getIssues
The getIssues API retrieves all security issues detected during a scan for a specific organization. In addition to listing the identified issues, it provides detailed information about each one, in order to assess and address security risks effectively.
With this API you can:
Retrieve a comprehensive list of security issues associated with a given organization ID.
Access in-depth details for each issue, including severity, affected components, remediation steps, and more.
Sort and filter issues based on custom criteria to prioritize and manage security risks efficiently.
Type
Query
Query Example
Parameters
Param Name
Description
Values
getIssuesInput
The API accepts input parameters that allow you to filter and sort the results. For example, you can request a list of issues with a specific severity level, such as Critical and have them sorted alphabetically by the application name.
IssuesInput object
orgId
The unique identifier of the organization.
String (Alphanumeric identifier)
Input object variables
Object
Type
Description
Values
conditionalFilters
[ConditionalFilters]
-
issueId
String
The ID of the issue.
-
limit
Int!
Specifies the maximum number of issues to fetch in a single API call. For example, setting it to 10 retrieves only the first 10 issues.
10
offset
Int!
Used for pagination. Specifies the number of issues to skip before fetching the next set. For example, setting it to 5 skips the first 5 issues.
0
owners
[String]
Filters issues by owner(s). Owners can be of types: Dev, Security, Watcher, or Business. Takes an array of owner emails for filtering.
[]
sort
IssuesSort
{"fields":["Severity"],"order":["DESC"]}
topLevelSearch
String
Allows searching by issue name, CVE, or application name. Takes a string as input and returns results matching the search term.
""
conditionalFilters object variables
conditionalFilters object variablesField
Type
Values
condition
ConditionType
AND, OR, NOT, BETWEEN, CONTAINS, NOTCONTAINS
fieldName
FilterTypes
greaterThan
Float
-
lessThan
Float
-
values
[String]
-
fieldName object variables
fieldName object variablesField
Description
Values
severityChangeHistory
History of severity changes for the issue
-
issueStatus
Current status of the issue, appears as Issue Status Over Time in the app.
Unchanged, New, Increased Severity, Decreased Severity
issueStatusVsLastScan
Status of the issue compared to the last scan
Unchanged, New, Increased Severity, Decreased Severity
apps
List of applications defined in your organization, appears as Application in the app.
-
criticality
Criticality level of the issue, appears as Severity in the app.
Appoxalypse, Critical, High, Medium, Low, Info
originalSeverity
Original severity level, before OX aggregation, appears as Severity Before Prioritization in the app.
Critical, High, Medium, Low
severityChange
Details of severity changes, appears as Severity Reprioritized in the app.
Decreased, Unchanged, Increased
severityChangeReasons
List of severity factors used to calculate issue severity and to enrich it with additional information.
-
categories
Categories related to the issue, appears as Category in the app.
Open Source Security, Container Security
issueNames
Names of issues, appears as Issue Name in the app.
-
policies
Policies related to the issue, appears as Policy in the app.
Vulnerable dependency (CVE) in code, Vulnerable dependency (CVE) in container from user code, Vulnerable dependency (CVE) in DockerFile base image, Vulnerable dependency in container from Operating System
issueOwners
List of issue owners, appears as Issue Owner in the app.
-
sourceTools
Tools used as the source, appears as Source Tool in the app.
-
oscarTactic
OSCAR tactics, appears as OSC&R Tactic in the app.
Execution, Collection, Initial Access, Credential Access, Reconnaissance, Lateral Movement, Defense Evasion, Exfiltration
oscar
OSCAR-related data, appears as OSC&R Technique in the app.
