The [**New Relic Infrastructure** agents](https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure/installation) are used to send information (running processes, memory usage, etc.) from Windows and Linux servers to be viewed within the **New Relic** web application. We may provide rewards for security issues found within the **Infrastructure** agent that could reduce the security of the systems the agent runs on. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
The [**New Relic** Go agent](https://docs.newrelic.com/docs/agents/go-agent/get-started/introduction-new-relic-go) is [installed](https://docs.newrelic.com/docs/agents/go-agent/installation/install-new-relic-go) within a [supported Go application](https://docs.newrelic.com/docs/agents/go-agent/get-started/go-agent-compatibility-requirements). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the Go agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
Source code for this agent can be inspected [on GitHub](https://github.com/newrelic/go-agent).
The [**New Relic** Node.js agent](https://docs.newrelic.com/docs/agents/nodejs-agent/getting-started/introduction-new-relic-nodejs) can by [installed via `npm`](https://docs.newrelic.com/docs/agents/nodejs-agent/installation-configuration/install-maintain-nodejs) within a [supported Node.js application](https://docs.newrelic.com/docs/agents/nodejs-agent/getting-started/new-relic-nodejs#requirements). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the Node.js agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
Source code for this agent can be inspected [on GitHub](https://github.com/newrelic/node-newrelic).
The [**New Relic** .NET agent](https://docs.newrelic.com/docs/agents/net-agent/getting-started/introduction-new-relic-net) can by [installed](https://docs.newrelic.com/docs/agents/net-agent/installation/install-enable-new-relic-net-agent) within a [supported .NET Framework application](https://docs.newrelic.com/docs/agents/net-agent/getting-started/compatibility-requirements-net-agent). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the .NET Framework agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
The [**New Relic** .NET Core agent](https://docs.newrelic.com/docs/agents/net-agent/getting-started/introduction-new-relic-net) can by [installed](https://docs.newrelic.com/docs/agents/net-agent/installation/install-enable-new-relic-net-agent) within a [supported .NET Core application](https://docs.newrelic.com/docs/agents/net-agent/getting-started/compatibility-requirements-net-agent). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the .NET Core agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
All **New Relic** assets are in scope for our coordinated disclosure program, except where otherwise noted. Submissions for assets that are not in scope for a paid bounty are eligible for HackerOne reputation. Services hosted by third party providers are out of scope and should not be tested against.
Our investor relations portal is hosted externally by Q4 Inc. and should not be targeted for any security testing. Any security issues found should be reported [directly to Q4 Inc.](https://www.q4inc.com/contact/default.aspx)
The [**New Relic** Browser agent](https://docs.newrelic.com/docs/browser/new-relic-browser/getting-started/introduction-new-relic-browser) is [deployed as a JavaScript snippet](https://docs.newrelic.com/docs/browser/new-relic-browser/installation/install-new-relic-browser-agent) by way of a [supported APM agent or web application](https://docs.newrelic.com/docs/browser/new-relic-browser/getting-started/compatibility-requirements-new-relic-browser). It is designed to collect data about the running application and send it back for display within [**New Relic** Browser](https://docs.newrelic.com/docs/browser/new-relic-browser/getting-started/introduction-new-relic-browser). We may provide rewards for security issues found within the Browser agent that could reduce the security of the browser the agent is running within. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
Our discussion forum is a customized [Discourse](https://github.com/discourse/discourse) installation. **Issues unique to our installation** are in scope for bounties. Issues with Discourse itself are not in scope and **should not** be researched on our instance. Instead, you should follow the guidelines in @discourse and either set up your own instance or use their test instance.
This is an active forum. Spam, brute forcing, and social engineering are strictly forbidden. All care should be made to avoid generating new posts or otherwise affecting the experience of other users on the forum.
Note: No XSS payloads should be attempted unless there is reason to believe our instance is uniquely vulnerable due to our modifications. If an issue is discovered, the payload should immediately be deleted and reported to prevent other users from encountering it.
