diff --git a/.flake8 b/.flake8
index ea7e49a44bd..9a41e5a0be5 100644
--- a/.flake8
+++ b/.flake8
@@ -25,6 +25,8 @@ ignore =
     E128
     # line break after binary operator
     W504
+    # Line break occurred before a binary operator (conflicting with black)
+    W503
     # undefined file name excpetion
     F821
 
diff --git a/docs/content/en/integrations/parsers.md b/docs/content/en/integrations/parsers.md
index e463331b160..a31b1307b87 100644
--- a/docs/content/en/integrations/parsers.md
+++ b/docs/content/en/integrations/parsers.md
@@ -120,6 +120,18 @@ Import Brakeman Scanner findings in JSON format.
 
 Import Bugcrowd results in CSV format.
 
+### Bugcrowd API
+
+Import Bugcrowd submissions directly from the API using the API token.
+Set your API key directly in the format `username:password` in the API Token input, it will be added to the header `'Authorization': 'Token {}'.format(self.api_token),`
+For each product, you can configure 2 things:
+- Service key 1: the bugcrowd program code (it's the slug name in the url for the program, url safe)
+- Service key 2: the bugcrowd target name (the full name, it will be url-encoded, you can find it in https://tracker.bugcrowd.com/<YOURPROGRAM>/settings/scope/target_groups)
+    - It can be left empty so that all program submissions are imported
+
+That way, per product, you can use the same program but separate by target, which is a fairly common way of filtering/grouping Bugcrowd.
+Adding support for a 3rd filtering would be possible with Service Key 3, feel free to make a PR.
+
 ### Bundler-Audit
 
 Import the text output generated with bundle-audit check
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index d64efd7dab7..4133c14d939 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -1183,6 +1183,7 @@ def saml2_attrib_map_format(dict):
     'Solar Appscreener Scan': ['title', 'file_path', 'line', 'severity'],
     'pip-audit Scan': ['vuln_id_from_tool', 'component_name', 'component_version'],
     'Edgescan Scan': ['unique_id_from_tool'],
+    'Bugcrowd API': ['unique_id_from_tool'],
     'Rubocop Scan': ['vuln_id_from_tool', 'file_path', 'line'],
     'JFrog Xray Scan': ['title', 'description', 'component_name', 'component_version'],
     'CycloneDX Scan': ['vuln_id_from_tool', 'component_name', 'component_version'],
@@ -1234,6 +1235,7 @@ def saml2_attrib_map_format(dict):
     'Semgrep JSON Report': True,
     'Generic Findings Import': True,
     'Edgescan Scan': True,
+    'Bugcrowd API': True,
     'Veracode SourceClear Scan': True,
     'Twistlock Image Scan': True
 }
@@ -1340,6 +1342,7 @@ def saml2_attrib_map_format(dict):
     'Gitleaks Scan': DEDUPE_ALGO_HASH_CODE,
     'pip-audit Scan': DEDUPE_ALGO_HASH_CODE,
     'Edgescan Scan': DEDUPE_ALGO_HASH_CODE,
+    'Bugcrowd API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
     'Rubocop Scan': DEDUPE_ALGO_HASH_CODE,
     'JFrog Xray Scan': DEDUPE_ALGO_HASH_CODE,
     'CycloneDX Scan': DEDUPE_ALGO_HASH_CODE,
diff --git a/dojo/templates/dojo/add_product_api_scan_configuration.html b/dojo/templates/dojo/add_product_api_scan_configuration.html
index ec3e6b42ba7..fc020f96ce1 100644
--- a/dojo/templates/dojo/add_product_api_scan_configuration.html
+++ b/dojo/templates/dojo/add_product_api_scan_configuration.html
@@ -18,6 +18,8 @@ <h3> Add {{ product.name }} API Scan Configuration</h3>
         API Scan Configurations are supported for the test types SonarQube API, Cobalt.io API and Edgescan API.
     <ul>
         <li>For <b>SonarQube API</b> the field <b>Service key 1</b> has to be set with the SonarQube project key.</li>   
+        <li>For <b>Bugcrowd API</b> the field <b>Service key 1</b> has to be set with the Bugcrowd program code.
+            <b>Service key 2</b> can be set with the target in the Bugcrowd program (will be url encoded for the api call), if not supplied, will fetch all submissions in the program</li> 
         <li>For <b>Cobalt.io API</b> the field <b>Service key 1</b> has to be set with the Cobalt.io asset id. 
             <b>Service key 2</b> will be populated with the asset name while saving the configuration.</li>   
         <li>For <b>Edgescan API</b> the field <b>Service key 1</b> has to be set with the Edgescan asset id.</li>
diff --git a/dojo/templates/dojo/edit_product_api_scan_configuration.html b/dojo/templates/dojo/edit_product_api_scan_configuration.html
index bef1c954891..e06ee340227 100644
--- a/dojo/templates/dojo/edit_product_api_scan_configuration.html
+++ b/dojo/templates/dojo/edit_product_api_scan_configuration.html
@@ -15,6 +15,8 @@ <h3>Edit API Scan Configuration</h3>
     API Scan Configurations are supported for the test types SonarQube API, Cobalt.io API and Edgescan API.
 <ul>
     <li>For <b>SonarQube API</b> the field <b>Service key 1</b> has to be set with the SonarQube project key.</li>   
+    <li>For <b>Bugcrowd API</b> the field <b>Service key 1</b> has to be set with the Bugcrowd program code.
