getSingleIssueInfo

The getSingleIssueInfo API retrieves detailed information for a single security issue detected during a scan for a specific organization.

Type

Query

Query Example

  getSingleIssueInfo {
    importantSeverityBreakdown
    isCVERelated
    overrideSeverityReason
    highestOXCVESeverity
    latestCommit {
      date
      commitLink
      match
      snippet
      snippetLineNumber
    }
    issueDetailsHeaders {
      id
      label
      featureFlag
    }
    compliance {
      standard
      standardLink
      control
      category
      description
      categoryLink
      controlLink
    }
    sbom {
      id
      references {
        triggerPackage
        location
        locationLink
        dependencyType
        dependencyLevel
        commit {
          commitedAt
          committerName
          committerEmail
        }
        fileName
      }
      appType
      language
      libId
      libraryName
      libraryVersion
      license
      appName
      location
      dependencyType
      source
      appId
      locationLink
      appLink
      pkgName
      copyWriteInfo
      copyWriteInfoLink
      libLink
      vulnerabilityCounts {
        appox
        critical
        high
        medium
        low
        info
      }
      triggerPackage
      vulnerabilities {
        issueId
        oxSeverity
        severityNumberFromTool
        severityFromTool
        cve
        cveLink
        cvsVer
        cvssVersion
        epss
        percentile
        libName
        dependencyChain
        libVersion
        chainDepth
        exploitInTheWild
        exploitInTheWildLink
        description
        dateDiscovered
        minorVerWithFix
        majorVerWithFix
        exploitRequirement
        exploitCode
        originalSeverity
      }
      latestVersion
      latestVersionDate
      stars
      forks
      openIssues
      packageManager
      packageManagerLink
      maintainers
      contributors
      downloads
      sourceLink
      notPopular
      licenseIssue
      notMaintained
      isDeprecated
      notImported
      notUsed
      notUpdated
      dependencyLevel
      requestId
      licenseLink
      artifactInSbomLibs {
        image
        imageLink
        imageCreatedAt
        sha
        os
        osVersion
        baseImage
        baseImageVersion
        tag
        layer
        registryName
      }
      sha
      maintainersList {
        name
        email
      }
    }
    dependencyGraph {
      nodes {
        id
        name
        width
        height
        vulnerable
      }
      allNodes {
        id
        name
        width
        height
        vulnerable
      }
      edges {
        v
        w
      }
      allEdges {
        v
        w
      }
    }
    id
    groupId
    name
    mainTitle
    secondTitle
    scanId
    created
    sla {
      daysPastSLA
      status
    }
    daysPastSLA
    issueUpdatedAt
    scanDate
    description
    impact
    severity
    owners
    ownerEmails
    occurrences
    score {
      value
      comments
    }
    connector
    learnMore
    extraInfo {
      key
      val
      value
    }
    resource {
      id
      type
    }
    app {
      id
      name
      businessPriority
      riskScore
      secPosture
      type
      typeComments
      applicationFlows {
        artifacts {
          type
          name
          hashType
          system
          subType
          hash
          size
          date
          location {
            runBy
            foundBy
            foundIn
            link
          }
          linkName
          k8sType
          cluster
          region
        }
        cloudDeployments {
          type
          subType
          name
          hash
          hashType
          link
          k8sType
          imageName
          date
          cluster
          region
        }
        cicdInfo {
          type
          system
          latestDate
          lastMonthJobCount
          location {
            runBy
            foundBy
            foundIn
            link
          }
        }
        orchestrators {
          type
          name
          hashType
          system
          hash
          size
          date
        }
        kubernetes {
          type
          name
          hashType
          system
          hash
          subType
          size
          date
        }
        repository {
          type
          system
          date
        }
      }
      fakeApp
      originBranchName
      repoId
      organization
      repoName
      owners {
        name
        email
        roles
      }
    }
    policy {
      id
      name
      detailedDescription
    }
    issueId
    category {
      name
      categoryId
      subCategoryName
      subCategoryComment
    }
    aggregations {
      type
      summary {
        summary
        comment
      }
      columns {
        columns {
          header
          key
          tooltip
          href
          type
        }
        comment
      }
      items {
        callBranch
        linkToExternalProduct
        stars
        forks
        downloads
        vulBySeverity
        nameAndVer
        sourceRepoName
        sourceRepoLink
        sourceCreationDate
        sourceLastModifyDate
        destinationRepoName
        destinationRepoLink
        destinationCreationDate
        destinationLastModifyDate
        destinationRepoVisibility
        reasons
        _id
        url
        additionalToolData
        events
        allEvents
        pushType
        sha
        title
        link
        mergedBy
        date
        fileCount
        diffInDays
        reviewers
        user
        userLink
        userAvatar
        devOperation
        devOperationDate
        adminOperation
        adminOperationDate
        reviewOperation
        reviewOperationDate
        orgRole
        earliestActivityDate
        repoPermissions
        adminLocation
        email
        pullRequestsCount
        diffFromNowToCreatedAtInDays
        username
        accessLevel
        createdAt
        lastAccess
        fileName
        fileUri
        startLine
        endLine
        match
        snippet
        commitLink
        commitBy
        region
        eduVideoLink
        resource
        service
        accountName
        cloudEnv