All **New Relic** assets are in scope for our coordinated disclosure program, except where otherwise noted. Submissions for assets that are not in scope for a paid bounty are eligible for HackerOne reputation. Services hosted by third party providers are out of scope and should not be tested against.
All **New Relic** assets in the European region are in scope for our coordinated disclosure program, except where otherwise noted. Submissions for assets that are not in scope for a paid bounty are eligible for HackerOne reputation. Services hosted by third party providers are out of scope and should not be tested against.
[**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile) allows you to monitor and manage the performance of your [iOS](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-ios/get-started/new-relic-ios-compatibility-requirements) and [Android](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-android/get-started/new-relic-android-compatibility-requirements) applications by providing end-to-end details, errors, and throughput from every angle in real time. Data shown in [**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile) is generated by agents integrated with iOS and Android applications.
The [**New Relic** Android app](https://play.google.com/store/apps/details?id=com.newrelic.rpm) lets you access your data wherever you are. Receive alerts, view, query, and share dashboards, and more all from your mobile device.
The [**New Relic** Android agent](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-android/get-started/introduction-new-relic-mobile-android) is [installed via Gradle](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-android/install-configure/install-android-apps-gradle-android-studio) within a [supported Android application](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-android/get-started/new-relic-android-compatibility-requirements). It is designed to collect data about the running application and send it back for display within [**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile). We may provide rewards for security issues found within the Android agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
[**New Relic Browser**](https://docs.newrelic.com/docs/browser/new-relic-browser/getting-started/introduction-new-relic-browser) provides deep visibility and insight into how your users are interacting with your application or website. New Relic Browser measures page load timing, also known as real user monitoring (RUM), but it goes far beyond that to measure:
* Individual session performance
* AJAX requests
* [SPA-architecture route changes](https://docs.newrelic.com/docs/browser/single-page-app-monitoring/get-started/introduction-single-page-app-monitoring)
* JavaScript errors
With this added functionality, New Relic extends real user monitoring to include the entire life cycle of a page or a view.
[**New Relic Synthetics**](https://newrelic.com/synthetics) provides you with a suite of automated, scriptable tools to monitor your websites, critical business transactions, and API endpoints. The web application at [synthetics.newrelic.com](https://synthetics.newrelic.com) displays information from monitors (scripts) running on minions (virtual machines) in our data center or privately within your own infrastructure. We recommend familiarizing yourself with the product by [reading our documentation](https://docs.newrelic.com/docs/synthetics/new-relic-synthetics/getting-started/introduction-new-relic-synthetics).
The [**New Relic** Ruby agent](https://docs.newrelic.com/docs/agents/ruby-agent/getting-started/introduction-new-relic-ruby) is [installed as a Ruby gem](https://docs.newrelic.com/docs/agents/ruby-agent/installation-configuration/ruby-agent-installation) within a [supported Ruby application](https://docs.newrelic.com/docs/agents/ruby-agent/getting-started/ruby-agent-requirements-supported-frameworks). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the Ruby agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
Source code for this agent can be inspected [on GitHub](https://github.com/newrelic/rpm).
The [**New Relic** iOS agent](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-ios/get-started/introduction-new-relic-mobile-ios) is [installed as a framework](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-ios/installation/ios-manual-installation) or [via CocoaPods](https://docs.newrelic.com/docs/mobile-monitoring-installation/cocoapods-installation-and-configuration) within a [supported iOS application](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-ios/get-started/new-relic-ios-compatibility-requirements). It is designed to collect data about the running application and send it back for display within [**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile). We may provide rewards for security issues found within the iOS agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
The [**New Relic** Python agent](https://docs.newrelic.com/docs/agents/python-agent/getting-started/introduction-new-relic-python) can by [installed with Pip](https://docs.newrelic.com/docs/agents/python-agent/installation/standard-python-agent-install) within a [supported Python application](https://docs.newrelic.com/docs/agents/python-agent/getting-started/instrumented-python-packages). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the Python agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
[**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile) allows you to monitor and manage the performance of your [iOS](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-ios/get-started/new-relic-ios-compatibility-requirements) and [Android](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-android/get-started/new-relic-android-compatibility-requirements) applications by providing end-to-end details, errors, and throughput from every angle in real time. Data shown in [**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile) is generated by agents integrated with iOS and Android applications.