+        <b>Service key 2</b> can be set with the target in the Bugcrowd program (will be url encoded for the api call), if not supplied, will fetch all submissions in the program</li> 
     <li>For <b>Cobalt.io API</b> the field <b>Service key 1</b> has to be set with the Cobalt.io asset id. 
         <b>Service key 2</b> will be populated with the asset name while saving the configuration.</li>   
     <li>For <b>Edgescan API</b> the field <b>Service key 1</b> has to be set with the Edgescan asset id.</li>
diff --git a/dojo/tool_config/factory.py b/dojo/tool_config/factory.py
index b575e317e8d..b38edaa8bbd 100755
--- a/dojo/tool_config/factory.py
+++ b/dojo/tool_config/factory.py
@@ -1,10 +1,13 @@
 from dojo.tools.sonarqube_api.api_client import SonarQubeAPI
 from dojo.tools.cobalt_api.api_client import CobaltAPI
 from dojo.tools.edgescan.api_client import EdgescanAPI
+from dojo.tools.bugcrowd_api.api_client import BugcrowdAPI
 
 SCAN_APIS = {'SonarQube': SonarQubeAPI,
              'Cobalt.io': CobaltAPI,
-             'Edgescan API': EdgescanAPI}
+             'Edgescan API': EdgescanAPI,
+             'Bugcrowd API': BugcrowdAPI
+             }
 
 
 def create_API(tool_configuration):
diff --git a/dojo/tools/bugcrowd_api/__init__.py b/dojo/tools/bugcrowd_api/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/dojo/tools/bugcrowd_api/api_client.py b/dojo/tools/bugcrowd_api/api_client.py
new file mode 100644
index 00000000000..b54e034d4fd
--- /dev/null
+++ b/dojo/tools/bugcrowd_api/api_client.py
@@ -0,0 +1,137 @@
+import requests
+from urllib.parse import urlencode
+from dojo.models import Tool_Type
+
+
+class BugcrowdAPI:
+    """
+    A simple client for the bugcrowd.io API
+    """
+
+    bugcrowd_api_url = "https://api.bugcrowd.com"
+    default_headers = {
+        "Accept": "application/vnd.bugcrowd+json",
+        "User-Agent": "DefectDojo",
+        "Bugcrowd-Version": "2021-10-28",
+    }
+
+    def __init__(self, tool_config):
+        Tool_Type.objects.get_or_create(name="Bugcrowd API")
+
+        self.session = requests.Session()
+        if tool_config.authentication_type == "API":
+            self.api_token = tool_config.api_key
+            self.session.headers.update(
+                {"Authorization": "Token {}".format(self.api_token)}
+            )
+            self.session.headers.update(self.default_headers)
+        else:
+            raise Exception(
+                "bugcrowd Authentication type {} not supported".format(
+                    tool_config.authentication_type
+                )
+            )
+
+    def get_findings(self, program, target):
+        """
+        Returns the findings in a paginated iterator for a given bugcrowd program and target, if target is *, everything is returned
+        :param program:
+        :param target:
+        :return:
+        """
+        params_default = {
+            "filter[duplicate]": "false",
+            "filter[program]": program,
+            "page[limit]": 100,
+            "page[offset]": 0,
+            "include": "monetary_rewards,target",
+            "sort": "submitted-desc",
+        }
+
+        if target:
+            params = params_default
+            params["filter[target]"] = target
+            params_encoded = urlencode(params)
+        else:
+            params_encoded = urlencode(params_default)
+
+        next = "{}/submissions?{}".format(self.bugcrowd_api_url, params_encoded)
+        while next != "":
+            response = self.session.get(url=next)
+            response.raise_for_status()
+            if response.ok:
+                data = response.json()
+                if len(data["data"]) != 0:
+                    yield data["data"]
+
+                # When we hit the end of the submissions, break out
+                if len(data["data"]) == 0:
+                    next = ""
+                    break
+
+                # Otherwise, keep updating next link
+                next = "{}{}".format(self.bugcrowd_api_url, data["links"]["next"])
+            else:
+                next = "over"
+
+    def test_connection(self):
+        # Request programs
+        response_programs = self.session.get(
+            url="{}/programs".format(self.bugcrowd_api_url)
+        )
+        response_programs.raise_for_status()
+
+        # Request submissions to validate the org token
+        response_subs = self.session.get(
+            url="{}/submissions".format(self.bugcrowd_api_url)
+        )
+        response_subs.raise_for_status()
+        if response_programs.ok and response_subs.ok:
+            data = response_programs.json().get("data")
+            data_subs = response_subs.json().get("meta")
+            total_subs = str(data_subs["total_hits"])
+
+            progs = list(filter(lambda prog: prog["type"] == "program", data))
+            program_names = ", ".join(
+                list(map(lambda p: p["attributes"]["code"], progs))
+            )
+            # Request targets to validate the org token
+            response_targets = self.session.get(
+                url="{}/targets".format(self.bugcrowd_api_url)
+            )
+            response_targets.raise_for_status()
+            if response_targets.ok:
+                data_targets = response_targets.json().get("data")
+                targets = list(
+                    filter(lambda prog: prog["type"] == "target", data_targets)
+                )
+                target_names = ", ".join(
+                    list(map(lambda p: p["attributes"]["name"], targets))
+                )
+                return f'With {total_subs} submissions, you have access to the "{ program_names }" programs, \
+                    you can use these as Service key 1 for filtering submissions \
+                        You also have targets "{ target_names }" that can be used in Service key 2'
+            else:
+                raise Exception(
+                    "Bugcrowd API test not successful, no targets were defined in Bugcrowd which is used for filtering, check your configuration, HTTP response was: {}".format(
+                        response_targets.text
+                    )
+                )
+        else:
+            raise Exception(
