getApplications
The getApplications API provides comprehensive details about all the applications within a particular organization. It's an effective tool for assessing the security and operational characteristics of your applications. With this information, you can prioritize your actions based on business needs and security posture.
The getApplications API provides you with the folowing capabilities:
Fetching a list of applications associated with the specified organization.
Returning data about application structure, security features, deployment environments, and more.
Filtering and sorting applications based on various attributes and metrics.
Type
Query
Query Example
Parameters
getApplicationsInput
Input object for filtering and retrieving application data
GetApplicationsInput object
Input variables
Object Variable
Description
Type
Value
appId
Unique identifier of the application.
String
-
applicationFilters
Filters to categorize applications based on their lifecycle stage.
[ApplicationsFilter]
New, InDevelopment, DeployedProd, ExternallyFacing, Relevant, Irrelevant; Default: ["Relevant"]
conditionalFilters
[ConditionalFilters]
[]
irrelevancyFilters
Filters by irrelevancy reason.
[IrrelevancyFilter]
[] Archived, FailedClone, NoFiles, LastCodeChange, NoCodeChanges, SetByClient
isAppIdOnly
If true, only the appId is returned instead of full details.
Boolean
false
limit
Number of applications to return in a response.
Int
0
offset
Used for pagination.
Int
0
orderBy
OrderAppsBy
{"field":"BusinessPriority","direction":"DESC"}
owners
Filters by application owners.
[String]
[]
page
The current page number in paginated results.
Int
0
scanId
Unique identifier for the scan.
String
-
search
Search input for applications.
String
""
systemFilter
Filters applied based on system-level conditions.
SystemFilter
{}
tagIds
Filter applications by tagIds.
[String]
[]
Application conditionalFilters object variables
conditionalFilters object variablesField
Type
Values
condition
ConditionType
AND, OR, NOT, BETWEEN, CONTAINS, NOTCONTAINS
fieldName
FilterTypes
greaterThan
Float
-
lessThan
Float
-
values
[String]
-
fieldName object variables
fieldName object variablesObject Variable
Description
Value
fakeApp
Indicates whether the application is a fake or test app.
-
apps
List of applications defined in your organization, appears as Application in the app.
-
criticality
Level of criticality assigned to the issue, used for prioritization.
-
policies
Security policies applied to the issue.
-
issueOwners
Users or teams responsible for resolving the issue.
-
categories
Categories associated a repo.
-
issueNames
Names of detected issues or vulnerabilities.
-
sourceTools
Tools or scanners used to detect the issue.
-
cwe
Common Weakness Enumeration (CWE) identifier for the issue.
-
originBranchName
The source branch where the issue was found.
-
businessPriority
Business impact score for prioritizing applications.
-
cvss
Common Vulnerability Scoring System (CVSS) severity score.
-
severityChange
Changes in issue severity over time.
-
severityChangeReasons
Reasons for a change in severity, such as exploit availability or impact.
-
issueStatus
Current state of the issue (e.g., open, closed, under review).
-
issueStatusVsLastScan
Compares the issue status with the previous scan.
-
issueActions
Actions taken on the issue, such as mitigation or remediation.
-
originalSeverity
Severity assigned before any adjustments or prioritization.
-
filePaths
Paths of affected files related to the issue.
-
uniqueLibs
Libraries uniquely associated with the issue.
-
languages
Programming languages in which the issue was detected.
-
cve
Common Vulnerabilities and Exposures (CVE) identifier.
-
oscar
OSCAR framework classification of the issue.
-
oscarTactic
Specific tactic associated with the OSCAR framework.
-
complianceControl
Compliance control related to the issue (e.g., NIST, SOC 2).
-
complianceStandard
Compliance standard relevant to the issue (e.g., ISO 27001, PCI DSS).
-
tags
Tags assigned to categorize or group the issue.
-
tagIds
Unique identifiers for associated tags.
-
issuesWithout
Issues that are missing specific attributes.
-
image
Container or artifact image associated with the issue.
-
resolvedReasons
Explanation of why the issue was marked as resolved.
-
os
Operating system details related to the issue.
-
baseImage
Base image from which the container or artifact is derived.
-
registryName
Name of the container registry.
-
artifactSha
Unique SHA identifier of the affected artifact.
-
scaFixType
Type of Software Composition Analysis (SCA) fix available.
-
oxuser
User associated with the OX security platform.
-
issueIds
Unique identifiers for detected issues.
-
firstSeen
Date when the issue was first detected.
