BugBase Documentation
  • 👋Welcome to BugBase Docs
  • Overview
    • 💡What we do
    • ⚡Changelogs
    • ✨Our Features
    • 📂Programs at BugBase
      • Vulnerability Disclosure Program (VDP)
      • Bug Bounty Program
      • Private Bounty Program
      • Pentest Program (VAPT)
  • Report Lifecycle
    • Bug Report
    • Report Status
  • How To
    • 👨‍💻Invite Organization Members to BugBase (RBAC)
    • 🚩Setup a Campaign for better program engagement
    • 🐛Submit a Bug Report on BugBase
    • 📑Create a Bug Bounty Program on BugBase
    • ⬇️Download the mobile app
  • Company Guide
    • 👨‍💼Create a Company Account
    • 🧭Navigation
    • 🛡️Assets Dashboard
    • 🗝️Credential Vaults
      • Creating a Credential Vault
      • Adding Credentials to Vault
      • Connect Credential Vault to an Asset
      • Require Whitelisting for a Credential
    • 🔐VPN Servers
      • Create, Configure and Deploy VPN server
      • Monitor Live Statistics and Logs
    • 🗂️Programs Dashboard
      • ⛳Create a Program
    • 📢Customer Support
    • 💵Bounty Bin
    • ⚙️Company Settings
      • 👨‍🏫Profile
      • 🏢Organisation
      • 👨‍🏭Roles and Permissions
      • 🔐Security & Authentication
        • Multi-Factor Authentication
        • SSO with SAML
          • Okta SSO setup via SAML
          • Google SSO setup via SAML
      • 🎨Customization
        • Automations
        • Report Tags
      • 📙Manage Access
    • 📈Insights Dashboard
    • 🔊Campaigns
    • 💲Understanding Currencies Used in BugBase
    • 🤝Whitelist
  • Program guide
    • Bug Bounty Dashboard
      • Program Reports Section
        • Report Components
        • Report Actions
        • Duplicating Reports
        • Assigning Swags
        • Assigning Bounties
        • Assigning Thanks to Reporters
        • Assigning Bonus Bounty
        • Automatic Response Generator using ChatGPT
      • Program Policy
        • Editing Program Policy
          • Best Practices For Designing Policy
          • Best Practices For Bounty Tables
      • Payouts
      • Settings
    • Private Bug Bounty Dashboard
      • Invite Hackers
      • Manage Credentials
    • VDP Dashboard
    • Pentest Dashboard
      • Pentest Overview
      • Vulnerabilities Section
        • Pentest Report Components
        • Pentest Report Actions
      • Global Pentest Chat
    • Competition Dashboard
      • Dashboard
      • Creating a Competition
        • Adding Challenges
      • Manage Competitions
        • Statistics
        • Leaderboard
        • Manage Users
  • Bounty Hunter Guide
    • Bounty Hunter Dashboard
    • Bounty Hunter Profile
    • Programs Directory
      • Program Policy Page
      • Credentials
      • VPN Access
      • Whitelist
      • Collaborate
    • Bounty Hunter Reports Section
      • Submitting Reports
      • Interaction with Program Representees
      • Collaboration
      • Response Generation through ChatGPT on Report Chat
    • Competitions
    • Discord Community
    • Leaderboard
    • Multi-Factor Authentication
    • Settings
      • Verify KYC
    • Email Alias
    • 🚀Apollo Community
  • Integrations
    • 🔗Supported Integrations
    • Webhooks
    • JIRA
      • Creating a JIRA Issue
    • Slack
      • Managing Integration
    • Microsoft Teams
    • Github
    • Asana
    • Sumo Logic
    • PagerDuty
  • on-premise
    • Running Automated Testing
    • Sandbox Environment
Powered by GitBook
On this page
  • Report Data
  • Metadata Panel
  • Conversation Timeline

Was this helpful?

  1. Program guide
  2. Bug Bounty Dashboard
  3. Program Reports Section

Report Components

Reports are an essential part of a bug bounty program as they provide program managers with detailed information about a vulnerability, allowing them to understand the scope and impact of the issue, and take appropriate action to address it.

Report Data

Reports typically consist of different components that provide a holistic view of the vulnerability, including:

  • Report Summary: A brief overview of the vulnerability or issue reported, including a summary of the potential impact and severity of the issue.

  • Vulnerability Impact: An assessment of the potential impact of the vulnerability on the affected system or application, including the potential risks or consequences.

  • Description: A detailed explanation of the vulnerability or issue, including technical details of how it can be exploited, and the affected systems or applications.

  • Proof of Concept: A demonstration of how the vulnerability can be exploited, such as proof-of-concept code or a video.

Metadata Panel

The Metadata Panel is a feature located on the right side of the report in that provides program managers with detailed information about the report and the reporter. The information included in the Metadata Panel is essential for program managers to understand the scope and impact of the vulnerability and to take appropriate action to address it.

Some of the key information included in the Metadata Panel are:

  • Report ID: A unique identifier for the report, which can be used to refer to the report in future communications.

  • Report Title: A brief title that summarises the vulnerability or issue reported.

  • Vulnerability Category: The category of the vulnerability, such as Cross-Site Scripting (XSS) or SQL Injection.

  • Priority: The priority assigned to the vulnerability, which indicates the urgency of addressing the issue.

  • Vulnerable Endpoint: The specific location or endpoint where the vulnerability occurs, such as a specific URL or API endpoint. [This is an optional field]

  • Report Status: The current status of the report, such as New, Triaged, Resolved, or Closed.

  • Report Assignee: The individual or team responsible for evaluating and addressing the vulnerability.

  • Reporter: Information about the reporter, such as their username and KYC (Know Your Customer) status.

Conversation Timeline

The Report Timeline is a feature that provides a chronological view of all the activity that occurs in a report between the program managers and the hackers involved. It allows program managers to track the progress of the report and stay informed of any updates or changes.

The Report Timeline shows the following activities:

  • Comments: When program managers or researchers add a comment to the report.

  • State Changes: When the state of the report changes, such as from "New" to "Triaged" or "Resolved".

  • Assignments: When the report is assigned to a program manager or team member.

  • Reward Updates: When a reward is assigned for a given report.

  • Severity Changes: When the severity of the report changes, such as from "P3" to "P1".

The Report Timeline provides program managers with a clear view of all the activity that has occurred on the report and helps them to understand the progress of the report, as well as any changes that have been made.

PreviousProgram Reports SectionNextReport Actions

Last updated 6 months ago

Was this helpful?