+                "Bugcrowd API test not successful, could not retrieve the programs or submissions, check your configuration, HTTP response for programs was: {}, HTTP response for submissions was: {}".format(
+                    response_programs.text, response_subs.text
+                )
+            )
+
+    def test_product_connection(self, api_scan_configuration):
+        submissions = []
+        submission_gen = self.get_findings(
+            api_scan_configuration.service_key_1, api_scan_configuration.service_key_2
+        )
+        for page in submission_gen:
+            submissions = submissions + page
+        submission_number = len(submissions)
+        return f'You have access to "{submission_number}" submissions (no duplicates)\
+            in Bugcrowd in the Program code "{api_scan_configuration.service_key_1}" \
+            and Target "{api_scan_configuration.service_key_2}" (leave service key 2 empty to get all submissions in program)'
diff --git a/dojo/tools/bugcrowd_api/importer.py b/dojo/tools/bugcrowd_api/importer.py
new file mode 100644
index 00000000000..c1cb76c65c5
--- /dev/null
+++ b/dojo/tools/bugcrowd_api/importer.py
@@ -0,0 +1,63 @@
+import logging
+from django.core.exceptions import ValidationError
+from dojo.models import Product_API_Scan_Configuration
+from dojo.tools.bugcrowd_api.api_client import BugcrowdAPI
+
+logger = logging.getLogger(__name__)
+
+
+class BugcrowdApiImporter(object):
+    """
+    Import from Bugcrowd API
+    """
+
+    def get_findings(self, test):
+        client, config = self.prepare_client(test)
+        logger.debug(
+            "Fetching submissions program {} and target {}".format(
+                str(config.service_key_1), str(config.service_key_2)
+            )
+        )
+
+        submissions_paged = client.get_findings(
+            config.service_key_1,
+            config.service_key_2,
+        )
+
+        submissions = []
+        counter = 0
+        for page in submissions_paged:
+            submissions += page
+            counter += 1
+        logger.debug("{} Bugcrowd submissions pages fetched".format(counter))
+
+        return submissions
+
+    def prepare_client(self, test):
+        product = test.engagement.product
+        if test.api_scan_configuration:
+            config = test.api_scan_configuration
+            # Double check of config
+            if config.product != product:
+                raise ValidationError(
+                    "API Scan Configuration for Bugcrowd API and Product do not match."
+                )
+        else:
+            configs = Product_API_Scan_Configuration.objects.filter(
+                product=product, tool_configuration__tool_type__name="Bugcrowd API"
+            )
+            if configs.count() == 1:
+                config = configs.first()
+            elif configs.count() > 1:
+                raise ValidationError(
+                    "More than one Product API Scan Configuration has been configured, but none of them has been chosen.\
+                        Please specify at Test which one should be used."
+                )
+            else:
+                raise ValidationError(
+                    "There are no API Scan Configurations for this Product. \
+                        Please add at least one API Scan Configuration for bugcrowd to this Product."
+                )
+
+        tool_config = config.tool_configuration
+        return BugcrowdAPI(tool_config), config
diff --git a/dojo/tools/bugcrowd_api/parser.py b/dojo/tools/bugcrowd_api/parser.py
new file mode 100644
index 00000000000..ad94e654d83
--- /dev/null
+++ b/dojo/tools/bugcrowd_api/parser.py
@@ -0,0 +1,231 @@
+import json
+import textwrap
+from datetime import datetime
+from dojo.models import Endpoint, Finding
+from dojo.tools.bugcrowd_api.importer import BugcrowdApiImporter
+import re
+import dateutil.parser
+import logging
+from django.core.exceptions import ValidationError
+
+
+SCAN_BUGCROWD_API = "Bugcrowd API Import"
+
+pattern_title_authorized = re.compile(r"^[a-zA-Z0-9_\s+-.]*$")
+
+logger = logging.getLogger(__name__)
+
+
+class BugcrowdApiParser(object):
+    """
+    Import from Bugcrowd API /submissions
+    """
+
+    def get_scan_types(self):
+        return [SCAN_BUGCROWD_API]
+
+    def get_label_for_scan_types(self, scan_type):
+        return SCAN_BUGCROWD_API
+
+    def get_description_for_scan_types(self, scan_type):
+        return "Bugcrowd submissions can be directly imported using the Bugcrowd API. An API Scan Configuration has to be setup in the Product."
+
+    def requires_file(self, scan_type):
+        return False
+
+    def requires_tool_type(self, scan_type):
+        return "Bugcrowd API"
+
+    def get_findings(self, file, test):
+        if file is None:
+            data = BugcrowdApiImporter().get_findings(test)
+        else:
+            data = json.load(file)
+        findings = []
+
+        for entry in data:
+            if test.api_scan_configuration:
+                config = test.api_scan_configuration
+                links = "https://tracker.bugcrowd.com/{}{}".format(
+                    str(config.service_key_1), entry["links"]["self"]
+                )
+            else:
+                if "links" in entry:
+                    if "self" in entry["links"]:
+                        links = entry["links"]["self"]
+
+            if not self.include_finding(entry):
+                continue
+
+            bugcrowd_state = entry["attributes"]["state"]
+            bugcrowd_duplicate = entry["attributes"]["duplicate"]
+            bugcrowd_severity = entry["attributes"]["severity"]
+
+            title = entry["attributes"]["title"]
+
+            if not pattern_title_authorized.match(title):
+                char_to_replace = {":": " ", '"': " ", "@": "at"}
+                for key, value in char_to_replace.items():
+                    title = title.replace(key, value)
+
+            date = dateutil.parser.parse(entry["attributes"]["submitted_at"])
+
+            bug_url = ""
+            bug_endpoint = None
+            if entry["attributes"]["bug_url"]:
+                try:
+                    if "://" in entry["attributes"]["bug_url"]:  # is the host full uri?