-
issueUpdatedAt
Timestamp of the last update to the issue.
-
commitDate
Date of the code commit that introduced the issue.
-
orgUnit
Organizational unit or team responsible for the affected application.
-
libraryNames
Names of libraries involved in the issue.
-
libraryVersions
Versions of the libraries related to the issue.
-
appIds
List of application IDs related to the issue.
-
source
Source repository or system where the issue was identified.
-
licenses
Software licenses associated with the application or library.
-
dependencyTypes
Types of dependencies affected (e.g., direct, transitive).
-
packageNames
Names of affected software packages.
-
copyrights
Copyright information linked to affected components.
-
severities
Severity levels of the detected issues.
-
packageInfos
Metadata about affected software packages.
-
packageManagers
Package managers used (e.g., npm, Maven, PyPI).
-
ruleId
Identifier for the security rule or policy that flagged the issue.
-
cicd
Information about Continuous Integration/Deployment processes.
-
repoTypes
Type of repository associated with the issue (e.g., GitHub, Bitbucket).
-
orchestrators
Orchestration platforms managing the application (e.g., Kubernetes).
-
artifacts
Software artifacts affected by the issue.
-
artifactsSystem
System where the affected artifacts are stored.
-
cloudDeployments
Cloud environments where the issue was found.
-
kubernetes
Kubernetes cluster affected by the issue.
-
sast
Static Application Security Testing (SAST) results.
-
sca
Software Composition Analysis (SCA) results.
-
iac
Infrastructure-as-Code configurations involved.
-
secretSearch
Search for exposed secrets in repositories.
-
securityToolSource
Security tool that detected the issue.
-
oxInPipeline
Presence of OX security checks in CI/CD pipelines.
-
oxInPipelineV2
Enhanced security pipeline scanning information.
-
pkgManagers
Package managers used in the application.
-
isMonoRepoChild
Indicates if the issue originates from a monorepo structure.
-
appClassification
Classification of the application based on security or risk.
-
appOwners
Users or teams responsible for managing the application.
-
ticketStatus
Status of tickets created for issue tracking.
-
resolvedReason
Explanation for why an issue was considered resolved.
-
disappearedReason
Reason why the issue is no longer detected.
-
disappearedType
Type of disappearance (e.g., fixed, ignored, false positive).
-
enforcement
Enforcement action applied to mitigate the issue.
-
cicdIssueStatus
Current status of the issue in CI/CD processes.
-
jobNumber
Identifier for the job where the issue was detected.
-
pullRequests
Related pull requests addressing the issue.
-
eventTypes
Types of security events linked to the issue.
-
targetBranches
Branches targeted for security fixes.
-
sourceBranches
Branches where vulnerabilities originated.
-
jobTriggeredBy
Entity that triggered the CI/CD job.
-
result
Outcome of the security scan.
-
cicdTypes
Types of CI/CD pipelines involved.
-
jobId
Identifier for the CI/CD job.
-
sourceBranch
Source branch where the issue originated.
-
cicdEventType
Type of CI/CD security event.
-
artifactName
Name of the affected artifact.
-
artifactFullName
Full name of the artifact.
-
artifactType
Type of artifact (e.g., container, binary).
-
environment
Execution environment where the issue was found.
-
registryType
Type of registry storing the affected artifact.
-
filters object variables
filters object variablesObject Variable
Type
Description
appClassification
[String]
Classification labels assigned to the application.
appId
[String]
Unique identifiers for the applications.
artifacts
[String]
Application flow from code to cloud for images.
artifactsSystem
[String]
Systems associated with the artifacts.
businessPriority
Range
OX business priority of an app.
categories
AppCategories[]
List of categories for a repository.
cicd
[String]
Continuous Integration/Continuous Deployment pipelines related to the application.
cloudDeployments
[String]
Cloud deployment environments linked to the application. List of cloud deployment items.
fakeApp
Boolean
Indicates if the application is flagged as fake.
iac
[String]
Infrastructure-as-Code tools or configurations used.
irrelevantReasons
[String]
Reasons why an application is marked as irrelevant.
kubernetes
[String]
Kubernetes-related configurations or deployments.
languages
[String]
Programming languages used in the application repository.
orchestrators
[String]
Application flow from code to cloud for orchestrator.
originBranchName
[String]
Name of the originating branch for the application.
oxInPipeline
[String]
Pipeline status: enabled, enabled (no recent results), disabled.
pkgManagers
[String]
Number of package managers for a specific repository and branch.
reachability
[String]
Network or API reachability status.
repoTypes
[String]
Types of repositories linked to the application.
riskScore
Range
Risk score indicating security exposure.
sast
[String]
Static Application Security Testing (SAST) tools used.
sca
[String]
Software Composition Analysis (SCA) tools used.
secretSearch
[String]
Secret scanning tools or detected secrets.
securityToolSource
[String]
Security tools that detected vulnerabilities.
tags
AppTag[]
List of tags for each repository.
orderBy object variables
orderBy object variablesObject Variable
Type
Description
Value
category
String
Category associated with the ordering.
