> For the complete documentation index, see [llms.txt](https://docs.ox.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ox.security/automate-with-ox-workflows/creating-a-workflow/workflow-conditions.md).
# Workflow Conditions
Conditions define whether the workflow should proceed after a trigger. They act as filters that evaluate metadata related to the application, issue, or user.
Conditions allow you to narrow down automation to specific scenarios, such as triggering actions only for high-severity vulnerabilities in production environments or issues in critical applications.
You can refine workflow execution using conditions. Examples include:
* **Application**: Specify one or more applications.
* **Severity**: Limit to issues with Critical, High, Medium, or Low severity.
* **Business Priority**: Filter by the assigned business impact.
??????If no application is specified, the workflow applies to all applications by default.
| **Condition** | **Description (if known)** |
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| Application | Filter by specific application |
| Application Source | Filter by source repository or system |
| Application Owner | Filter by owner entity |
| Application Owner Name | Filter by specific owner name |
| Severity | Current severity of the issue |
| Original Severity | Initial severity before any modification |
| Severity Factor | Multiplier or weight applied to severity
to find a better definition for SF
|
| OSC\&R | Mapped to OSC\&R framework category |
| CVE | Filter by specific CVE identifier |
| CWE | Filter by specific CWE category |
| Language | Programming language of the affected component |
| Business Priority | Application business impact rating |
| App Tag | Filter by tags assigned to applications |
| Issue Name | Specific issue identifier or title |
| Vulnerable Library | Name of the library with the vulnerability |
| PR Type | Type of Pull Request (e.g., bug fix, feature) |
| Source Tool | Tool that identified the issue |
| Registry Name | Name of the container/image registry |
| Registry Type | Type of registry (e.g., Docker, GitHub) |
| Artifact Image | Container image name |
| Files With Issues | Number or list of files that include issues |
| CVSS | CVSS base score |
| EPSS Score | Exploit Prediction Scoring System score |
| EPSS Percentile | Percentile ranking of EPSS score |
| First seen | Date the issue was first detected |
| Commit Date | Date of related code commit |
| Compliance Standard | Mapped standard (e.g., ISO, NIST) |
| SLA | Service level agreement status |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.ox.security/automate-with-ox-workflows/creating-a-workflow/workflow-conditions.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.