+                        bug_endpoint = Endpoint.from_uri(
+                            entry["attributes"]["bug_url"].strip()
+                        )
+                        # can raise exception if the host is not valid URL
+                    else:
+                        bug_endpoint = Endpoint.from_uri(
+                            "//" + entry["attributes"]["bug_url"].strip()
+                        )
+                        # can raise exception if there is no way to parse the host
+                except ValidationError:  # We don't want to fail the whole import just for 1 error in the bug_url
+                    logger.error(
+                        "Error parsing bugrcrowd bug_url : {}".format(
+                            entry["attributes"]["bug_url"].strip()
+                        )
+                    )
+                bug_url = entry["attributes"]["bug_url"]
+
+            description = "\n".join(
+                [
+                    entry["attributes"]["description"],
+                    "",
+                    "Bugcrowd details:",
+                    f"- Severity: P{ bugcrowd_severity }",
+                    f"- Bug Url: { bug_url }",
+                    "",
+                    f"Bugcrowd link: {links}",
+                ]
+            )
+            mitigation = entry["attributes"]["remediation_advice"]
+            steps_to_reproduce = entry["attributes"]["description"]
+            unique_id_from_tool = entry["id"]
+
+            finding = Finding(
+                test=test,
+                title=textwrap.shorten(title, width=511, placeholder="..."),
+                date=date,
+                severity=self.convert_severity(bugcrowd_severity),
+                description=description,
+                mitigation=mitigation,
+                steps_to_reproduce=steps_to_reproduce,
+                active=self.is_active(bugcrowd_state),
+                verified=self.is_verified(bugcrowd_state),
+                false_p=self.is_false_p(bugcrowd_state),
+                duplicate=bugcrowd_duplicate,
+                out_of_scope=self.is_out_of_scope(bugcrowd_state),
+                risk_accepted=self.is_risk_accepted(bugcrowd_state),
+                is_mitigated=self.is_mitigated(bugcrowd_state),
+                static_finding=False,
+                dynamic_finding=True,
+                unique_id_from_tool=unique_id_from_tool,
+            )
+            if bug_endpoint:
+                try:
+                    bug_endpoint.clean()
+                    try:
+                        finding.unsaved_endpoints = [bug_endpoint]
+                    except Exception as e:
+                        logger.error(
+                            "{} bug url from bugcrowd failed to parse to endpoint, error= {}".format(
+                                str(bug_endpoint), e
+                            )
+                        )
+                except ValidationError:
+                    logger.error(
+                        "Broken Bugcrowd endpoint {} was skipped.".format(
+                            bug_endpoint.host
+                        )
+                    )
+
+            findings.append(finding)
+
+        return findings
+
+    def get_created_date(self, date):
+        """Get the date of when a finding was created"""
+        return self.convert_log_timestamp(date)
+
+    def get_latest_update_date(self, log):
+        """Get the date of the last time a finding was updated"""
+        last_index = len(log) - 1
+        entry = log[last_index]
+        return self.convert_log_timestamp(entry["timestamp"])
+
+    def include_finding(self, entry):
+        """Determine whether this finding should be imported to DefectDojo"""
+        # Valid states from the Bugcrowd API
+        # "new" "out-of-scope" "not-applicable" "not-reproducible" "triaged" "unresolved" "resolved" "informational"
+
+        allowed_states = [
+            "new",  # Finding from a previous pentest
+            "out_of_scope",  # Fix for finding is being verified
+            "not_applicable",  # Finding is a duplicate within the pentest
+            "not_reproducible",  # Finding is found to be a false positive
+            "triaged",  # Finding is verified and valid
+            "unresolved",  # The finding is not yet verified by the pentest team
+            "resolved",  # Finding is out of the scope of the pentest
+            "informational",  # The finding is not yet verified by the pentest team
+        ]
+
+        if entry["attributes"]["state"] in allowed_states:
+            return True
+        else:
+            raise ValueError(
+                "{} not in allowed bugcrowd submission states".format(
+                    entry["attributes"]["state"]
+                )
+            )
+
+    def convert_log_timestamp(self, timestamp):
+        """Convert a log entry's timestamp to a DefectDojo date"""
+        date_obj = datetime.strptime(timestamp, "%Y-%m-%dT%H:%M:%S.%fZ")
+        return date_obj.strftime("%Y-%m-%d")
+
+    def convert_severity(self, bugcrowd_severity):
+        """Convert severity value"""
+        if bugcrowd_severity == 5:
+            return "Info"
+        elif bugcrowd_severity == 4:
+            return "Low"
+        elif bugcrowd_severity == 3:
+            return "Medium"
+        elif bugcrowd_severity == 2:
+            return "High"
+        elif bugcrowd_severity == 1:
+            return "Critical"
+        else:
+            return "Info"
+
+    def is_active(self, bugcrowd_state):
+        return (bugcrowd_state == "unresolved") or (
+            not self.is_mitigated(bugcrowd_state)
+            and not self.is_false_p(bugcrowd_state)
+            and not self.is_out_of_scope(bugcrowd_state)
+        )
+
+    def is_duplicate(self, bugcrowd_state):
+        return bugcrowd_state == "duplicate"
+
+    def is_false_p(self, bugcrowd_state):
+        return bugcrowd_state == "not-reproducible"
+
+    def is_mitigated(self, bugcrowd_state):
+        return bugcrowd_state == "resolved"
+
+    def is_out_of_scope(self, bugcrowd_state):
+        return bugcrowd_state == "out_of_scope"
+
+    def is_risk_accepted(self, bugcrowd_state):
+        return bugcrowd_state == "not_applicable"
