Guiding XBOW testing
You can upload source code and documentation to give XBOW more context about how your application is built. This helps the platform understand your target’s structure, logic, and configuration, resulting in more efficient testing with more accurate and relevant findings.
This approach is sometimes known as gray-box testing (see Gray-box testing in Wikipedia).
Tip: If you upload source code, XBOW can provide more specific guidance on how to mitigate any vulnerabilities detected in your assessment.
Prepare the content to share
You should prepare the content as a single archive to share with XBOW.
We recommend that you create a focused archive containing only files relevant to testing. Uploading an entire repository is inefficient as most repositories contain content that cannot guide the assessment.
- Recommended format: A single
.tar.gzarchive. This is the same format XBOW uses internally and ensures the fastest and most reliable processing. - File size limit: Maximum file size: 5 GB
What to include
- Core source code: Including main business logic, APIs, and user interface
- Configuration files: Such as
config.yaml,.env.example,appsettings.json - Documentation: Such as architecture diagrams, API specifications, or internal design notes
- Dependency manifests: Such as
package.json,requirements.txt, orpom.xml
What to exclude
Omit files and directories that add size but no testing value:
.git/directories and version history- Media assets (images, videos, or other large binary files)
- Internationalization packs (
i18n) with large translation sets - Third-party libraries (
node_modules/,vendor/) - Build outputs (
dist/,bin/,target/)