-
direction
Direction
Sorting direction for the order: ASC, DESC.
field
OrderByField
Field name to sort by: BusinessPriority, AppName, SecurityPosture, CategoryViolations, Severities, OxInPipeline, DevelopersLastCodeChange, ReasonsInfo.
direction object variables
direction object variablesValue
Description
ASC
Sorts the results in ascending order, from lowest to highest (e.g., A-Z, 0-9, earliest to latest).
DESC
Sorts the results in descending order (default), from highest to lowest (e.g., Z-A, 9-0, latest to earliest).
field object variables
field object variablesValue
Description
BusinessPriority
Sorts applications by OX business priority of an app.
ScoreCreationTime
Sorts applications by the time their security score was created.
AppName
Sorts applications alphabetically by name of the repository or app with its subgroup name.
CategoryViolations
Sorts applications based on the number of security category violations.
Severities
Sorts applications by issue count for each category by severity breakdown.
OxInPipeline
Sorts applications based on their pipeline status: enabled, enabled (no recent results), disabled.
Developers
Sorts applications based on the number of developers contributing to them.
LastCodeChange
Sorts applications based on the date string of the last code change.
Reasons
Sorts applications based on predefined security or compliance-related reasons.
Info
Sorts applications based on issue count for this severity.
systemFilter object variables
systemFilter object variablesObject Variable
Type
Description
name
AppSystemsTypes
String
type
String
Specifies the type of vulnerability (SAST, SCA, IaC).
Application type name values
Value
Description
cicd
Filters applications based on CI/CD pipeline-related systems.
cloudDeployments
Filters applications based on cloud deployment environments.
Response objects
Field
Description
Value
applications
Array of application details.
total
Total number of issues for this category.
Int
totalFilteredApps
Total number of applications after filtering.
Int
showHistoricalTrend
Whether to show historical trends.
Boolean
totalIrrelevantApps
Total number of irrelevant applications.
Int
selectedPosition
Position selected within the result set.
Int
applications object variables
applications object variablesObject Variable
Type
Description
appId
String
Application ID.
appName
String
Full name of the application.
appOwners
[OwnerInfo]
applicationFlows
ApplicationFlow
branch
String
Default branch for development.
branchLink
String
URL linking to the repository branch.
branchesCount
Int
Total number of branches in the repository.
branchesToScan
[String]
List of branches selected for scanning.
businessPriority
Int
Business priority score assigned to the application.
categories
[AppCategories]
codeChanges
Int
Number of code changes detected.
commitCount
Int
Number of commits in the repository.
createdAt
String
Timestamp when the application was created.
creator
String
User or entity that created the application.
daysSinceLastCodeChange
Int
Days elapsed since the last code change.
daysSinceRepoCreation
Int
Days elapsed since the repository was created.
deployedProd
Boolean
Indicates if the application is deployed in production.
dockerfiles
[Dockerfile]
List of Dockerfiles associated with the application.
fakeApp
Boolean
Indicates if the application is a test or fake application.
filesCount
Int
Total number of files in the repository.
forksCount
Int
Number of times the repository has been forked.
hasDownloads
Boolean
Indicates if the repository contains downloadable artifacts.
id
String
Unique identifier for the application.
irrelevantComment
String
Comment explaining why the application is marked as irrelevant.
irrelevantReasons
[String]
List of reasons for marking the application as irrelevant.
isSbomPresent
Boolean
Indicates if the Software Bill of Materials (SBOM) is available.
issuesBySeverity
IssuesSeverity
Severity Object
Aggregation of issues by severity level.
languages
[Language]
lastCodeChange
String
Timestamp of the last code change.
link
String
URL linking to the application.
monoRepoParent
String
Identifier of the parent repository in a monorepo structure.
monorepoChildrenAppIds
[String]
List of child application IDs in a monorepo.