+
+    def is_verified(self, bugcrowd_state):
+        return bugcrowd_state == "triaged" or (
+            bugcrowd_state != "new" and bugcrowd_state != "triaging"
+        )
diff --git a/unittests/scans/bugcrowd_api/bugcrowd_empty.json b/unittests/scans/bugcrowd_api/bugcrowd_empty.json
new file mode 100644
index 00000000000..0637a088a01
--- /dev/null
+++ b/unittests/scans/bugcrowd_api/bugcrowd_empty.json
@@ -0,0 +1 @@
+[]
\ No newline at end of file
diff --git a/unittests/scans/bugcrowd_api/bugcrowd_many.json b/unittests/scans/bugcrowd_api/bugcrowd_many.json
new file mode 100644
index 00000000000..355d15750af
--- /dev/null
+++ b/unittests/scans/bugcrowd_api/bugcrowd_many.json
@@ -0,0 +1,577 @@
+[
+    {
+        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+        "type": "submission",
+        "attributes": {
+            "bug_url": "https://example.com/1",
+            "custom_fields": {},
+            "description": "Oh no you did an alg none on JWT !",
+            "duplicate": false,
+            "extra_info": null,
+            "http_request": null,
+            "last_transitioned_to_informational_at": "2000-01-01T21:59:56.546Z",
+            "last_transitioned_to_not_applicable_at": null,
+            "last_transitioned_to_not_reproducible_at": null,
+            "last_transitioned_to_out_of_scope_at": null,
+            "last_transitioned_to_resolved_at": null,
+            "last_transitioned_to_triaged_at": null,
+            "last_transitioned_to_unresolved_at": null,
+            "remediation_advice": "Do things properly1",
+            "severity": 5,
+            "source": "external_form",
+            "state": "resolved",
+            "submitted_at": "2000-01-01T06:36:55.721Z",
+            "title": "Big bad problem",
+            "vrt_id": "server_security_misconfiguration.clickjacking.non_sensitive_action",
+            "vrt_version": "1.10.1",
+            "vulnerability_references": "* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com"
+        },
+        "relationships": {
+            "activities": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 5,
+                            "total_hits": 5
+                        }
+                    }
+                }
+            },
+            "assignee": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "claim_ticket": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "claim_ticket"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "comments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "comment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "duplicate_of": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "duplicates": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "external_issues": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "file_attachments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "file_attachment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "monetary_rewards": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "program": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "program"
+                },
+                "links": {
+                    "related": {
+                        "href": "/programs/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+                    }
+                }
+            },
+            "researcher": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "identity"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "target": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            }
+        },
+        "links": {
+            "self": "/submissions/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+        }
+    },
+    {
+        "id": "b2f1066a-6188-4479-bab8-39cc5434f06f",
+        "type": "submission",
+        "attributes": {
+            "bug_url": "https://example.com/2",
+            "custom_fields": {},
+            "description": "you did something wrong",
+            "duplicate": false,
+            "extra_info": null,
+            "http_request": null,
+            "last_transitioned_to_informational_at": "2000-01-01T20:29:38.096Z",
+            "last_transitioned_to_not_applicable_at": null,
+            "last_transitioned_to_not_reproducible_at": null,
+            "last_transitioned_to_out_of_scope_at": null,
+            "last_transitioned_to_resolved_at": null,
+            "last_transitioned_to_triaged_at": null,
+            "last_transitioned_to_unresolved_at": null,
+            "remediation_advice": "Do things properly2",
+            "severity": 1,
+            "source": "external_form",
+            "state": "informational",
+            "submitted_at": "2000-01-02T19:22:10.916Z",
+            "title": "you did something wrong",
+            "vrt_id": "server_security_misconfiguration.clickjacking.non_sensitive_action",
+            "vrt_version": "1.10.1",
+            "vulnerability_references": "* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com"
+        },
+        "relationships": {
+            "activities": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 5,
+                            "total_hits": 5
+                        }
+                    }
+                }
+            },
+            "assignee": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "claim_ticket": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "claim_ticket"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "comments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "comment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "duplicate_of": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "duplicates": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "external_issues": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "file_attachments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "file_attachment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "monetary_rewards": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "program": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "program"
+                },
+                "links": {
+                    "related": {
+                        "href": "/programs/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+                    }
