Matching 3rd-Party Projects to OX Apps
Note: This capability is currently in Early Access (EA) and is not generally available. To request access, please contact OX technical support.
OX automatically maps repositories to corresponding third-party projects, helping you unify visibility across third party tools, such as Snyk.
This capability allows you the following:
Display application data and security issues from third-party tools in the correct project context.
Gain a unified view of your projects across tools.
Ensure accurate reporting by aligning repository and project data.
Maintain control over mappings through manual settings or matching files.
Manual matching methods:
Automatic matching that OX Security performs during scan in the following order:
Manual matching
When matching OX repository to an external project, you can manually replace an existing match if the automatic match is incorrect.
When matching an external project to a repository, you can create a match manually, if none exists.
To edit a project-to-repository match:
In the Applications page, select the application for which you want to do the match.
In the application details panel, go to the Matched Projects tab and select the edit icon in the relevant line.
In the Match Application to Project dialog, select the repo name that you want to assign to this project.
Select SAVE.
To match a project to a repository:
In the Applications page, select the application for which you want to do the match.
In the application details panel, go to the Matched Projects tab and click Match Projects to App.
In the Match Projects to App dialog, select the project name that you want to assign to this repo under the relevant connected security tool.
Select SAVE.
File-based matching
You can provide a mapping file that defines the relationships between repositories and security projects. This file is uploaded using a specific API endpoint.
If a matching file is provided through the API, OX uses the mappings defined in the file, as follows:
// [
{
"externalToolProject": "ServiceChannel.UI.OAuth2.Authorization.0.0.0",
"oxRepo": "ServiceChannel/ServiceClick/ServiceChannel.UI.OAuth2.Authorization"
},
{
"externalToolProject": "ServiceChannel.Services.WebApi.0.0.0",
"oxRepo": "ServiceChannel/ServiceClick/ServiceChannel.Services.WebApi"
},
{
"externalToolProject": "ServiceChannel.UI.Login.Web.0.0.0",
"oxRepo": "ServiceChannel/ServiceClick/ServiceChannel.UI.Login.Web"
}
]Where:
externalToolProject
The name of the project in the third party tool, for example, "Analytics_Genie-genieApp".
oxRepo
The name of the application in the OX Security platform, for example, "genie-app".
Matching file format example (CSV):
external_project_name,ox_project_name
Bank Infra,Bank Internal Project
SnykApp-Prod,Snyk App ProductionThe fileUpload query:
// query UploadFile($data: String!, $dataType: UploadDataType!, $connectorName: PolicyFileConnectorName!, $fileType: FileType) {
uploadFile(data: $data, dataType: $dataType, connectorName: $connectorName, fileType: $fileType) {
requestId
success
}
}The input that you add for fileUpload:
// {
"data": "",
"dataType": "",
"connectorName": "",
"fileType": ""
}For further explanations about connecting to OX API, read API Documentation.
Name-based Matching
During scan, OX Security matches repositories and projects based on name similarity, where project name ≈ repository name.
It requires no manual input or configuration, it is performed automatically and is always enabled.
AI-based matching
Notes: The only customer data that OX Security sends to AI service is the project name.
If other matching methods are not available, OX applies AI-based logic to match repositories with third-party projects. This method helps reduce manual effort, especially when working with large volumes of data or unclear naming conventions.
The process in done automatically during scan.
AI algorithms analyze the names of repositories and projects and automatically create matches based on advanced similarity patterns.
This capability is enabled by default, and you can disable it at any moment (Settings > AI > AI Matching Between OX Applications and Third-Party Projects).
When the AI-based matching is used, an indicator appears in the Applications page.
Last updated