{"id":51200497,"url":"https://github.com/projectdiscovery/oss-bounty-program","last_synced_at":"2026-06-28T00:02:32.548Z","repository":{"id":337753447,"uuid":"1131054275","full_name":"projectdiscovery/oss-bounty-program","owner":"projectdiscovery","description":"The ProjectDiscovery OSS Bounty Program exists to democratize security by rewarding meaningful contributions from the global community.","archived":false,"fork":false,"pushed_at":"2026-01-09T12:50:18.000Z","size":7,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-01T04:26:11.156Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-09T12:03:24.000Z","updated_at":"2026-03-22T05:25:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/projectdiscovery/oss-bounty-program","commit_stats":null,"previous_names":["projectdiscovery/oss-bounty-program"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/projectdiscovery/oss-bounty-program","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Foss-bounty-program","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Foss-bounty-program/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Foss-bounty-program/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Foss-bounty-program/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/oss-bounty-program/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Foss-bounty-program/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34872279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-28T00:02:31.242Z","updated_at":"2026-06-28T00:02:32.538Z","avatar_url":"https://github.com/projectdiscovery.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# ProjectDiscovery OSS Bounty Program\n\n# Purpose\n\nThe ProjectDiscovery OSS Bounty Program exists to democratize security by rewarding meaningful contributions from the global community.\n\nOur tools are used by researchers, defenders, and builders worldwide. This program ensures that anyone, anywhere, can contribute to improving ProjectDiscovery projects and be fairly recognized or rewarded for their work.\n\nWe aim to:\n\n- Lower the barrier to participation in security research and development\n- Incentivize high-impact open-source contributions\n- Foster a transparent, fair, and collabrative community\n- Improve the security ecosystem for everyone\n\n# Scope\n\n## In-Scope Projects\n\n- The program applies to official ProjectDiscovery open-source repositories, including but not limited to:\n    - Nuclei\n    - Katana\n    - Subfinder\n    - Httpx\n    - Naabu\n    - ShuffleDNS\n    - DNSx\n    - TLSx\n    - Vulnx\n    - URLFinder\n    - any other repositories explicitly labeled as **bounty.**\n- Projects must be publicly available\n- Issues or tasks eligibile for bounties will be clearly labeled (e.g., `bounty`)\n\n## Out-of-Scope Projects\n\n- Third-party dependencies\n- Forks or unofficial repositories\n\n## Who Can Participate\n\n- Anyone worldwide may participate\n- Contributors must be legally able to receive rewards\n- ProjectDiscovery employees and core maintainers may contribute but are not eligible for monetary rewards\n\nThe program is **open**, **inclusive**, **and** **global**.\n\n## Eligible Contributions\n\nOnly work explicitly marked or approved qualifies.\n\nEligible:\n\n- Bug fixes for confirmed issues\n- Performance improvements\n- Feature implementations (request by maintainers)\n- Documentation or testing improvements with meaningful impact\n- Tooling \u0026 infrastructure enhancements\n\nNot Eligible:\n\n- Unapproved or unsolicited features\n- Duplicate submissions\n- Trivial or low-quality changes\n- Known or already-reported security issues\n- Any unethical, fraudulent, or abusive behavior\n\n## Reward Structure\n\nMonetary Bounties\n\n- Fixed or variable rewards depending on impact\n- Amounts are disclosed upfront or clearly stated\n\nNon-Monetary Rewards\n\n- Public recognition (release notes)\n- ProjectDiscovery swag\n\n## How to Participate\n\n1. Find a `bounty` labeled issue\n2. Announce intent by commenting on the issue\n3. Work in public, following contribution guidelines\n4. **1 active issue** per contributor at a time\n5. Complete within **2 weeks** of claiming\n6. Submit a PR clearly linked to the issue\n7. Address review feedback\n8. Get merged\n9. Claim reward via provided instructions\n\nFirst complete, high-quality submission wins the bounty.\n\n## Review \u0026 Evaluation\n\nAll submissions are reviewed by ProjectDiscovery maintainers.\n\nEvaluation criteria:\n\n- Correctness and completeness\n- Code quality and tests\n- Adherence to project standards\n- Alignment with bounty scope\n\n## Security \u0026 Responsible Disclosure\n\n- Never disclose vulnerabilities publicly\n- Report security issues privately via [security@projectdiscovery.io](mailto:security@projectdiscovery.io)\n- Follow coordinated disclosure timeline\n- No exploitation, data access, or service distruption\n\n## Payments \u0026 Legal\n\n- Payments are typically processed within a reasonable timeframe after approval\n- Contributors are responsible for taxes and legal compliance\n- Contributions are licensed under the project’s existing open-source license\n- No employment or contractor relationship is created\n\n## Code of Conduct\n\nAll participants must:\n\n- Act ethically and respectfully\n- Avoid harassment, spam, or manipulation\n- Respect maintainers’ decisions\n- Keep discussions transparent and public\n\nViolations may result in disqualification or bans.\n\n## Program Changes\n\nProjectDiscovery may modify or end the program at any time.\n\n- Changes will be announced publicly\n- In-progress accepted work will be honored whenever possible\n\n## Contact\n\n## Why This Matters\n\nSecurity should be democratized.\n\nThis programs exists to:\n\n- Democratize security; build a healthier, more accessible security ecosystem\n- Empower independent researchers\n- Reward real-world impact\n- Strengthen open-source security tooling.\n\nIf you believe in open source security for everyone, we welcome you.\n\nHappy Hacking!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Foss-bounty-program","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Foss-bounty-program","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Foss-bounty-program/lists"}