+                }
+            },
+            "researcher": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "identity"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "target": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            }
+        },
+        "links": {
+            "self": "/submissions/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+        }
+    },
+    {
+        "id": "335a7ba5-57ba-485a-b40e-2f9aa4e19786",
+        "type": "submission",
+        "attributes": {
+            "bug_url": "https://example.com/3",
+            "custom_fields": {},
+            "description": "you did something wrong",
+            "duplicate": false,
+            "extra_info": null,
+            "http_request": null,
+            "last_transitioned_to_informational_at": null,
+            "last_transitioned_to_not_applicable_at": "2000-01-01T05:30:53.463Z",
+            "last_transitioned_to_not_reproducible_at": null,
+            "last_transitioned_to_out_of_scope_at": null,
+            "last_transitioned_to_resolved_at": null,
+            "last_transitioned_to_triaged_at": null,
+            "last_transitioned_to_unresolved_at": null,
+            "remediation_advice": "Do things properly3",
+            "severity": 3,
+            "source": "external_form",
+            "state": "not_applicable",
+            "submitted_at": "2000-01-03T15:08:57.337Z",
+            "title": "you did something wrong (returned)",
+            "vrt_id": "server_security_misconfiguration.clickjacking.non_sensitive_action",
+            "vrt_version": "1.10.1",
+            "vulnerability_references": "* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com\n* [https://example.com](https://example.com"
+        },
+        "relationships": {
+            "activities": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "activity"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 4,
+                            "total_hits": 4
+                        }
+                    }
+                }
+            },
+            "assignee": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "claim_ticket": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "claim_ticket"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "comments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "comment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "duplicate_of": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "duplicates": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "external_issues": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "file_attachments": {
+                "data": [
+                    {
+                        "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                        "type": "file_attachment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "monetary_rewards": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "program": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "program"
+                },
+                "links": {
+                    "related": {
+                        "href": "/programs/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+                    }
+                }
+            },
+            "researcher": {
+                "data": {
+                    "id": "3b0e6b2a-c21e-493e-bd19-de40f525016e",
+                    "type": "identity"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "target": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            }
+        },
+        "links": {
+            "self": "/submissions/3b0e6b2a-c21e-493e-bd19-de40f525016e"
+        }
+    }
+]
\ No newline at end of file
diff --git a/unittests/scans/bugcrowd_api/bugcrowd_one.json b/unittests/scans/bugcrowd_api/bugcrowd_one.json
new file mode 100644
index 00000000000..bd114445480
--- /dev/null
+++ b/unittests/scans/bugcrowd_api/bugcrowd_one.json
@@ -0,0 +1,195 @@
+[
+    {
+        "id": "a4201d47-62e1-4287-9ff6-30807ae9d36a",
+        "type": "submission",
+        "attributes": {
+            "bug_url": "https://example.com/",
+            "custom_fields": {},
+            "description": "Vulnerability Name: JWT alg none",
+            "duplicate": false,
+            "extra_info": null,
+            "http_request": null,
+            "last_transitioned_to_informational_at": "2002-04-01T21:59:56.546Z",
+            "last_transitioned_to_not_applicable_at": null,
+            "last_transitioned_to_not_reproducible_at": null,
+            "last_transitioned_to_out_of_scope_at": null,
+            "last_transitioned_to_resolved_at": null,
+            "last_transitioned_to_triaged_at": null,
+            "last_transitioned_to_unresolved_at": null,
+            "remediation_advice": "Properly do JWT",
+            "severity": 5,
+            "source": "external_form",
+            "state": "informational",
+            "submitted_at": "2002-04-01T21:59:56.546Z",
+            "title": "JWT Alg none",
+            "vrt_id": "broken_authentication_and_session_management.authentication_bypass",
+            "vrt_version": "1.10.1",
+            "vulnerability_references": ""
+        },
+        "relationships": {
+            "activities": {
+                "data": [
+                    {
+                        "id": "9b31ab18-0090-462c-a69d-75840e3aec7a",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "1c332e75-b5bf-4eed-aa13-d1836a8be292",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "5b9d763b-91e9-4f63-93ef-91ed891ae5d5",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "91a81042-f43c-464f-a7a0-cff78ee28783",
+                        "type": "activity"
+                    },
+                    {
+                        "id": "5aa428b9-62f9-403b-a28c-e2cb5b01146d",
+                        "type": "activity"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 5,
+                            "total_hits": 5
+                        }
+                    }
+                }
+            },
+            "assignee": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "claim_ticket": {
+                "data": {
+                    "id": "d7ebbb6b-521b-4325-80af-e87161d1c1bc",