        secret
        image
        imageCreatedAt
        pkgCount
        dockerVer
        os
        binariesCount
        tag
        reputation
        sha256
        size
        pushedAt
        source
        ruleId
        realMatch
        excludedByAlert
        filePath
        lockfile
        accountId
        snippetLineNumber
        language
        daysOpen
        isFixAvailable
        aggId
        pkgName
        installedVersion
        fixedVersion
        triggerPkgName
        triggerPkgVersion
        triggerPkgUpgradeVersion
        dependencyType
        branch
        hashAggId
        repo
        repoCreator
        lastCodeDate
        lastAdminOperation
        exclusionId
        numberOfReposDomainAppear
        layer
        baseImage
        imageLink
        registryName
        project
        resourceGroup
        location
        parameter
        test
        cvss
        evidence
        cluster
        type
        cloudType
        k8sType
        consoleLink
        name
        subscriptionId
        stringifiedClusters
      }
    }
    exclusions {
      label
      recommended
      tooltip
      type
      id
      oxRuleId
      level
      excludeBy
      uidOnly
      isDefault
      ffKey
      exclusionScope
    }
    recommendation
    violationInfoTitle
    sourceTools
    ruleId
    exclusionCategory
    fixes {
      settingType
      tooltip
      description
      warning
      confirmation
      inputs {
        type
        name
        options {
          name
          selected
          metadata
          info
          displayName
          isDisabled
        }
        multiSelect
        maxSelect
        minSelect
        displayName
      }
    }
    fixAppliedDeatils {
      appliedBy
      appliedDate
    }
    cwe
    fixLink
    cweList {
      name
      description
      url
    }
    dependencyChain
    createdAt
    tickets {
      provider
      ticketId
      createdBy
      issueId
      issueName
      appName
      appId
      category
      assignee
      reporter
      link
      project
      issueType
      key
    }
    slackNotification {
      channelName
      timestamp
    }
    messages {
      messagingVendor
      recipients {
        name
        id
        type
      }
      createdAt
    }
    fixIssue {
      fixType
      fixTitle
      fixDescription
      activeFix {
        fixId
        fixURL
      }
      fixPR {
        issueBranch
        commitMessage
        fixFiles {
          filePath
          newFileContent
        }
      }
      isFixApplied
      fixAppliedBy
      sourceControlType
      fixInput {
        type
        name
        options {
          name
          metadata
        }
      }
      fixDate
    }
    autoFix {
      fixType
      fixTitle
      fixDescription
      isFixApplied
      fixAppliedBy
      sourceControlType
      fixDate
    }
    severityChange
    originalToolSeverity
    scaVulnerabilities {
      issueId
      cwe {
        name
        shortName
        url
      }
      cveSeverityFactor {
        sfName
        sfDescription
        sfChangedNumber
        withoutAutoNumbering
        evidenceLabel
        evidences {
          key
          value
          link
          iconLink
          callBranch
        }
      }
      oxSeverity
      severityNumberFromTool
      severityFromTool
      cve
      cveLink
      cvsVer
      cvssVersion
      epss
      percentile
      libName
      dependencyChain
      libVersion
      chainDepth
      exploitInTheWild
      exploitInTheWildLink
      description
      dateDiscovered
      minorVerWithFix
      majorVerWithFix
      exploitRequirement
      exploitCode
      originalSeverity
    }
    dependencyGraphNodes {
      position {
        x
        y
      }
      id
      name
      width
      height
      vulnerable
      issues {
        info
        low
        medium
        high
        critical
        appox
      }
    }
    dependencyGraphEdges {
      v
      w
    }
    scaTriggerPkg
    scaTriggerPkgs {
      scaTriggerPkg
      fileName
    }
    pkgSemanticVersion
    graphExist
    indirectSupported
    severityChangeReason
    severityChangedReason {
      changeNumber
      withoutAutoNumbering
      evidenceLabel
      reason
      shortName
      changeCategory
      extraInfo {
        key
        value
        link
        snippet {
          snippetLineNumber
          language
          text
          fileName
        }
        iconLink
        callBranch
      }
      extraInfoContainer {
        layerSha
        layerNum
        artifactName
        sha
        registryName
      }
    }
    isPRAvailable
    cicdFields {
      issueStatus
      sourceBranch
      targetBranch
      isBlocking
      jobId
      jobTriggeredAt
      jobTriggeredAtDate
      jobTriggeredBy
      jobTriggeredReason
      jobUrl
      pullRequestId
      pullRequestUrl
      enforcement
      excludedByAlert
      cicdEventType
    }
    comment
    excludedByAlert
    excludedByPolicy
    excludedByApp
    countRule
    exclusionId
    languageInfo {
      name
      version
    }
    isMonoRepoChild
    monoRepoParent
    isFixAvailable
    isFixApplied
    isGPTFixAvailable
    oscarData {
      name
      description
      url
      id
    }
    gptInfo {
      gptResponse
      user
      createdAt
    }
    prDeatils {
      sourceControlType
      issueId
      appId
      repo
      prId
      prURL
      prBranchName
      commitMessage
      commiter
      comment
      date
      prTitle
      prBody
      prStatus
      prApprover
      prReviewer
      prMergeTime
    }
    tags {
      tagId
      name
      email
      displayName
      tagType
      createdBy
      purpose
      deploymentModel
    }
    originalSeverity
    overrideSeverity
    isFalsePositive
    falsePositiveComment
    isCanceledFalsePositive
    cancelFalsePositiveComment
    issueStatus
    scanIssueStatus
    correlatedIssueId
    correlatedRegistry
    scaFixType
    previousSeverity {
      severity
      severityChangedDate
    }
    version
    severityFactorsDiff {
      shortName
      change
      status
    }
    exposedByApiItems {
      apiId
      codeLocations {
        link
        callBranch
      }
    }
    originBranchName
    exclusionComment
    exclusionExpiredAt
    problematicPkg
  }
}