[**New Relic Insights**](https://newrelic.com/insights/) is a software analytics resource to gather and visualize data. Data can be sent to **Insights** directly or via other **New Relic** products. The [**New Relic Query Language (NRQL)**](https://docs.newrelic.com/docs/insights/nrql-new-relic-query-language/using-nrql/introduction-nrql), similar to SQL, is a query language for making calls against the **Insights** event database.
We recommend familiarizing yourself with our [**Insights** documentation](https://docs.newrelic.com/docs/insights) and with [**NRQL** queries](https://docs.newrelic.com/docs/insights/nrql-new-relic-query-language/using-nrql/introduction-nrql). Note that while **NRQL** is very similar to SQL, SQL injection should not be possible.
Our documentation site is hosted externally by Acquia. Issues within this application or regarding our content should be reported here. No security testing should be done against the platform itself. Any security issues found within the platform should be reported to the [Acquia security team](https://www.acquia.com/how-report-security-issue).
The [**New Relic** Java agent](https://docs.newrelic.com/docs/agents/java-agent/installation/install-java-agent) can by [installed](https://docs.newrelic.com/docs/agents/java-agent/installation/install-java-agent) within a [supported Java application](https://docs.newrelic.com/docs/agents/java-agent/getting-started/compatibility-requirements-java-agent). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the Java agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
The [**New Relic** PHP agent](https://docs.newrelic.com/docs/agents/php-agent/getting-started/introduction-new-relic-php) can be [installed](https://docs.newrelic.com/docs/agents/php-agent/installation/php-agent-installation-overview) within a [supported PHP application](https://docs.newrelic.com/docs/agents/php-agent/getting-started/php-agent-compatibility-requirements). It is designed to collect data about the running application and send it back for display within [**New Relic** APM](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm). We may provide rewards for security issues found within the PHP agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
[**New Relic Browser**](https://docs.newrelic.com/docs/browser/new-relic-browser/getting-started/introduction-new-relic-browser) provides deep visibility and insight into how your users are interacting with your application or website. New Relic Browser measures page load timing, also known as real user monitoring (RUM), but it goes far beyond that to measure:
* Individual session performance
* AJAX requests
* [SPA-architecture route changes](https://docs.newrelic.com/docs/browser/single-page-app-monitoring/get-started/introduction-single-page-app-monitoring)
* JavaScript errors
With this added functionality, New Relic extends real user monitoring to include the entire life cycle of a page or a view.
All **New Relic** assets in the European region are in scope for our coordinated disclosure program, except where otherwise noted. Submissions for assets that are not in scope for a paid bounty are eligible for HackerOne reputation. Services hosted by third party providers are out of scope and should not be tested against.
The [**New Relic** Unity agent](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-unity/get-started/introduction-new-relic-unity) is [installed](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile-unity/install-configure/unity-plugin-installation-configuration) within a Unity application on iOS or Android. It is designed to collect data about the running application and send it back for display within [**New Relic Mobile**](https://docs.newrelic.com/docs/mobile-monitoring/new-relic-mobile/getting-started/introduction-new-relic-mobile). We may provide rewards for security issues found within the Unity agent that could reduce the security of the application the agent is integrated with. Rewards are based on the default configuration settings, but agents that show problems due to a configuration change may be eligible for a reward.
[**Synthetics**](https://docs.newrelic.com/docs/synthetics/new-relic-synthetics/getting-started/introduction-new-relic-synthetics) minions are sandboxed virtual machines that run monitors (scripts) to gather information about your websites, critical business transactions, and API endpoints. Minions can run in our data center or [privately within your own infrastructure](https://docs.newrelic.com/docs/synthetics/new-relic-synthetics/private-locations/install-configure-private-minions). We recommend familiarizing yourself with the product by [reading our documentation](https://docs.newrelic.com/docs/synthetics/new-relic-synthetics/scripting-monitors).