T0118: Command injection T0192: Sensitive information in logs T0119: Cross-site scripting T0117: SQL injection T0113: Compromised used account T0137: Weak authentication methods T0190: Weak encryption T0112: Compromised token T0125: Unencrypted data in transit T0124: Unencrypted data at rest T0187:Exposed storage T0140: Harvest tokens from environment variables T0131: Overprivileged user account T0188: Cross site Request Forgery T0130: Harvest secrets from logs T0176: Misconfigured security measures T0126: Exposed storage T0156: Exfiltration over webhooks T0180: Compromise sevices/servers T0128: Permissive network access T0159: Malicious artifact execution
complianceStandard
Identifies the specific compliance standard (e.g., SOC 2, NIST) associated with an issue. While categories group broader topics like risk assessment or asset management, standards are more specific and may belong to multiple categories. Together, these fields help users navigate compliance requirements by linking issues to relevant standards and controls. Appears as Compliance Standard in the app.
ISO27001:2022 NIST-800-53-Revision-5 PCI_DSS 3.2.1 PCI_DSS 4.0 SOC2 CIS Github Benchmark v1.0.0 CIS Docker Benchmark v1.6.0
complianceControl
Provides a link to official compliance control documentation, allowing users, such as CISOs or compliance professionals, to access authoritative details about specific controls, like those related to risk assessment or security management. It is an external-facing field intended for users familiar with compliance standards. Appears as Compliance Control in the app.
-
cve
Common Vulnerabilities and Exposures (CVE) identifiers, appears as CVE in the app.
-
cvss
Common Vulnerability Scoring System (CVSS) score, appears as CVSS Base Score in the app.
0-10 in increments of 0.1
cwe
Common Weakness Enumeration (CWE) identifiers, appears as CWE in the app.
-
issueActions
Actions taken on the issue, appears as Actions in the app.
-
languages
Programming languages related to the issue, appears as Languages in the app.
JavaScript, Java, npm, Python, Docker, Dockerfile
uniqueLibs
Unique libraries involved, appears as Vulnerable Library in the app.
-
filePaths
File paths related to the issue, appears as Files With Issues in the app.
-
originBranchName
Name of the origin branch, appears as Analyzed Branch in the app.
main, master
businessPriority
Indicates the business priority of an application. Relevant for sorting or prioritizing applications.
range 0-100 integer
tags
Tags associated with the application or issue, appears as App Tag in the app.
-
registryName
Name of the registry, appears as Registry Name in the app.
-
registryType
Type of registry, appears as Registry Type in the app.
-
image
Image information, appears as Artifact Image in the app.
-
region
Region associated with the issue, appears as Registry Region in the app.
-
accountId
ID of the cloud account, appears as Registry Account Id in the app.
-
cluster
Cluster information, appears as Kubernetes Cluster in the app.
-
cloudRegion
Region of the cloud account, appears as Cloud Region in the app.
-
cloudAccountId
ID of the cloud account, appears as Cloud Account Id in the app.
-
os
Operating system details, appears as Artifact OS Image in the app.
-
baseImage
Base image information, appears as Artifact Base Image in the app.
-
artifactSha
SHA of the artifact, appears as Artifact SHA in the app.
-
firstSeen
Date when the issue was first seen, appears as First Seen in the app.
-
reachability
Information about issue reachability
-
exposureByApi
Exposure information through APIs, appears as Exposure by API in the app.
Not exposed, Exposed + internet exposure, Exposed
ticketStatus
Provides links to the ticketing system your organization uses. You can view tickets in the status you requested, need to select tickets in the response. Appears as Ticket Status in the app.
To Do
commitDate
Date of the commit related to the issue, appears as Commit Date in the app.
-
orgUnit
Organizational unit associated with the issue
-
sort object variables
sort object variablesObject
Type
Details
fields
[IssueSortByFields]
Defines the fields by which the issues are sorted:
- ["Category"]: Sorting according to categories.
- ["IssueName"]: Sorting according to alphabetical order of issue names.
- ["RepoName"]: Sorting according to alphabetical order of app names.
- ["Owner"]: Sorting according to alphabetical order of owner names.
- ["OpenDate"]: The scan date and time when this issue was discovered.
- ["Occurrences"]: The count of aggregated items for an issue, e.g., the number of SCA vulnerabilities for open-source security issues.