Parameters

Param Name

Description

Values

getSingleIssueInfo

The API accepts input parameters that .

SingleIssueInput object

orgId

The unique identifier of the organization.

String (Alphanumeric identifier)

Input Object Variables

Object

Type

Description

issueId

String

The ID of the issue.

Response object variables

Object Variable

Description

Value

aggregations

How aggregation parameters are defined in the response.

IAggregations

app

Information about the application associated with an issue, including app name, ID, organization, and origin branch.

IAppsInfo

autoFix

Indicates if an automatic fix was suggested or created for the issue, including creating a pull request from the application.

FixIssue

cancelFalsePositiveComment

Cancels a user-provided comment explaining why an issue was marked as a false positive.

String

category

Provides the category of the issue (e.g., "Git", "Spam", "Open Source").

ICategory

comment

A user-added comment to an issue.

String

compliance

Represents compliance standards associated with issues, such as asset management and risk assessment.

[ComplianceItem]

correlatedIssueId

If two issues are related, the system shows the connected issue ID. For example, an SCA repository issue linked to an SCA image issue.

String

created

The timestamp when the issue was created.

Float

createdAt

The date and time when the issue was created.

Float

cwe

List of Common Weakness Enumeration (CWE) IDs and descriptions for the issue.

[String]

cweList

The list of CWEs.

[CweList]

daysPastSLA

Days count of issue's SLA breach.

Int

dependencyChain

Information about the chain of dependencies related to the issue.

[String]

dependencyGraph

Includes dependency chain, dependency graph, dependency graph edges, and dependency graph nodes.

SbomDependencyGraphResponse

description

Description of an issue.

String

excludedByAlert

Indicates if an issue is excluded by alerts.

Boolean

excludedByApp

Indicates if an issue is excluded by a repo.

Boolean

excludedByPolicy

Indicates if an issue is excluded by a policy.

Boolean

exclusions

All the exclusions associated with the issue.

[RecommendedExclusions]

extraInfo

Additional information about the issue, such as metadata.

[ExtraInfo]

falsePositiveComment

Holds a user-provided comment explaining why an issue is marked as a false positive.

String

fixAppliedDeatils

Details about fixes that were applied to the issue.

FixAppliedDeatils

fixIssue

FixIssue

fixLink

URL linking to the fix for the issue.

String

fixes

List of fixes associated with the issue.

PolicyFix

gptInfo

More info about the issue from ChatGPT.

GPTInfo

graphExist

Boolean

highestOXCVESeverity

The highest CVE severity by Ox's calculation.

String

id

String

impact

String

importantSeverityBreakdown

The severity impact breakdown that adjusts the overall severity.

[String]

isCanceledFalsePositive

Indicates that when the issue was previously identified as FalsePositive, it was incorrect.

Boolean

isFalsePositive

Indicates when the issue was reported as FalsePositive.

Boolean

isFixApplied

Indicates if the fix was applied.

Boolean

isFixAvailable

Indicates whether this issue can be fixed.

Boolean

isGPTFixAvailable

Indicates if ChatGPT can provide info about this issue.

Boolean

isMonoRepoChild

Indicates if this issue comes from a mono sub-repo or regular repo.

Boolean

isPRAvailable

Indicates if a pull request is available for this issue.

Boolean

issueId

The ID of the issue.

String

issueStatus

The status of the issue can be New, Updated, or Unchanged.

IssueStatus

issueUpdatedAt

The date on which the issue was updated.

Float

languageInfo

The programming language used in the code where the security issue was detected.

LanguageInfo

latestCommit

The latest commit date.

LatestCommit

learnMore

A link to a video for more information about the specific issue.

[String]

mainTitle

The title or name of the issue, displayed in the application as the "Name".

String

messages

The message that was sent about the issue through an external channel, such as Slack or Teams. Usually messages are sent in one of the following ways: manually in the Get Issues page or automatically, as part of a flow.

[IssueMessage]

name

The issue name.

String

occurrences

Number of occurrences related to the issue.

Int

originalSeverity

The original severity of the issue.

Int

originalToolSeverity

Severity as determined by the original scanning tool.

String

oscarData

Ox Oscar information about the issue.

[OscarItem]

overrideSeverity

Indicates whether the severity was overridden.

Boolean

overrideSeverityReason

Reason for overriding the severity.

String

ownerEmails

List of email addresses of the issue owners.

[String]

owners

List of issue owner names.

[String]

policy

Information about the policy under which the issue was created, including name and ID.

IPolicy

prDeatils

Information about the pull request (PR) created for the issue, including links and metadata.

PullRequest

previousSeverity

The severity level for this issue in the previous scan.

PrevSeverity

recommendation

Suggestions for resolving the issue, often defined by policies.

String

resource

The resource related to the issue.

IssueResource

ruleId

The rule ID.

String

sbom

SbomLib

scaFixType

Information about the SCA (Software Composition Analysis) fix type.

ScaFixType

scaTriggerPkgs

If the security issue is in an indirect (transitive) package, this field indicates the parent package that introduced the vulnerable package. If the issue is in a direct dependency, this field will be the same as the direct package.

[TriggerPackage]

scaVulnerabilities

List of CVEs.

[SCAVulnerability]

scanDate

The date of the scan in which the issue was generated.

Float

scanId

The ID of the scan during which the issue was identified.

String

scanIssueStatus

IssueStatus

secondTitle

An issue description as it appears in the Summary tab in the app.

String

severity

The severity level of the issue, such as "low," "medium," or "critical."

String

severityChange

The severity change status.

String

severityChangeReason

List of severity factors used to calculate issue severity and to enrich it with additional information.

[String]

severityChangedReason

All severity factors within the issue.

[SeverityChangedReason]

slackNotification

Indicates whether the issue was sent to Slack, including the channel and timestamp.

[SlackNotification]

sourceTools

Tools that detected the issue, including OX tools and third-party tools.

[String]

tags

Tags assigned to the application associated with the issue.

[AppTag]

tickets

Indicates JIRA or other system tickets created for the issue.

[Ticket]

`aggregations` object variables

Field Name

Description

Values

columns

Aggregation columns containing metadata. .

IAggColumns

items

Details about the source of issues, including file name, path, line number, branch, and commit details. Relevant for users to identify issue origins. .

