foropensource

All offers › HackerOne

HackerOne

security

HackerOne Community Edition

Free vulnerability coordination / bug bounty platform for open source projects: security page with disclosure policy, report management with discussion tools, intelligent duplicate detection, hacker reputation and private invites, API access, and analytics dashboards. Only cost is a 5% payment processing fee if you choose to pay bounties.

Eligibility: for the project; OSI license required; non-commercial only; project at least 3 months old; Must add a SECURITY.md in the project root, link to the HackerOne profile from the project website, and respond to new reports within a week.

How to apply: Application form on the page (project name, website, motivation); reviews typically complete within one business week.

last verified 2026-07-06

Verified 2026-07-06. Details changed? Fix it on GitHub.

Not sure you qualify? Match your repo against all 153 offers, or browse security.