- ["Severity"]: Sorting based on issue severity.
- ["BusinessPriority"]: Indicates the priority of an application, allowing sorting based on business importance.
order
[Direction]
Specifies the sorting order for the selected fields: ["ASC"] or ["DESC"].
Response Objects
Response fields
Field
Description
Value
issues
[Issue]
offset
Offset for pagination
Int
selectedPosition
Selected position in the list
Int
topOffset
Offset for the topmost element
Int
totalActiveIssues
Total count of active issues
Int
totalFilteredIssues
Total count of filtered issues
Int
totalIssues
Total count of all issues
Int
totalResolvedIssues
Total count of resolved issues
Int
issues object variables
issues object variablesField
Description
Value
aggregations
IAggregations
app
IAppsInfo
autoFix
FixIssue
cancelFalsePositiveComment
Cancels a user-provided comment explaining why an issue is marked as a false positive.
String
category
Provides the category of the issue (e.g., "Git", "Spam", "Open Source").
ICategory
comment
A user-added comment to an issue.
String
compliance
[ComplianceItem]
createdAt
The date and time when the issue was created.
Float
cwe
List of CWE (Common Weakness Enumeration) IDs and descriptions for the issue.
[String]
cweList
The list of CWEs.
[CweList]
dependencyChain
Information about the chain of dependencies related to the issue.
[String]
dependencyGraph
Includes dependency chain, dependency graph, dependency graph edges, and dependency graph nodes.
SbomDependencyGraphResponse
falsePositiveComment
Holds a user-provided comment explaining why an issue is marked as a false positive.
String
fixAppliedDetails
Details about fixes that were applied to the issue.
FixAppliedDetails
fixLink
URL linking to the fix for the issue.
String
fixes
List of fixes associated with the issue.
PolicyFix
gptInfo
More info about the issue from chat GPT. Includes the following:
createdAt: Date; the date when the additional info was requested
gptResponse: String; the response received from chat GPT
user: String; the user that requested the info
isCanceledFalsePositive
Indicates that when the issue was previously identifies as FalsePositive, it was incorrect.
Boolean, default:True
isFalsePositive
Indicates when the issue was reported as FalsePositive.
Boolean, default: False
isFixApplied
Indicates if the fix was applied.
Boolean
isFixAvailable
Indicates whether this issue can be fixed.
Boolean
isGPTFixAvailable
Indicates if ChatGPT can provide info about this issue.
Boolean
isMonoRepoChild
Indicates if this issue comes from a mono sub-repo or regular repo. Default: False.
Boolean
isPRAvailable
Indicates if a pull request is available for this issue.
Boolean
issueId
The ID of the issue.
String
issueStatus
The status of the issue can be New, Updated, or Unchanged.
IssueStatus
mainTitle
The title or name of the issue, displayed in the application as the "Name."
String
messages
Consult Zohar Sagi for more information.
[IssueMessage]
occurrences
Number of occurrences related to the issue. Consult Ravi for detailed count in the OX app.
Int
originalSeverity
The original severity of the issue. Consult Ravi for details.
Int
originalToolSeverity
Severity as determined by the original scanning tool. Consult Ravi for details.
String
overrideSeverity
Indicates whether the severity was overridden. Consult Divya for details.
Boolean
overrideSeverityReason
Reason for overriding the severity. Consult Divya for details.
String
ownerEmails
List of email addresses of the issue owners.
[String]
policy
Information about the policy under which the issue was created, including name and ID.
IPolicy
prDetails
Information about the pull request (PR) created for the issue, including links and metadata.
PullRequest
recommendation
Suggestions for resolving the issue, often defined by policies.
String
scaFixType
Information about the SCA (Software Composition Analysis) fix type. Consult Ravi for details.
ScaFixType
scanId
The ID of the scan during which the issue was identified.
String
secondTitle
An issue description as it appears in the Summary tab in the app.
String
severity
The severity level of the issue, such as "low," "medium," or "critical."