[AggItem]

summary

Summary information related to aggregation, such as:

comment: String
summary: String | IAggSummary | | type | Type of aggregation | String |

Aggregation columns

Field

Description

Value

columns

Aggregation columns, such as:

header: String representing the header text
href: Hyperlink reference (URL)
key: Unique key identifier
tooltip: Tooltip text for additional context
type: String representing the data type | [AggregationColumn] | | comment | A comment in string format | String |

Aggregation items

Field Name

Type

Description

_id

String

Unique identifier for the entity.

accessLevel

String

User's access level or permissions within the system.

accountId

String

Unique identifier for the account associated with the entity.

accountName

String

Name of the account associated with the entity.

additionalToolData

String

Extra metadata or data collected from external tools.

adminLocation

String

Location from which administrative actions were performed.

adminOperation

String

Type of administrative action taken.

adminOperationDate

String

Date when the administrative action occurred.

aggId

String

Aggregation identifier used for grouping related data.

baseImage

String

Name or identifier of the base image used in a container.

binariesCount

Int

Number of binary files associated with this entity.

branch

String

Git branch where the action or event occurred.

cloudEnv

String

Cloud environment where the resource is hosted (e.g., AWS, GCP).

cluster

String

Cluster name or identifier in a cloud or Kubernetes environment.

commitBy

String

User who made the commit in version control.

commitLink

String

URL linking to the commit details.

consoleLink

String

URL to access the management console of the system.

createdAt

String

Date and time when the entity was created.

cvss

Float

CVSS (Common Vulnerability Scoring System) score of a vulnerability.

date

String

General date field indicating an event timestamp.

daysOpen

String

Number of days since the issue or event was reported.

dependencyChain

[Dependency]

List of dependencies related to the entity.

dependencyType

String

Type of dependency (e.g., direct, transitive).

destinationCreationDate

String

Date when the destination repository or resource was created.

destinationLastModifyDate

String

Date when the destination resource was last modified.

destinationRepoLink

String

URL linking to the destination repository.

destinationRepoName

String

Name of the destination repository.

destinationRepoVisibility

String

Visibility status of the destination repository (public/private).

devOperation

String

Type of development operation performed.

devOperationDate

String

Date when the development operation occurred.

dockerVer

String

Version of Docker used.

downloads

String

Number of downloads for a package or artifact.

earliestActivityDate

String

Date of the earliest recorded activity related to the entity.

eduVideoLink

String

URL linking to an educational or training video.

email

String

Email address associated with the user or account.

endLine

Int

Ending line number for the match in a file (for code analysis).

events

String

Collection of events related to the entity.

evidence

String

Supporting data or proof related to an issue.

excludedByAlert

Boolean

Indicates whether the issue was excluded based on an alert.

fileCount

Int

Number of files related to the entity.

fileName

String

Name of the file.

filePath

String

Full path of the file.

fileUri

String

URI linking to the file location.

fixedVersion

String

Version where the issue or vulnerability was fixed.

forks

String

Number of forks for a repository.

image

String

Name or identifier of the image.

imageCreatedAt

String

Date when the image was created.

imageLink

String

URL linking to the image.

installedVersion

String

Version of a package currently installed.

isFixAvailable

Boolean

Indicates if a fix is available for an issue.

k8sType

String

Type of Kubernetes resource.

language

String

Programming language used.

lastAccess

String

Date of the last access event.

lastAdminOperation

String

Most recent administrative action taken.

lastCodeDate

String

Date of the last code change.

layer

String

Container or image layer details.

link

String

Generic URL link associated with the entity.

location

String

Physical or logical location of the entity.

match

String

Matching criteria or results for the entity.

mergedBy

String

User who merged a pull request.

name

String

Name of the entity.

orgRole

String

Role assigned to the user within an organization.

os

String

Operating system associated with the entity.

pkgCount

Int

Number of packages associated with the entity.

pkgName

String

Name of the package.

project

String

Name of the project associated with the entity.

pushType

String

Type of push operation performed, can be push/pull

pushedAt

String

Date and time of the last push event.

region

String

Cloud region where the resource is deployed.

repo

String

Repository name.

repoCreator

String

User or system that created the repository.

repoPermissions

String

Permissions associated with the repository.

reputation

String

Reputation score or trust level of the entity.

reviewers

String

Users who reviewed a pull request.

ruleId

String

Unique identifier for a security rule.

secret

String

Represents a stored secret or credential.

service

String

Name of the service related to the entity.

sha

String

SHA hash of the commit or file.

size

String

Size of the file or artifact.

snippet

String

Code snippet related to an issue.

source

String

Source system or origin of the data.

stars

String

Number of stars for a repository.

type

String

Type classification of the entity.

url

String

URL linking to the entity.

user

String

Username associated with the entity.

vulBySeverity

String

Vulnerability categorized count by severity level.

`app` object variables

Field

Type

Description

applicationFlows

ApplicationFlow

businessPriority

Float

Indicates the business priority of an application. Relevant for sorting or prioritizing applications.

fakeApp

Boolean

Boolean field indicating if the application is marked as fake. Default value is false.

id

String

A unique application ID, typically derived from source control (e.g., GitLab or GitHub). Relevant to users.

name

String

The full application name, as retrieved from source control. A combination of the repo name and the branch name.

organization

String

The organization associated with the application, such as a GitLab group or OX.

originBranchName

String

The primary branch from which the application was scanned.

owners

[OwnerInfo]

Lists the application owners, such as developers, security, watchers, or business owners. Default is empty.

repoId

String

Repository ID of the application. Requires clarification if this or ID is the derived value.

repoName

String

Displays just the repository name without path or branch.

riskScore

Float

secPosture

Float

type

String

Indicates the type of source control, such as GitLab, GitHub, or Bitbucket. Relevant for identifying the source of scanned applications.

typeComments

String

`autofix` object variables

Indicates if an automatic fix was suggested or created for the issue, including creating a pull request from the application.

Field

Type

Description

activeFix

ActiveFix

Represents the active fix applied to the issue as follows: - fixId: The unique identifier for the fix. - fixUrl: The URL of the pull request created for the fix.

fixAppliedBy

String

Username of the user who applied the fix.

fixDate

Date

The date when the fix was applied.

fixDescription

String

Description of the fix, typically matching the PR description.

fixInput

[Input]

Fix description or details of the input for the fix.

fixPR

FixPR

The URL of the pull request created for the fix.

fixTitle

String

The title of the pull request for the fix.

fixType

String

Specifies the type of fix applied (e.g., pull request or getPosture).

isFixApplied

Boolean

Indicates whether the fix has been applied.

sourceControlType

String

Indicates the source control system used (e.g., GitLab, GitHub, Bitbucket).

`exclusions` object variables

Field

Type

Description

label

String

The exclusion label.

recommended

Boolean

When using bulk actions, the default exclusion is activated.

oxRuleId

String

The exclusion ID required for defining exclusions.

