Skip to content
English
NopSec.com
  • There are no suggestions because the search field is empty.

How do I Integrate Bugcrowd

This guide will walk you through the steps to integrate Bugcrowd findings into the Nopsec Platform

Creating a Read-Only API Key in Bugcrowd

In Bugcrowd, API keys inherit the exact permissions and access levels of the user account that generates them. Bugcrowd does not use granular, token-level scopes (like a standard "read-only" checkbox) when creating the key itself.

To create a read-only API key, you must first provision a dedicated user account with strictly read-only permissions (the Viewer role), and then generate the API credentials from within that specific account.

Step 1: Provision a Read-Only User Account

If you do not already have a dedicated service account, an Organization Owner or User Administrator must invite one.

  1. Log in to Bugcrowd using an Organization Owner or User Administrator account.
  2. In the top navigation bar, click the Organization tab, then select Team.
  3. Click the Invite a team member button.
  4. Enter the email address for your dedicated API service account (e.g., bugcrowd-api-readonly@yourdomain.com).
  5. Set the organization role to Member.
  6. In the program assignments section below, select the specific programs this API account needs to query. Set the role for those programs to Viewer (this grants read-only access to view submissions and briefs).
    Note: Ensure any programs you do not want the API to access are explicitly set to No Permissions.
  7. Click Send invite and complete the account registration process using the invitation link sent to that email address.

Step 2: Generate the API Credentials

Once the read-only user account is fully registered, you can generate the keys.

  1. Log out of your administrative account and log back into Bugcrowd using the new, read-only service account credentials.
  2. Click on the profile picture (avatar) in the top-right corner of the platform.
  3. Select API Credentials from the drop-down menu.
  4. If prompted to choose between using existing credentials or creating new ones, select Create New Credentials.
  5. In the App Name field, provide a descriptive name for the application making the calls (e.g., Read-Only API Key - Security Dashboard).
  6. Click the Create credentials button.
  7. The system will display your API token credentials.

Important: Immediately copy and securely store these credentials in a password vault or secrets manager. Bugcrowd will not display these values again once you refresh or leave the page.


Enable The Bugcrowd Integration in Nopsec

  1. Navigate to Integrations in the NopSec UI and select the option to add the Prisma Cloud Integration.

  2. Enter Integration Access Info: When prompted enter the following information and click the "Save and Connect" button:

    1. Connection Name: Unique name for this integration
    2. Token: The authentication key generated in the previous steps.