String
severityChangeReason
Explains why the severity of the issue was changed. Consult Roman for details.
[String]
slackNotification
Indicates whether the issue was sent to Slack, including the channel and timestamp.
[SlackNotification]
sourceTools
Tools that detected the issue, including OX tools and third-party tools.
[String]
tags
Tags assigned to the application associated with the issue, including system-defined and user-defined tags.
[AppTag]
tickets
Indicates JIRA or other system tickets created for the issue. Consult Ravi for further details.
[Ticket]
aggregations object variables
aggregations object variablesField Name
Description
Values
columns
IAggColumns
items
[AggItem]
summary
Summary information related to aggregation, such as:
comment: Stringsummary: String | IAggSummary | |type| Type of aggregation | String |
columns object variables
columns object variablesField
Description
Value
columns
Aggregation columns, such as:
header: String representing the header texthref: Hyperlink reference (URL)key: Unique key identifiertooltip: Tooltip text for additional contexttype: String representing the data type | [AggregationColumn] | |comment| A comment in string format | String |
items object variables
items object variablesField Name
Type
Description
_id
String
Unique identifier for the entity.
accessLevel
String
User's access level or permissions within the system.
accountId
String
Unique identifier for the account associated with the entity.
accountName
String
Name of the account associated with the entity.
additionalToolData
String
Extra metadata or data collected from external tools.
adminLocation
String
Location from which administrative actions were performed.
adminOperation
String
Type of administrative action taken.
adminOperationDate
String
Date when the administrative action occurred.
aggId
String
Aggregation identifier used for grouping related data.
baseImage
String
Name or identifier of the base image used in a container.
binariesCount
Int
Number of binary files associated with this entity.
branch
String
Git branch where the action or event occurred.
cloudEnv
String
Cloud environment where the resource is hosted (e.g., AWS, GCP).
cluster
String
Cluster name or identifier in a cloud or Kubernetes environment.
commitBy
String
User who made the commit in version control.
commitLink
String
URL linking to the commit details.
consoleLink
String
URL to access the management console of the system.
createdAt
String
Date and time when the entity was created.
cvss
Float
CVSS (Common Vulnerability Scoring System) score of a vulnerability.
date
String
General date field indicating an event timestamp.
daysOpen
String
Number of days since the issue or event was reported.
dependencyChain
[Dependency]
List of dependencies related to the entity.
dependencyType
String
Type of dependency (e.g., direct, transitive).
destinationCreationDate
String
Date when the destination repository or resource was created.
destinationLastModifyDate
String
Date when the destination resource was last modified.
destinationRepoLink
String
URL linking to the destination repository.
destinationRepoName
String
Name of the destination repository.
destinationRepoVisibility
String
Visibility status of the destination repository (public/private).
devOperation
String
Type of development operation performed.
devOperationDate
String
Date when the development operation occurred.
dockerVer
String
Version of Docker used.
downloads
String
Number of downloads for a package or artifact.
earliestActivityDate
String
Date of the earliest recorded activity related to the entity.
eduVideoLink
String
URL linking to an educational or training video.
email
String
Email address associated with the user or account.
endLine
Int
Ending line number for the match in a file (for code analysis).
events
String
Collection of events related to the entity.
evidence
String
Supporting data or proof related to an issue.
excludedByAlert
Boolean
Indicates whether the issue was excluded based on an alert.
fileCount
Int
Number of files related to the entity.
fileName
String
Name of the file.
filePath
String
Full path of the file.
fileUri
String
URI linking to the file location.
fixedVersion
String
Version where the issue or vulnerability was fixed.
forks
String
Number of forks for a repository.
image
String
Name or identifier of the image.
imageCreatedAt
String
Date when the image was created.
imageLink
String
URL linking to the image.
installedVersion
String
Version of a package currently installed.
isFixAvailable
Boolean
Indicates if a fix is available for an issue.
k8sType
String
Type of Kubernetes resource.