`category` object variables

Field

Type

Description

categoryId

Int

Unique identifier for the category.

name

String

Name of the category.

subCategoryComment

String

Additional comments or notes related to the subcategory.

subCategoryName

String

Name of the subcategory under the main category.

`compliance` object variables

Field

Type

Description

standard

String

The compliance framework or standard this control belongs to (e.g., ISO 27001, SOC 2, NIST 800-53).

standardLink

String

A URL linking to the official documentation or reference for the compliance standard.

control

String

The specific compliance control identifier within the standard (e.g., "AC-2" for NIST 800-53).

category

String

The category or domain under which the control falls (e.g., "Access Control", "Data Protection").

description

String

A brief explanation of the compliance control and its intent.

categoryLink

String

A URL linking to documentation about the category or domain of the compliance standard.

controlLink

String

A URL linking to detailed documentation about this specific compliance control.

`latestCommit` Object Variables

Field

Type

Description

date

String

The date of the latest commit.

commitLink

String

The link to the commit page.

match

String

The actual string that was found in code.

snippet

String

The snippet containing the match.

snippetLineNumber

Int

The start line number of the snippet.

`sbom` object variables

Field

Type

Description

id

String

Unique identifier for the library or package.

references

[SbomReference]

List of references to the library in the Software Bill of Materials (SBOM).

appType

String

Type of application repository/artifact.

language

String

Programming language in which the library is written.

libId

String

Unique identifier for the library in the SBOM.

libraryName

String

Name of the library.

libraryVersion

String

Version of the library being used.

license

String

License type under which the library is distributed.

appName

String

Name of the application using the library.

location

String

File path or package registry location of the library.

dependencyType

String

Type of dependency (e.g., direct, transitive).

source

String

Source from where the library was obtained (e.g., GitHub, NPM, Maven).

appId

String

Unique identifier for the application using the library.

locationLink

String

URL linking to the file or package registry location.

appLink

String

URL linking to the application details.

pkgName

String

Name of the package containing the library.

copyWriteInfo

[String]

copyWriteInfoLink

String

URL linking to copyright details.

libLink

String

URL linking to the library's official repository or documentation.

vulnerabilityCounts

IssuesBySeverity

Number of vulnerabilities categorized by severity level.

triggerPackage

String

Package that introduced the vulnerability.

vulnerabilities

[SCAVulnerability]

List of vulnerabilities associated with the library.

latestVersion

String

Most recent version of the library.

latestVersionDate

String

Release date of the latest version.

stars

Int

Number of stars the library has on its repository (e.g., GitHub).

forks

Int

Number of forks of the library repository.

openIssues

Int

Number of open issues in the library repository.

packageManager

String

Name of the package manager (e.g., NPM, PyPI, Maven).

packageManagerLink

String

URL linking to the package manager's page for the library.

maintainers

String

List of maintainers responsible for the library.

contributors

String

List of contributors who have worked on the library.

downloads

Int

Number of downloads of the library.

sourceLink

String

URL linking to the source repository of the library.

notPopular

Boolean

Indicates if the library is not widely used.

licenseIssue

Boolean

Indicates if there are license-related concerns.

notMaintained

Boolean

Indicates if the library is no longer actively maintained.

isDeprecated

Boolean

Indicates if the library has been deprecated.

notImported

Boolean

Indicates if the library is declared but not imported in the application.

notUsed

Boolean

Indicates if the library is included but not actually used in the codebase.

notUpdated

Boolean

Indicates if the library has not received recent updates.

dependencyLevel

String

Indicates how deep the library is within the dependency chain.

requestId

String

Unique identifier for tracking the request that retrieved this library data.

licenseLink

String

URL linking to the official license documentation.

artifactInSbomLibs

[ArtifactInSbomLibs]

List of artifacts in the SBOM that include this library.

sha

String

SHA hash of the library package for integrity verification.

maintainersList

[Maintainer]

List of maintainers responsible for the library.

`maintainersList` object variables

Field

Type

Description

name

String

The full name of the user or entity.

email

String

The email address associated with the user or entity.

`references` object variables

Field

Type

Description

triggerPackage

String

Name of the package that introduced the dependency or vulnerability.

location

String

File path or package registry location of the dependency.

locationLink

String

URL linking to the file or package registry location.

dependencyType

String

Type of dependency (e.g., direct, transitive).

dependencyLevel

String

Depth of the dependency in the dependency chain (e.g., top-level, deep).

commit

Commit

Details of the commit associated with this dependency.

fileName

String

Name of the file where the dependency is defined or referenced.

Commit object variables

Field

Type

Description

commitedAt

String

Timestamp indicating when the commit was made.

committerName

String

Name of the user who committed the changes.

committerEmail

String

Email address of the user who committed the changes.

`vulnerabilityCounts` object variables

Field

Type

Description

appox

Int

Number of vulnerabilities categorized as Appoxalypse severity.

critical

Int

Number of vulnerabilities categorized as Critical severity.

high

Int

Number of vulnerabilities categorized as High severity.

medium

Int

Number of vulnerabilities categorized as Medium severity.

low

Int

Number of vulnerabilities categorized as Low severity.

info

Int

Number of issues categorized as Informational (non-severe).