Note that out-of-date packages running on these minions are not in scope for this program. Minions are intended to be updated from within the VM or with future releases.
Our training portal is hosted externally by Skilljar. Issues within this application or regarding our content should be reported here. No security testing should be done against the platform itself. Any security issues found within the platform should be reported to the [Skilljar security team](https://www.skilljar.com/security/).
New Relic's software analytics product for [application performance monitoring (APM)](https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/introduction-new-relic-apm) delivers real-time and trending data about your web application's performance and the level of satisfaction that your end users experience. With end to end transaction tracing and a variety of color-coded charts and reports, APM visualizes your data, down to the deepest code levels.
Our support ticket system is hosted externally by @zendesk and **must not** be tested against. All care should be taken to prevent accidental creation of new support tickets. Testing against our @zendesk instance and social engineering of our support team is strictly out of scope.
Our status page is hosted externally by Atlassian Statuspage and should not be targeted for any security testing. Any security issues found should be reported to the [StatusPage.io coordinated disclosure program](https://bugcrowd.com/statuspage).
[**New Relic Infrastructure**](https://newrelic.com/infrastructure) provides deep, real-time visibility into a company’s dynamic cloud and hybrid infrastructure and integrates seamlessly with **New Relic**’s application performance solutions. The web application at [infrastructure.newrelic.com](https://infrastructure.newrelic.com) displays information collected on servers running **Infrastructure** agents. We recommend familiarizing yourself with the product by [reading our documentation](https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure).
This domain is related to a service hosted externally by Marketo and should not be targeted for any security testing. Any security issues found should be reported to the [Marketo security team](https://documents.marketo.com/legal/notices/responsible-disclosure-policy.pdf).
This domain is related to a service hosted externally by SalesLoft and should not be targeted for any security testing. Any security issues found should be reported to the [SalesLoft security team](https://salesloft.com/vulnerability-disclosure-program/).
[New Relic One](https://one.newrelic.com) is the industry’s first entity-centric observability platform. This platform allows our customers to view across accounts and products, and will be the home of our future innovations.
The [**New Relic** agents](https://docs.newrelic.com/docs/agents/manage-apm-agents/installation/compatibility-requirements-new-relic-agents) are designed to collect data and send it back for display within the [**New Relic** products](https://docs.newrelic.com/docs/licenses/new-relic-products). Traffic between the agents and **New Relic** backend services may be inspected and reports concerning issues with how the agent connects and transports information are acceptable.
The [**New Relic** iOS app](https://apps.apple.com/ie/app/new-relic/id594038638) lets you access your data wherever you are. Receive alerts, view, query, and share dashboards, and more all from your mobile device.
Our support landing page provides resources for those looking for help with our products. It also integrates with our ticketing system and links to other areas of interest.
Note that our support ticket system at https://newrelic.zendesk.com is strictly out of scope.
Our blog is hosted externally by Pantheon. Issues within this application or regarding our content should be reported here. No security testing should be done against the platform itself. Any security issues found within the platform should be reported [directly to Pantheon](https://bugcrowd.com/pantheon).
Unregistered domains or social media accounts linked from this domain are not in scope for bounty.
[**New Relic Alerts**](https://newrelic.com/alerts) is a flexible and centralized notification system where you can manage alert policies and conditions for metrics collected by **New Relic**. This includes data from applications monitored by **New Relic APM**, servers with the **Infrastructure** agent¹, **Synthetics** monitors², and more. When an alert condition is met, a notification is sent out to the specified [notification channels](https://docs.newrelic.com/docs/alerts/new-relic-alerts/managing-notification-channels/notification-channels-controlling-where-send-alerts). You can learn more in our [documentation](https://docs.newrelic.com/docs/alerts/new-relic-alerts/getting-started/).