Artifacts supported to guide testing

Upload source code, documentation, and other artifacts to guide XBOW penetration testing. For more information, see Guiding XBOW testing.

File size limit

The maximum size is 5 GB per archive. Where possible, optimize the files included so that you can upload a single archive of files.

Supported file types

Upload artifacts as a file archive using one of these formats:

• rar
• tar
• tar.gz - recommended, provides optimal compression
• tgz
• zip

Recommendations

What to include

• Core source code: main business logic, APIs, and user interface
• Configuration files, for example: config.yaml, .env.example, appsettings.json
• Documentation: architecture diagrams, API specifications, or internal design notes
• Dependency manifests: such as package.json, requirements.txt, or pom.xml

What to exclude

• .git/ directories or version history which XBOW does not use
• Media assets like images, videos, or other large binary files
• Internationalization packs (i18n) with large translation sets
• Third-party binaries or library folders (node_modules/, vendor/)
• Build outputs (dist/, bin/, target/)