`vulnerabilities` object variables

Field

Type

Description

issueId

String

Unique identifier for the security issue.

oxSeverity

String

Severity level of the issue as assessed by OX security analysis.

severityFromTool

String

Severity category (e.g., Critical, High, Medium, Low) assigned by the scanning tool.

cve

String

Common Vulnerabilities and Exposures (CVE) identifier for the issue.

cveLink

String

URL linking to the official CVE database entry for the vulnerability.

cvsVer

String

CVSS (Common Vulnerability Scoring System) version used for scoring.

cvssVersion

String

Specific version of CVSS used for assessing severity (e.g., CVSS 3.1).

epss

String

Exploit Prediction Scoring System (EPSS) score estimating the likelihood of exploitation.

percentile

String

EPSS percentile ranking compared to other vulnerabilities.

libName

String

Name of the affected library or software package.

dependencyChain

String

Path of dependencies leading to the vulnerable component.

libVersion

String

Version of the affected library or software package.

chainDepth

Int

Depth level of the affected library in the dependency chain.

exploitInTheWild

Boolean

Indicates whether the vulnerability is actively exploited in the wild.

exploitInTheWildLink

String

URL linking to reports or evidence of real-world exploitation.

description

String

Detailed description of the vulnerability and its potential impact.

dateDiscovered

String

Date when the vulnerability was first discovered or disclosed.

minorVerWithFix

String

The earliest minor version of the affected library that contains a fix.

majorVerWithFix

String

The earliest major version of the affected library that contains a fix.

exploitRequirement

String

Conditions or requirements necessary to exploit the vulnerability.

exploitCode

String

Indicator of whether public exploit code is available for this vulnerability.

originalSeverity

String

Severity of the issue as originally reported before any adjustments.

`artifactInSbomLibs` object variables

Field

Type

Description

image

String

Name or identifier of the container image.

imageLink

String

URL linking to the container image in the registry.

imageCreatedAt

String

Timestamp indicating when the image was created.

sha

String

SHA hash of the container image for integrity verification.

os

String

Operating system used in the container image.

osVersion

String

Version of the operating system in the container image.

baseImage

String

Name of the base image used to build the container.

baseImageVersion

String

Version of the base image.

tag

String

Tag assigned to the image (e.g., latest, v1.0).

layer

String

Specific layer in the container image structure.

registryName

String

Name of the container image registry (e.g., Docker Hub, AWS ECR).

`extraInfo` object variables

Field

Type

Description

key

String

A unique identifier or name for a data entry.

value

String

Alternative representation of the associated data value.

`resource` object variables

Field

Type

Description

id

String

A unique identifier for the entity.

type

String

A category or classification of the entity.

`cweList` object variables

Field

Type

Description

name

String

Name of cwe the entity, resource, or item.

description

String

Brief explanation or details about the cwe entity.

url

String

URL linking to additional information or an external cwe resource.

`severityChangedReason` object variables

Field

Type

Description

changeNumber

Int

Unique identifier for the change record.

evidenceLabel

String

Label or tag assigned to the change evidence.

reason

String

Explanation or justification for the change.

shortName

String

Abbreviated or concise name for the change.

changeCategory

String

Classification of the change (e.g., bug fix, feature update).

extraInfo

[ExtraInfo]

Additional details or metadata related to the change.

extraInfoContainer

String

Container holding supplementary information about the change.

`oscarData` object variables

Field

Type

Description

name

String

Name of the oscar entity, resource, or item.

description

String

Brief explanation or details about the oscar entity.

url

String

URL linking to additional information or an external oscar resource.

id

String

Unique identifier for the oscar entity.

`gptInfo` object variables

Field

Type

Description

gptRespose

String

Response generated by chatGPT for this issue.

user

String

The info of the user who triggered to generate chatGPT response.

createdAt

Date

The timestamp that indicates when the chatGPT response was requested.

getIssue Examples

Request Body

  "getSingleIssueInput": {
    "issueId": "*GitHub-Settings (OX-Security-Demo)-oxPolicy_depConfusion-GitHub_OX-Security-Demo_org-private-scope-yarnrc-yml"
  }
}

