Suite (see code samples). We also have a RESTful API based on HTTPS requests and JSON responses, secured with API tokens. For example, a researcher may use the API to fetch all unblocked assigned submissions.
Featured Resource
Bugcrowd Security Knowledge Platform
This ebook offers an overview of how the Bugcrowd Platform orchestrates data, technology, and human intelligence to integrate the best security researchers in the world with your security workflows, while matching the right researchers to your goals, environment, and use cases at the right time.
Download eBook
PARTNER INTEGRATIONS
For Partners: Streamline remediation at scale
The key to protecting customers expanding digital attack surface is to quickly remediate security flaws. The Bugcrowd API makes it easier to do that at scale because it enables integration with SDLC tools. For example, a partner may use the open API to synchronize the state of an engineer’s fix ticket with the Bugcrowd vulnerability, which closes the loop and reassures a customer about their security posture. Numerous partners have built certified integrations to Bugcrowd in the fields of Incident Response (SOAR and SIEM), Communication, Alerting, Vulnerability Management, and Developer Education.
Get started with Bugcrowd
Attackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.