API BOM
At a glance: Review a detailed list of all API endpoints exposed by your applications. Map specific detected issues to the APIs that expose them (for APIs written in supported languages).
See the list of languages and web frameworks currently supported for:
• API detection • API/issue correlation
Overview
API BOM provides you with a detailed inventory of the API endpoints (both internal and external) defined in your application code. It identifies APIs:
Why does it matter?
API BOM gives you the ability to better understand your app exposure, making it easier to:
Ensure that all your APIs have undergone appropriate security review procedures. This is especially helpful in managing the review of newly added APIs.
Manage particularly risky elements of your APIs even when they are legitimately and intentionally included in code.
API BOM allows you to prioritize issues exposed by APIs (making it more likely that there is a path for an attacker to exploit them).
API/issue correlation
API BOM maps specific Code security and Open source security issues to the APIs that expose them when both of the following conditions are met:
The API is written in a language/web framework for which this feature is supported.
An issue is considered to be exposed by an API when there is a function call path between the API handler function and the function containing the issue.
Summary table
The API BOM summary table provides detailed information about each API discovered. A specific API (Title) is listed once for each endpoint/method combination it references.
In the summary table:
Click on the title of any column to sort the table by that column. (By default, the table is sorted by First seen.)
Use the filters on the left side of the page to view specific information in the table according to your preferences.
Summary table data
Title: The name of the API
| |
Highest severity exposed issues: The number of issues exposed by the API in each of the 3 highest severity levels.
| |
Endpoint: The URL of the endpoint referenced by the code or OpenAPI file. | |
Method: The HTTP method for the endpoint. | |
Functions: The functions called by the API.
| |
First seen: The date the API was first detected by OX.
| |
Source:
| |
App name: The app (repository) in which the API is referenced.
|
API details
Select a row in the summary table to open detailed API information at the bottom of the page.
| |
Tabs: Switch among tabs to navigate the types of detailed information available:
|
Last updated