+                    "type": "claim_ticket"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "comments": {
+                "data": [
+                    {
+                        "id": "f13040a4-2b21-4921-8f81-61b093da0542",
+                        "type": "comment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "duplicate_of": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            },
+            "duplicates": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "external_issues": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "file_attachments": {
+                "data": [
+                    {
+                        "id": "e5a0fd57-0cbb-4f0b-a44e-3401a859b8ba",
+                        "type": "file_attachment"
+                    }
+                ],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 1,
+                            "total_hits": 1
+                        }
+                    }
+                }
+            },
+            "monetary_rewards": {
+                "data": [],
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)",
+                        "meta": {
+                            "count": 0,
+                            "total_hits": 0
+                        }
+                    }
+                }
+            },
+            "program": {
+                "data": {
+                    "id": "fd3d5a81-a84e-49fa-8487-796b96a7fce9",
+                    "type": "program"
+                },
+                "links": {
+                    "related": {
+                        "href": "/programs/fd3d5a81-a84e-49fa-8487-796b96a7fce9"
+                    }
+                }
+            },
+            "researcher": {
+                "data": {
+                    "id": "3660d761-7a3e-4351-a7d4-e2e21c3fda26",
+                    "type": "identity"
+                },
+                "links": {
+                    "related": {
+                        "href": "(NOT IMPLEMENTED YET)"
+                    }
+                }
+            },
+            "target": {
+                "data": null,
+                "links": {
+                    "related": {
+                        "href": null
+                    }
+                }
+            }
+        },
+        "links": {
+            "self": "/submissions/a4201d47-62e1-4287-9ff6-30807ae9d36a"
+        }
+    }
+]
\ No newline at end of file
diff --git a/unittests/tools/test_bugcrowd_api_importer.py b/unittests/tools/test_bugcrowd_api_importer.py
new file mode 100644
index 00000000000..b66a9814e0a
--- /dev/null
+++ b/unittests/tools/test_bugcrowd_api_importer.py
@@ -0,0 +1,133 @@
+from django.test import TestCase
+from unittest.mock import patch
+
+from dojo.models import (
+    Test,
+    Engagement,
+    Product,
+    Product_API_Scan_Configuration,
+    Tool_Type,
+    Tool_Configuration,
+)
+from dojo.tools.bugcrowd_api.importer import BugcrowdApiImporter
+
+
+class TestBugcrowdApiImporter(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+
+        cls.tool_type = Tool_Type()
+        cls.tool_configuration = Tool_Configuration()
+        cls.tool_configuration.tool_type = cls.tool_type
+        cls.tool_configuration.authentication_type = "API"
+        cls.tool_configuration.api_key = "API_KEY"
+        cls.tool_configuration.extras = '{"extras": "EXTRAS"}'
+
+        cls.product = Product()
+        cls.product.name = "Product"
+        cls.engagement = Engagement()
+        cls.engagement.product = cls.product
+        cls.test = Test()
+        cls.test.engagement = cls.engagement
+
+        # This API Scan configuration is not connected to a test
+        cls.api_scan_configuration = Product_API_Scan_Configuration()
+        cls.api_scan_configuration.product = cls.product
+        cls.api_scan_configuration.tool_configuration = cls.tool_configuration
+
+        cls.product_2 = Product()
+        cls.product_2.name = "Product_2"
+        cls.engagement_2 = Engagement()
+        cls.engagement_2.product = cls.product_2
+        cls.test_2 = Test()
+        cls.test_2.engagement = cls.engagement_2
+
+        # This API Scan Configuration is connected with test_2
+        cls.api_scan_configuration_2 = Product_API_Scan_Configuration()
+        cls.test_2.api_scan_configuration = cls.api_scan_configuration_2
+        cls.api_scan_configuration_2.product = cls.product_2
+        cls.api_scan_configuration_2.tool_configuration = cls.tool_configuration
+        cls.api_scan_configuration_2.service_key_1 = "SERVICE_KEY_1"
+        cls.api_scan_configuration_2.service_key_2 = "SERVICE_KEY_2"
+
+        cls.findings = ["a", "b"]
+
+    def test_prepare_client_do_not_match(self):
+        product_3 = Product()
+        engagement_3 = Engagement()
+        engagement_3.product = product_3
+        test_3 = Test()
+        test_3.engagement = engagement_3
+        api_scan_configuration_3 = Product_API_Scan_Configuration()
+        api_scan_configuration_3.product = self.product
+        test_3.api_scan_configuration = api_scan_configuration_3
+
+        with self.assertRaisesRegex(
+            Exception,
+            "API Scan Configuration for Bugcrowd API and Product do not match.",
+        ):
+            bugrcrowd_api_importer = BugcrowdApiImporter()
+            bugrcrowd_api_importer.prepare_client(test_3)
+
+    @patch("dojo.models.Product_API_Scan_Configuration.objects")
+    def test_prepare_client_more_than_one_configuration(self, mock_foo):
+        mock_foo.filter.return_value = mock_foo
+        mock_foo.count.return_value = 2
+
+        with self.assertRaisesRegex(
+            Exception,
+            "More than one Product API Scan Configuration has been configured, but none of them has been chosen.",
+        ):
+            bugrcrowd_api_importer = BugcrowdApiImporter()
+            bugrcrowd_api_importer.prepare_client(self.test)
+
+            mock_foo.filter.assert_called_with(product=self.product)
+
+    @patch("dojo.models.Product_API_Scan_Configuration.objects")
+    def test_prepare_client_no_configuration(self, mock_foo):
+        mock_foo.filter.return_value = mock_foo
+        mock_foo.count.return_value = 0
+
+        with self.assertRaisesRegex(
+            Exception, "There are no API Scan Configurations for this Product."