monorepoChildrenCount
Int
Number of child applications in the monorepo.
new
Boolean
Indicates if the application is newly added.
offset
Int
Offset for pagination when retrieving application data.
organization
String
Organization to which the application belongs.
originalBusinessPriority
Float
Initial business priority score before adjustments.
overridePriority
Int
Override value for the business priority.
overrideRelevance
String
Reason for overriding application relevance.
oxInPipeline
String
Status of security analysis integration in the CI/CD pipeline.
oxInPipelineDescription
String
Description of security scanning behavior in the pipeline.
pipeline
Pipeline
CI/CD pipeline information related to the application.
pkgManagers
[String]
List of package managers used in the application.
publicVisibility
Boolean
Indicates if the application repository is public.
pullCount
Int
Number of pull requests associated with the application.
pushCount
Int
Number of push events recorded in the repository.
relevant
Boolean
Indicates if the application is relevant based on security criteria.
repoId
String
Unique identifier of the repository.
repoName
String
Name of the application's repository.
scanId
String
Unique identifier of the security scan.
scannedAt
Float
Timestamp of the last security scan.
severityChangedReason
[ApplicationSeverityChangedReason]
size
Float
Size of the repository in megabytes.
tags
[AppTag]
List of tags assigned to the application.
tagsCount
Int
Number of tags associated with the application.
toolsCoverage
[AppToolCoverage]
type
String
Type of the application (e.g., microservice, monolith).
userCount
Int
Number of users contributing to the application.
watchersCount
Int
Number of watchers subscribed to repository updates.
yamlsCount
Int
Number of YAML configuration files detected.
appOwners object variables
appOwners object variablesObject Variable
Type
Description
email
String
Email address of the application owner. Email of a user-assigned tag or app owner.
name
String
Name of the application owner.
roles
[String]
List of roles assigned to the application owner. Values: Dev, Business, Security, Watcher
applicationFlows object variables
applicationFlows object variablesObject Variable
Type
Description
artifacts
String
cicdInfo
[CicdInfo]
cloudDeployments
String
kubernetes
String
orchestrators
String
repository
String
artifacts object variables
Object Variable
Type
Description
cluster
String
Name of the Kubernetes cluster.
hash
String
Unique hash identifier for the item.
hashType
String
Type of hash algorithm used, e.g., SHA-256, MD5, SHA-1.
k8sType
String
Type of Kubernetes workload.
linkName
String
Name of the associated link.
location
[AppFlowItemLocation]
name
String
Name of the entity.
region
String
Cloud or physical region where the resource is deployed.
size
Int
The size of the images. The size of the repository for a specific branch.
subType
String
Cloud asset subtype.
system
String
System-related identifier or categorization.
type
String
General type of the resource.
Artifacts location object variables
Object Variable
Type
Description
foundBy
String
The location where it was found, e.g., ECR folder name.
foundIn
String
The location or context where the issue or item was found.
link
String
A URL or reference link associated with the finding.
runBy
String
The user or system that executed the process leading to the discovery.
cicdInfo object variables
Object Variable
Type
Description
lastMonthJobCount
String
The number of CI/CD jobs executed in the last month.
latestDate
String
The most recent date of the pipeline ran.
location
[AppFlowItemLocation]
system
String
The system associated with the CI/CD job.
type
String
The type of CI/CD job or system.
CI/CD information location object variables
Object Variable
Type
Description
foundBy
String
The entity or tool that identified the CI/CD location.
foundIn
String
The specific location within the CI/CD process where the item was found, for example, ECR folder name.
link
String
A reference link associated with the CI/CD location.
runBy
String
The user or system responsible for executing the CI/CD process.
cloudDeployments object variables
Object Variable
Type
Description
cluster
String
Name of the Kubernetes cluster.
date
String
Timestamp related to the event or deployment.
hash
String
Unique hash identifier for the item.
hashType
String
Type of hash algorithm used, for example, sha256, md5, sha-1.
imageName
String
Name of the container image used in the deployment.
k8sType
String
Type of Kubernetes workload.
link
String
Reference link associated with the Kubernetes entity.
location
[AppFlowItemLocation]
name
String
Name of the Kubernetes resource.
region
String
Cloud or physical region where the resource is deployed.
subType
String
Cloud asset subtype.
type
String
General type of the resource.
