Skip to main content

Asset Management

The Assets section is where you define what BleedWatch monitors. Assets represent the domains, organizations, repositories, and packages that make up your organization's public attack surface.

Asset Types

BleedWatch supports the following asset types:

Asset TypeExample ValueWhat It Monitors
Domainyourcompany.comSubdomain enumeration, host discovery, TLS monitoring
GitHub Organizationyour-github-orgPublic repositories for exposed secrets
GitHub Usernameyour-usernamePersonal public repositories
GitHub Repositoryorg/repo-nameA specific repository
NPM Organization@yourscopeAll packages under the NPM scope
NPM Usernameyour-npm-userPackages published by this user
NPM Packageyour-packageA specific NPM package
Docker Organizationyour-docker-orgAll images in the Docker Hub organization
Docker Usernameyour-docker-userImages published by this user
Docker Imageyour-imageA specific Docker Hub image
GitLab Groupyour-groupAll projects in the GitLab group
GitLab Projectgroup/projectA specific GitLab project
IP Range203.0.113.0/24Infrastructure in the specified IP range

Adding an Asset

  1. Click Add Asset in the top right
  2. Select the Asset Type from the dropdown
  3. Enter the Value (the identifier to monitor)
  4. Optionally set a Display Name for easier identification
  5. Choose a Scan Frequency:
    • Hourly — For critical assets requiring near-real-time monitoring
    • Daily — Recommended for most assets
    • Weekly — For lower-priority or stable assets
  6. Click Add Asset
Start with Your Domain

If you are setting up BleedWatch for the first time, start by adding your primary domain. This triggers subdomain discovery and gives you immediate visibility into your public infrastructure.

Monitoring Toggle

Each asset has an active/inactive toggle. When monitoring is disabled:

  • No new scans will be scheduled for this asset
  • Existing findings remain visible
  • The asset is excluded from risk score calculations

Use the toggle to temporarily pause monitoring without deleting the asset and its history.

Scan Frequency

The scan frequency determines how often BleedWatch checks the asset for changes:

FrequencyBest For
HourlyProduction domains, critical GitHub organizations
DailyStandard monitoring for most assets
WeeklyStable, low-risk assets or large package registries
note

Higher scan frequencies consume more of your plan's scan quota. Adjust frequencies based on how often the asset changes and its criticality.

Filtering Assets

Use the type filter dropdown to view assets of a specific type. This helps when you manage many assets across different platforms.

Asset Metrics

The metrics bar at the top shows:

  • Total Assets — Number of configured assets
  • Active — Assets with monitoring enabled
  • Inactive — Assets with monitoring paused
  • Types — Number of distinct asset types in use

Best Practices

  1. Cover all surfaces — Add assets for every platform where your organization publishes code or hosts services
  2. Use organization-level assets — Adding a GitHub Organization or NPM Organization automatically covers all current and future repositories/packages
  3. Set appropriate frequencies — Critical production assets should be scanned hourly; internal tools can use daily or weekly
  4. Review inactive assets — Periodically check if paused assets should be reactivated or removed
  5. Name your assets — Use display names to make large asset lists easier to navigate

Troubleshooting

Asset Not Scanning

If an asset shows "Never" under Last Scanned:

  1. Check that the monitoring toggle is Active (enabled)
  2. Verify the asset value is correct (e.g., exact organization name, valid domain)
  3. Allow time for the scan scheduler to pick up newly added assets

Duplicate Asset Warning

BleedWatch prevents adding duplicate assets of the same type and value. If you need to monitor the same entity with different settings, consider using a more specific asset type (e.g., a specific repository instead of an entire organization).