BugCrowd
Overview
Section titled “Overview”Real-time updates with async data flow — this process creates risk records in Adversarial automatically from the BugCrowd platform. The BugCrowd integration allows you to manage vulnerabilities discovered through your BugCrowd submissions. All records will be in the Risk module.
- Source: Bug Bounty
- Type: Control Deficiency
- Opened By: “BugCrowd Integration”
The integration can be enabled directly from your Adversarial tenant via Settings > Integrations. The necessary detail to connect your BugCrowd environment is the API Token.
Data Flow
Section titled “Data Flow”This is a one-way, ingest-only integration:
- New records in BugCrowd are automatically synced.
- Subsequent updates are reflected in the Adversarial RSK record.
- Changes in Adversarial do not impact BugCrowd.
Status Mapping
Section titled “Status Mapping”BugCrowd submission states are mapped to Adversarial risk statuses as follows:
| BugCrowd State | Adversarial Status |
|---|---|
New | New |
Triaged | New |
Unresolved | New |
Resolved | Closure Proposed |
Informational | Closure Proposed |
Out of Scope | Closure Proposed |
Not Reproducible | Closure Proposed |
Not Applicable | Closure Proposed |
Severity Mapping
Section titled “Severity Mapping”BugCrowd priority maps to Adversarial Initially Reported Urgency (IRU):
| BugCrowd Priority | Adversarial IRU |
|---|---|
| P1 (Critical) | Critical |
| P2 (Severe) | High |
| P3 (Moderate) | Medium |
| P4 (Low) | Low |
| P5 (Informational) | Info |
Fields
Section titled “Fields”| BugCrowd Field | Adversarial Field | Notes |
|---|---|---|
title | Title | |
description | Description | Prefixed with a link to the BugCrowd submission |
submitted_at | Discovered Date | |
last_transitioned_to_resolved_at | Closed Date | |
severity | IRU | Via priority mapping above |
remediation_advice | Remediation Task |