Active Issues
The Active Issues page is your central workspace for monitoring and managing security, compliance, and configuration risks detected across your connected applications and infrastructure. From here, you can prioritize critical findings, assign ownership, and track progress over time.
The main parts of the Active Issues page are the issues table and the filters. You can open each issue to view the details and perform actions.
Issues Table
The Issues table is the main working area of the Active Issues page. It presents all detected security, compliance, and configuration issues across your connected applications and infrastructure.
Most column headers support sorting. You can select a column header, such as Severity, SLA, or First Seen, to reorder the table and surface the most critical or oldest issues at the top of the list.
The following table explains the purpose and behavior of each column in the issues table.
Selection
Use the checkbox at the beginning of each row to select one or more issues. Selection enables bulk actions from the page toolbar, such as assigning owners or applying workflow actions.
#
Displays the row number in the current table view. The numbering reflects the current sort and filter state rather than a permanent issue identifier.
Severity
Indicates the risk level assigned to the issue, such as Critical. Severity helps you prioritize remediation based on potential impact and exposure.
Category
Shows the security domain or scan type that detected the issue, such as Open Source Security, Container Security, SBOM, or Infrastructure as Code Scan. This column helps you quickly understand the technical context of the finding.
Name
Provides a short, descriptive title for the issue. The name usually includes the affected component and a brief explanation of the risk, such as a vulnerable dependency, an exposed resource, or a misconfiguration. Select the issue name to open the issue details page, where you can review technical evidence, remediation guidance, and activity history.
SLA
Displays the service level agreement status for the issue. This value shows how much time has passed relative to the defined remediation target. Positive values, such as +8mo or +2y, indicate how long the issue has exceeded its SLA.
Application
Identifies the application, repository, or environment where the issue was detected. This value reflects the connection source, such as a GitHub repository, container image, or cloud resource. Select the application name to navigate to the related asset or integration context.
Issue Owner
Shows the user currently assigned to the issue. Ownership indicates who is responsible for reviewing and coordinating remediation. If no owner is assigned, this column may be empty or display a placeholder, depending on your organization settings.
First Seen
Indicates when OX first detected this issue. This value helps you understand how long the risk has existed in your environment.
Count
Displays how many times this issue appears across assets or scans. A higher count can indicate a systemic problem, such as a vulnerable dependency used in multiple projects.
Actions
Provides a menu for issue-level actions. Use this column to perform tasks such as assigning an owner, updating status, or triggering workflow steps, depending on your organization configuration.
Typical workflow
Sort by Severity or SLA to identify the most urgent issues.
Select an issue name to review technical details and remediation guidance.
Assign an Issue Owner if one is not already set.
Track progress over time using the First Seen and SLA columns to verify that issues are being addressed within your organization’s targets.
Filtering issues
The Active Issues page provides a filter sidebar for narrowing the issue list to the work that matters to you. Filters are split into a primary set (always visible) and an Additional filters (45) section that expands to reveal more granular options.
Primary filters
Application
Issues belonging to a specific application or repository.
Severity
Issues by severity (Appox, Critical, High, Medium, Low, Info).
Severity Factor
Issues by the contextual severity factor that influenced their final score (for example, Active Secret in Exposed Cloud Asset).
Category
Issues by category, such as secrets, misconfiguration, or vulnerabilities.
Issue Name
Issues by their canonical issue name.
Policy
Issues triggered by a specific OX policy.
Actions
Issues by the action taken on them (for example, remediated, ignored, snoozed).
App Tag
Issues on applications that carry a given tag.
SLA
Issues by SLA status (within SLA, breached, soon to breach).
Code-to-Cloud Exposure
Issues that have a code-to-cloud exposure path.
Exposure by API
Issues exposed via an API.
Additional filters
Click Additional filters (45) to expand the full filter list. The filters below cover status history, ownership, integrations, infrastructure, compliance, and artifact details.
Severity Change Log
Issues whose severity has changed, based on the change log.
Issue Status Over Time
Issues by status at a given point in time.
Issue Status vs Last Scan
Issues by how their status compares to the previous scan.
Severity Before Prioritization
Issues by their original (pre-prioritization) severity.
Severity Reprioritized
Issues whose severity was changed by OX prioritization.
Application Source
Issues by the source of the application (for example, Git provider or registry).
Issue Owner
Issues by assigned owner.
Source Tool
Issues by the OX source or scanner that produced them.
OSC&R Tactic
Issues by OSC&R attack tactic (for example, Initial Access).
OSC&R Technique
Issues by OSC&R technique (for example, T0112: Compromised token).
Compliance Standard
Issues by compliance framework (for example, SOC2, PCI_DSS, ISO27001).
Compliance Control
Issues by specific compliance control.
CVE
Issues associated with a specific CVE.
DAST URL
Issues found at a specific DAST-scanned URL.
CVSS Base Score
Issues by CVSS base score (or score range).
CWE
Issues by CWE classification.
Languages
Issues by the programming language of the affected code.
Vulnerable Library
Issues tied to a specific vulnerable library.
Files With Issues
Issues by the file they live in.
Analyzed Branch
Issues found on a specific scanned branch.
Business Priority
Issues by the business priority of the affected app.
Registry Name
Issues found in a specific container or artifact registry.
Registry Type
Issues by registry type (for example, ECR, GCR, Docker Hub).
Artifact Image
Issues by the specific artifact image.
Registry Region
Issues by registry region.
Registry Account Id
Issues by the registry's account ID.
Kubernetes Cluster
Issues affecting a specific Kubernetes cluster.
Kubernetes Namespace
Issues in a specific Kubernetes namespace.
Cloud Region
Issues by cloud region.
Cloud Account
Issues by cloud account.
Cloud Service
Issues by cloud service (for example, S3, EC2, Lambda).
Cloud Resource
Issues by specific cloud resource.
Artifact OS Image
Issues by the artifact's underlying OS image.
Artifact Base Image
Issues by the artifact's base image.
Artifact SHA
Issues by artifact SHA digest.
Artifact Path
Issues by path within the artifact.
First Seen
Issues by when they were first detected.
Connection Name
Issues by the OX connection (integration) that detected them.
Ticket Status
Issues by external ticket status (for example, in Jira).
Commit Date
Issues by the commit date of the affected code.
Business Unit
Issues by business unit.
Rule ID
Issues by the specific rule ID that triggered them.
CSPM Enhanced Issues
CSPM issues that have been enriched with additional context.
Triage Status
Issues by triage status.
Issues Without …
Issues that are missing a specified attribute (for example, without an owner or without a ticket).
Use the Search filters box at the top of the sidebar to jump directly to any filter by name.
Last updated