Cloud deployment application flow location object variables
Object Variable
Type
Description
foundBy
String
The entity or tool that identified the application flow location.
foundIn
String
The specific location within the application flow where the item was found, for example, ecr folder name.
link
String
A reference link associated with the application flow location.
runBy
String
The user or system responsible for running the application flow process.
kubernetes object variables
Object Variable
Type
Description
date
String
Timestamp related to the Kubernetes event or deployment.
hash
String
Unique hash identifier for the Kubernetes resource.
hashType
String
The types of hash, for example, sha256, md5, sha-1.
location
[AppFlowItemLocation]
name
String
Name of the Kubernetes resource.
size
String
Size of the resource, if applicable.
subType
String
Cloud asset subtype.
system
String
System-related identifier or categorization.
type
String
Cloud asset type.
Kubernetes application flow location object variables
Object Variable
Type
Description
foundBy
String
The entity or tool that identified the Kubernetes location.
foundIn
String
The specific location within the Kubernetes environment where the item was found, for example, ECR folder name.
link
String
A reference link associated with the Kubernetes location.
runBy
String
The user or system responsible for executing the Kubernetes process.
orchestrators object variales
Object Variable
Type
Description
date
String
The date associated with the record.
hash
String
Unique identifier hash of the item.
hashType
String
The types of hash, for example, sha256, md5, sha-1.
location
[AppFlowItemLocation]
name
String
The name of the item.
size
String
The size of the item.
system
String
The system where the item is located.
type
String
Cloud asset type.
Orchestrators application flow location object variables
Object Variable
Type
Description
foundBy
String
The entity or tool that identified the orchestrator.
foundIn
String
The location or context where it was found, for example, ECR folder name.
link
String
A URL or reference link associated with the orchestrator.
runBy
String
The user or system that executed the process involving the orchestrator.
repository object variables
Object Variable
Type
Description
date
String
The date associated with the record.
location
[AppFlowItemLocation]
system
String
The system where the item is located.
type
String
The type or classification of the item.
Repository application flow location object variables
Object Variable
Type
Description
foundBy
String
The entity or tool that identified the repository.
foundIn
String
The location or context where it was found, for example, ECR folder name.
link
String
A URL or reference link associated with the repository.
runBy
String
The user or system that executed the process involving the repository.
categories object variables
categories object variablesObject Variable
Type
Description
catId
Int
Unique identifier for the application category.
categoryName
String
Name of the category.
isNa
Boolean
Indicates if the category is not applicable.
reason
[String]
List of reasons associated with the category.
score
Float
The score for the application category.
severities
AppSeverities
Issue count for each category by severity breakdown.
total
Int
Total number of issues for this category.
languages object variables
languages object variablesField
Type
Description
language
String
Programming language used.
languagePercentage
Float
Percentage of the language used for this repository.
scoreHistory object variables
scoreHistory object variablesField
Type
Description
standard
String
The compliance framework or standard this control belongs to (e.g., ISO 27001, SOC 2, NIST 800-53).
standardLink
String
A URL linking to the official documentation or reference for the compliance standard.
control
String
The specific compliance control identifier within the standard (e.g., "AC-2" for NIST 800-53).
category
String
The category or domain under which the control falls (e.g., "Access Control", "Data Protection").
description
String
A brief explanation of the compliance control and its intent.
categoryLink
String
A URL linking to documentation about the category or domain of the compliance standard.
controlLink
String
A URL linking to detailed documentation about this specific compliance control.
severityChangedReason object variables
severityChangedReason object variablesObject Variable
Type
Description
changeNumber
Float
The number impacting the severity calculation.
extraInfo
[ApplicationExtraInfo]
Evidence for the severity factor.
reason
String
The name of the severity factor.
tagId
String
Identifier for the associated tag.
extraInfo object variables
Object Variable
Type
Description
key
String
A unique identifier or key for the extra information. The name of the evidence, for example, file name.
link
String
A URL or reference link related to the extra information.
snippet
ExtraInfoSnippet
snippet object variable
Object Variable
Type
Description
fileName
String
Evidence file name.
language
String
Programming language of the detected file.
snippetLineNumber
Int
Evidence file line number.
text
String
The actual evidence.
toolsCoverage object variable
toolsCoverage object variableObject Variable
Type
Description
coverage
Boolean
Indicates the tool's coverage effectiveness.
oxDelivered
Boolean
Specifies if the tool is part of OX (not an external or third-party tool with credentials).
sources
[ToolCoverageSources]
Source of tool discovery.
toolName
String
Name of the tool providing security coverage.
type
String
Type of coverage provided (e.g., static analysis, dynamic analysis).