language
String
Programming language used.
lastAccess
String
Date of the last access event.
lastAdminOperation
String
Most recent administrative action taken.
lastCodeDate
String
Date of the last code change.
layer
String
Container or image layer details.
link
String
Generic URL link associated with the entity.
location
String
Physical or logical location of the entity.
match
String
Matching criteria or results for the entity.
mergedBy
String
User who merged a pull request.
name
String
Name of the entity.
orgRole
String
Role assigned to the user within an organization.
os
String
Operating system associated with the entity.
pkgCount
Int
Number of packages associated with the entity.
pkgName
String
Name of the package.
project
String
Name of the project associated with the entity.
pushType
String
Type of push operation performed, can be push/pull
pushedAt
String
Date and time of the last push event.
region
String
Cloud region where the resource is deployed.
repo
String
Repository name.
repoCreator
String
User or system that created the repository.
repoPermissions
String
Permissions associated with the repository.
reputation
String
Reputation score or trust level of the entity.
reviewers
String
Users who reviewed a pull request.
ruleId
String
Unique identifier for a security rule.
secret
String
Represents a stored secret or credential.
service
String
Name of the service related to the entity.
sha
String
SHA hash of the commit or file.
size
String
Size of the file or artifact.
snippet
String
Code snippet related to an issue.
source
String
Source system or origin of the data.
stars
String
Number of stars for a repository.
type
String
Type classification of the entity.
url
String
URL linking to the entity.
user
String
Username associated with the entity.
vulBySeverity
String
Vulnerability categorized count by severity level.
app object variables
app object variablesField
Type
Description
businessPriority
Float
Indicates the business priority of an application. Relevant for sorting or prioritizing applications.
fakeApp
Boolean
Boolean field indicating if the application is marked as fake. Default value is false.
id
String
A unique application ID, typically derived from source control (e.g., GitLab or GitHub). Relevant to users.
name
String
The full application name, as retrieved from source control. A combination of the repo name and the branch name.
organization
String
The organization associated with the application, such as a GitLab group or OX.
originBranchName
String
The primary branch from which the application was scanned.
owners
[OwnerInfo]
Lists the application owners, such as developers, security, watchers, or business owners. Default is empty.
repoId
String
Repository ID of the application. Requires clarification if this or ID is the derived value.
repoName
String
Displays just the repository name without path or branch.
type
String
Indicates the type of source control, such as GitLab, GitHub, or Bitbucket. Relevant for identifying the source of scanned applications.
autofix object variables
autofix object variablesIndicates if an automatic fix was suggested or created for the issue, including creating a pull request from the application.
Field
Type
Description
activeFix
ActiveFix
Represents the active fix applied to the issue as follows:
- fixId: The unique identifier for the fix.
- fixUrl: The URL of the pull request created for the fix.
fixAppliedBy
String
Username of the user who applied the fix.
fixDate
Date
The date when the fix was applied.
fixDescription
String
Description of the fix, typically matching the PR description.
fixInput
[Input]
Fix description or details of the input for the fix.
fixPR
FixPR
The URL of the pull request created for the fix.
fixTitle
String
The title of the pull request for the fix.
fixType
String
Specifies the type of fix applied (e.g., pull request or getPosture).
isFixApplied
Boolean
Indicates whether the fix has been applied.
sourceControlType
String
Indicates the source control system used (e.g., GitLab, GitHub, Bitbucket).
compliance Object Variables
compliance Object VariablesField
Type
Description
category
String
The compliance category, e.g., "Risk Assessment" or "Asset Management."
categoryLink
String
Link to official documentation for the compliance category.
description
String
Description of the compliance standard sourced from official documentation.
standard
String
The name of the compliance standard, e.g., "SOC 2," "NIST."
standardLink
String
Link to the official documentation for the compliance standard.
extraInfo
Object
Internal object with additional data; not recommended for user exposure.
secondTitle
String
A detailed issue description displayed in the application's summary tab.