+        ):
+            bugrcrowd_api_importer = BugcrowdApiImporter()
+            bugrcrowd_api_importer.prepare_client(self.test)
+
+            mock_foo.filter.assert_called_with(product=self.product)
+
+    @patch("dojo.models.Product_API_Scan_Configuration.objects")
+    def test_prepare_client_one_product_configuration(self, mock_foo):
+        mock_foo.filter.return_value = mock_foo
+        mock_foo.count.return_value = 1
+        mock_foo.first.return_value = self.api_scan_configuration
+
+        bugrcrowd_api_importer = BugcrowdApiImporter()
+        bugcrowd_api, api_scan_configuration = bugrcrowd_api_importer.prepare_client(
+            self.test
+        )
+
+        mock_foo.filter.assert_called_with(
+            product=self.product, tool_configuration__tool_type__name="Bugcrowd API"
+        )
+        self.assertEqual(api_scan_configuration, self.api_scan_configuration)
+        self.assertEqual(bugcrowd_api.api_token, "API_KEY")
+
+    def test_prepare_client_one_test_configuration(self):
+        bugrcrowd_api_importer = BugcrowdApiImporter()
+        bugcrowd_api, api_scan_configuration = bugrcrowd_api_importer.prepare_client(
+            self.test_2
+        )
+
+        self.assertEqual(api_scan_configuration, self.api_scan_configuration_2)
+        self.assertEqual(bugcrowd_api.api_token, "API_KEY")
+
+    @patch("dojo.tools.bugcrowd_api.importer.BugcrowdAPI.get_findings")
+    def test_get_findings(self, mock_foo):
+        mock_foo.return_value = self.findings
+
+        bugrcrowd_api_importer = BugcrowdApiImporter()
+        my_findings = bugrcrowd_api_importer.get_findings(self.test_2)
+
+        mock_foo.assert_called_with("SERVICE_KEY_1", "SERVICE_KEY_2")
+        self.assertListEqual(my_findings, self.findings)
diff --git a/unittests/tools/test_bugcrowd_api_parser.py b/unittests/tools/test_bugcrowd_api_parser.py
new file mode 100644
index 00000000000..b18e6fffbae
--- /dev/null
+++ b/unittests/tools/test_bugcrowd_api_parser.py
@@ -0,0 +1,107 @@
+import datetime
+
+from django.test import TestCase
+from dojo.tools.bugcrowd_api.parser import BugcrowdApiParser
+from dojo.models import Test
+
+
+class TestBugcrowdApiParser(TestCase):
+    def test_parse_file_with_no_vuln_has_no_findings(self):
+        with open("unittests/scans/bugcrowd_api/bugcrowd_empty.json") as testfile:
+            parser = BugcrowdApiParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(0, len(findings))
+
+    def test_parse_file_with_one_vuln_has_one_findings(self):
+        with open("unittests/scans/bugcrowd_api/bugcrowd_one.json") as testfile:
+
+            #             description = """
+            # Vulnerability Name: JWT alg none
+
+            # Bugcrowd details:
+            # - Severity: P5
+            # - Bug Url: https://example.com/
+
+            # Bugcrowd link: /submissions/a4201d47-62e1-4287-9ff6-30807ae9d36a"""
+            parser = BugcrowdApiParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(1, len(findings))
+            finding = findings[0]
+            self.assertEqual(finding.title, "JWT Alg none")
+            self.assertEqual(
+                datetime.datetime.date(finding.date), datetime.date(2002, 4, 1)
+            )
+            self.assertEqual(str(finding.unsaved_endpoints[0]), "https://example.com")
+            self.assertEqual(finding.severity, "Info")
+            # self.assertEqual(finding.description, description)
+            self.assertEqual(finding.mitigation, "Properly do JWT")
+            self.assertEqual(finding.active, True)
+            self.assertEqual(
+                finding.unique_id_from_tool, "a4201d47-62e1-4287-9ff6-30807ae9d36a"
+            )
+            for endpoint in finding.unsaved_endpoints:
+                endpoint.clean()
+
+    def test_parse_file_with_multiple_vuln_has_multiple_finding(self):
+        with open("unittests/scans/bugcrowd_api/bugcrowd_many.json") as testfile:
+            parser = BugcrowdApiParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(3, len(findings))
+            finding_1 = findings[0]
+            finding_2 = findings[1]
+            finding_3 = findings[2]
+
+            self.assertEqual(finding_1.title, "Big bad problem")
+            self.assertEqual(finding_2.title, "you did something wrong")
+            self.assertEqual(finding_3.title, "you did something wrong (returned)")
+
+            self.assertEqual(
+                datetime.datetime.date(finding_1.date), datetime.date(2000, 1, 1)
+            )
+            self.assertEqual(
+                datetime.datetime.date(finding_2.date), datetime.date(2000, 1, 2)
+            )
+            self.assertEqual(
+                datetime.datetime.date(finding_3.date), datetime.date(2000, 1, 3)
+            )
+
+            self.assertEqual(
+                str(finding_1.unsaved_endpoints[0]), "https://example.com/1"
+            )
+            self.assertEqual(
+                str(finding_2.unsaved_endpoints[0]), "https://example.com/2"
+            )
+            self.assertEqual(
+                str(finding_3.unsaved_endpoints[0]), "https://example.com/3"
+            )
+            for endpoint in finding_1.unsaved_endpoints:
+                endpoint.clean()
+            for endpoint in finding_2.unsaved_endpoints:
+                endpoint.clean()
+            for endpoint in finding_3.unsaved_endpoints:
+                endpoint.clean()
+            self.assertEqual(finding_1.severity, "Info")
+            self.assertEqual(finding_2.severity, "Critical")
+            self.assertEqual(finding_3.severity, "Medium")
+
+            self.assertEqual(finding_1.mitigation, "Do things properly1")
+            self.assertEqual(finding_2.mitigation, "Do things properly2")
+            self.assertEqual(finding_3.mitigation, "Do things properly3")
+
+            self.assertEqual(finding_1.active, False)
+            self.assertEqual(finding_2.active, True)
+            self.assertEqual(finding_3.active, True)
+
+            self.assertEqual(finding_1.is_mitigated, True)
+            self.assertEqual(finding_2.is_mitigated, False)
+            self.assertEqual(finding_3.is_mitigated, False)
+
+            self.assertEqual(
+                finding_1.unique_id_from_tool, "3b0e6b2a-c21e-493e-bd19-de40f525016e"
+            )
+            self.assertEqual(
+                finding_2.unique_id_from_tool, "b2f1066a-6188-4479-bab8-39cc5434f06f"
+            )
+            self.assertEqual(
+                finding_3.unique_id_from_tool, "335a7ba5-57ba-485a-b40e-2f9aa4e19786"
+            )