Response Example

{
  "data": {
    "getSingleIssueInfo": {
      "importantSeverityBreakdown": [],
      "isCVERelated": false,
      "overrideSeverityReason": null,
      "highestOXCVESeverity": "",
      "latestCommit": null,
      "issueDetailsHeaders": null,
      "compliance": [],
      "sbom": null,
      "dependencyGraph": null,
      "id": "676810d6637e81393bcf17fa",
      "groupId": "",
      "name": "Dependency Confusion: Organization scope in code",
      "mainTitle": "The internal organization scope @org-private-scope-yarnrc-yml is open to dependency confusion attacks on the NPM public registry",
      "secondTitle": "Dependency confusion attacks can have serious impacts, such as data breaches, service disruptions, and resource hijacking.<br>\n<br>\nThe availability of organizational scope @org-private-scope-yarnrc-yml for public registration on NPM can enable such attacks. Attackers could register this scope and publish malicious software packages with the same names as your internal ones. This could result in your systems downloading harmful packages instead of your safe, internal ones. <br>\n        <br>\n        <br>\n&bull; @org-private-scope-yarnrc-yml is used as an internal organization scope on the Microsoft Azure registry private registry, at: https://pkgs.dev.azure.com/. <br>\n&bull; @org-private-scope-yarnrc-yml is used in 1 repo",
      "scanId": "9e7cf98f-95e5-409a-aa15-6bb0e8e0d4fb",
      "created": 1734872310420,
      "sla": null,
      "daysPastSLA": null,
      "issueUpdatedAt": 1721552250918,
      "scanDate": 1734872310420,
      "description": "The internal organization scope @org-private-scope-yarnrc-yml is open to dependency confusion attacks on the NPM public registry",
      "impact": "",
      "severity": "Critical",
      "owners": [
        "Leonardo da Vinci"
      ],
      "ownerEmails": null,
      "occurrences": 1,
      "score": null,
      "connector": "GitHub",
      "learnMore": [
        ""
      ],
      "extraInfo": [
        {
          "key": "Policy Name",
          "val": null,
          "value": "Dependency Confusion: Organization scope in code"
        }
      ],
      "resource": {
        "id": "OX SBOM Scan",
        "type": "depConfusionScopes"
      },
      "app": {
        "id": "*GitHub-Settings (OX-Security-Demo)",
        "name": "*GitHub-Settings (OX-Security-Demo)",
        "businessPriority": 98.3108108108108,
        "riskScore": null,
        "secPosture": 0,
        "type": "GitHub",
        "typeComments": null,
        "applicationFlows": {
          "artifacts": [],
          "cloudDeployments": [],
          "cicdInfo": [],
          "orchestrators": [],
          "kubernetes": [],
          "repository": [
            {
              "type": "repository",
              "system": "GitHub",
              "date": null
            }
          ]
        },
        "fakeApp": true,
        "originBranchName": "",
        "repoId": null,
        "organization": "",
        "repoName": null,
        "owners": []
      },
      "policy": {
        "id": "oxPolicy_depConfusion",
        "name": "Dependency Confusion: Organization scope in code",
        "detailedDescription": "Dependency confusion arises when software applications mistakenly use a rogue version of a dependency due to naming collisions between internal and public software dependencies. This can lead to unauthorized code execution, data breaches, and service disruption. With the growing reliance on open-source components in software development, the threat and potential consequences of these attacks are amplified."
      },
      "issueId": "*GitHub-Settings (OX-Security-Demo)-oxPolicy_depConfusion-GitHub_OX-Security-Demo_org-private-scope-yarnrc-yml",
      "category": {
        "name": "SBOM",
        "categoryId": 7,
        "subCategoryName": null,
        "subCategoryComment": null
      },
      "aggregations": {
        "type": "policyUntouchedReposShouldBeArchived",
        "summary": {
          "summary": null,
          "comment": null
        },
        "columns": null,
        "items": [
          {
            "callBranch": null,
            "linkToExternalProduct": null,
            "stars": null,
            "forks": null,
            "downloads": null,
            "vulBySeverity": null,
            "nameAndVer": null,
            "sourceRepoName": null,
            "sourceRepoLink": null,
            "sourceCreationDate": null,
            "sourceLastModifyDate": null,
            "destinationRepoName": null,
            "destinationRepoLink": null,
            "destinationCreationDate": null,
            "destinationLastModifyDate": null,
            "destinationRepoVisibility": null,
            "reasons": null,
            "_id": "676810d6637e81393bcf17fb",
            "url": null,
            "additionalToolData": null,
            "events": null,
            "allEvents": null,
            "pushType": null,
            "sha": null,
            "title": null,
            "link": null,
            "mergedBy": null,
            "date": null,
            "fileCount": null,
            "diffInDays": null,
            "reviewers": null,
            "user": null,
            "userLink": null,
            "userAvatar": null,
            "devOperation": null,
            "devOperationDate": null,
            "adminOperation": null,
            "adminOperationDate": null,
            "reviewOperation": null,
            "reviewOperationDate": null,
            "orgRole": null,
            "earliestActivityDate": null,
            "repoPermissions": null,
            "adminLocation": null,
            "email": null,
            "pullRequestsCount": null,
            "diffFromNowToCreatedAtInDays": null,
            "username": null,
            "accessLevel": null,
            "createdAt": "2022-02-20T13:11:02.069Z",
            "lastAccess": null,
            "fileName": null,
            "fileUri": null,
            "startLine": null,
            "endLine": null,
            "match": null,
            "snippet": null,
            "commitLink": null,
            "commitBy": null,
            "region": null,
            "eduVideoLink": null,
            "resource": null,
            "service": null,
            "accountName": null,
            "cloudEnv": null,
            "secret": null,
            "image": null,
            "imageCreatedAt": null,
            "pkgCount": null,
            "dockerVer": null,
            "os": null,
            "binariesCount": null,
            "tag": null,
            "reputation": null,
            "sha256": null,
            "size": null,
            "pushedAt": null,
            "source": null,
            "ruleId": null,
            "realMatch": null,
            "excludedByAlert": false,
            "filePath": null,
            "lockfile": null,
            "accountId": null,
            "snippetLineNumber": null,
            "language": null,
            "daysOpen": null,
            "isFixAvailable": null,
            "aggId": "OX-Security-Demo/Bank-Website-Backend",
            "pkgName": null,
            "installedVersion": null,
            "fixedVersion": null,
            "triggerPkgName": null,
            "triggerPkgVersion": null,
            "triggerPkgUpgradeVersion": null,
            "dependencyType": null,
            "branch": null,
            "hashAggId": "0e7054db249feaa719fc719362de7966",
            "repo": "OX-Security-Demo/Bank-Website-Backend",
            "repoCreator": "itaiox",
            "lastCodeDate": "2024-12-20T09:32:05Z",
            "lastAdminOperation": null,
            "exclusionId": null,
            "numberOfReposDomainAppear": null,
            "layer": null,
            "baseImage": null,
            "imageLink": null,
            "registryName": null,
            "project": null,
            "resourceGroup": null,
            "location": null,
            "parameter": null,
            "test": null,
            "cvss": null,
            "evidence": null,
            "cluster": null,
            "type": null,
            "cloudType": null,
            "k8sType": null,
            "consoleLink": null,
            "name": null,
            "subscriptionId": null,
            "stringifiedClusters": ""
          }
        ]
      },
      "exclusions": [
        {
          "label": "Exclude this issue only",
          "recommended": true,
          "tooltip": "This will remove only the selected issue and will not affect other issues.",
          "type": null,
          "id": "1",
          "oxRuleId": "issue",
          "level": "aggItem",
          "excludeBy": [
            "repo"
          ],
          "uidOnly": true,
          "isDefault": true,
          "ffKey": null,
          "exclusionScope": "aggItem"
        }
      ],
      "recommendation": "In order to prevent malicious use of the scope name \"org-private-scope-yarnrc-yml\", please register the organization scope on NPM by following the instructions below: <br>\n      1. If you don't have an account, create one in this [link](https://www.npmjs.com/) <br>\n      2. Enter the [link](https://www.npmjs.com/org/create)<br>\n      3. Click on your avatar and click on \"Add an Organization\" <br>\n      4. In the Name field, type \"org-private-scope-yarnrc-yml\"  as the organization name, this will also be your organization scope <br>\n      5. Choose \"Unlimited private packages\" paid plan or the \"Unlimited public packages\" free plan and click Buy or Create <br>\n      6. Click \"Skip for now\" or invite users to your organization",
      "violationInfoTitle": "",
      "sourceTools": [
        "OX SBOM Scan"
      ],
      "ruleId": "",
      "exclusionCategory": "repo",
      "fixes": null,
      "fixAppliedDeatils": null,
      "cwe": [],
      "fixLink": "https://www.npmjs.com/org/create",
      "cweList": [
        {
          "name": "CWE-427: Uncontrolled Search Path Element",
          "description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
          "url": "https://cwe.mitre.org/data/definitions/427.html"
        }
      ],
      "dependencyChain": null,
      "createdAt": 1721552250918,
      "tickets": [],
      "slackNotification": [],
      "messages": [],
      "fixIssue": null,
      "autoFix": null,
      "severityChange": "Unchanged",
      "originalToolSeverity": "Critical",
      "scaVulnerabilities": [],
      "dependencyGraphNodes": null,
      "dependencyGraphEdges": null,
      "scaTriggerPkg": null,
      "scaTriggerPkgs": [],
      "pkgSemanticVersion": "",
      "graphExist": null,
      "indirectSupported": false,
      "severityChangeReason": [],
      "severityChangedReason": [
        {
          "changeNumber": 0.01,
          "withoutAutoNumbering": null,
          "evidenceLabel": null,
          "reason": "An organization's artifact name is unclaimed or not reserved in a public repository. If not safeguarded, there's a potential for malicious actors to register the artifact name and upload tainted versions.",
          "shortName": "Public Registry Name Squatting",
          "changeCategory": "Exploitable",
          "extraInfo": [],
          "extraInfoContainer": null
        },
        {
          "changeNumber": 0.01,
          "withoutAutoNumbering": null,
          "evidenceLabel": null,
          "reason": "Vulnerabilities exist that can cause Remote Code Execution (RCE).",
          "shortName": "Remote Code Execution",
          "changeCategory": "Damage",
          "extraInfo": [],
          "extraInfoContainer": null
        },
        {
          "changeNumber": -0.1,
          "withoutAutoNumbering": null,
          "evidenceLabel": null,
          "reason": "The issue is associated with a private repository that does not expose internal organization scopes for libraries. This reduces the risk of unauthorized access and potential exploitation of proprietary information and systems.",
          "shortName": "Internal Scope Hidden",
          "changeCategory": "Reachable",
          "extraInfo": [
            {
              "key": "Visibility",
              "value": "Private Repository",
              "link": null,
              "snippet": null,
              "iconLink": null,
              "callBranch": []
            },
            {
              "key": "Link",
              "value": "https://github.com/OX-Security-Demo/Bank-Website-Backend",
              "link": "https://github.com/OX-Security-Demo/Bank-Website-Backend",
              "snippet": null,
              "iconLink": null,
              "callBranch": []
            }
          ],
          "extraInfoContainer": null
        }
      ],
      "isPRAvailable": false,
      "cicdFields": null,
      "comment": null,
      "excludedByAlert": null,
      "excludedByPolicy": null,
      "excludedByApp": null,
      "countRule": "aggItems",
      "exclusionId": null,
      "languageInfo": null,
      "isMonoRepoChild": false,
      "monoRepoParent": "",
      "isFixAvailable": false,
      "isFixApplied": null,
      "isGPTFixAvailable": true,
      "oscarData": [
        {
          "name": "T0120: Dependency confusion",
          "description": "Dependency confusion is a type of supply chain attack that occurs when an attacker exploits the way some package managers, such as npm and PyPI, resolve dependencies when installing software libraries.\nIn a typical software development project, developers rely on a variety of external libraries, often referred to as dependencies, to build their applications. \nThese libraries are typically stored in a remote repository, and developers use a package manager to install and manage them. \nAn attacker will utilize prior knowledge of usage of dependencies (*Discover used open-source dependencies*) to upload a malicious package with the same name to a public repository. \nThis might \"confuse\" package managers to use to public resource instead of the local one - thus executing or infecting the CI/CD. \nThis can happen on the developer's machine or the build system and has the potential to further steps of an attack - for example, if the malicious code exfiltrate an access token to production environment\n",
          "url": "https://pbom.dev/techniques/&t_id=T0120",
          "id": "T0120"
        }
      ],
      "gptInfo": null,
      "prDeatils": null,
      "tags": [
        {
          "tagId": "ox_tag_162",
          "name": "Source Control Manager Settings",
          "email": null,
          "displayName": "Source Control Manager Settings",
          "tagType": "ox",
          "createdBy": "[email protected]",
          "purpose": null,
          "deploymentModel": null
        }
      ],
      "originalSeverity": null,
      "overrideSeverity": false,
      "isFalsePositive": false,
      "falsePositiveComment": null,
      "isCanceledFalsePositive": null,
      "cancelFalsePositiveComment": null,
      "issueStatus": null,
      "scanIssueStatus": null,
      "correlatedIssueId": null,
      "correlatedRegistry": null,
      "scaFixType": "UNAVAILABLE",
      "previousSeverity": {
        "severity": "",
        "severityChangedDate": null
      },
      "version": null,
      "severityFactorsDiff": [],
      "exposedByApiItems": [],
      "originBranchName": "",
      "exclusionComment": null,
      "exclusionExpiredAt": null,
      "problematicPkg": null
    }
  }
}

Type

Parameters

Input Object Variables

Response object variables

aggregations object variables

Aggregation columns

app object variables

autofix object variables

exclusions object variables

category object variables

compliance object variables

latestCommit Object Variables

sbom object variables

maintainersList object variables

references object variables

vulnerabilityCounts object variables

vulnerabilities object variables

artifactInSbomLibs object variables

extraInfo object variables

resource object variables

cweList object variables

severityChangedReason object variables

oscarData object variables

gptInfo object variables

getIssue Examples

Request Body

Response Example

`aggregations` object variables

`app` object variables

`autofix` object variables

`exclusions` object variables

`category` object variables

`compliance` object variables

`latestCommit` Object Variables

`sbom` object variables

`maintainersList` object variables

`references` object variables

`vulnerabilityCounts` object variables

`vulnerabilities` object variables

`artifactInSbomLibs` object variables

`extraInfo` object variables

`resource` object variables

`cweList` object variables

`severityChangedReason` object variables

`oscarData` object variables

`gptInfo` object variables