| Column | Description |
|---|---|
| Selection | Use the checkbox at the beginning of each row to select one or more issues. Selection enables bulk actions from the page toolbar, such as assigning owners or applying workflow actions. |
| # | Displays the row number in the current table view. The numbering reflects the current sort and filter state rather than a permanent issue identifier. |
| Severity | Indicates the risk level assigned to the issue, such as Critical. Severity helps you prioritize remediation based on potential impact and exposure. |
| Category | Shows the security domain or scan type that detected the issue, such as Open Source Security, Container Security, SBOM, or Infrastructure as Code Scan. This column helps you quickly understand the technical context of the finding. |
| Name | Provides a short, descriptive title for the issue. The name usually includes the affected component and a brief explanation of the risk, such as a vulnerable dependency, an exposed resource, or a misconfiguration. Select the issue name to open the issue details page, where you can review technical evidence, remediation guidance, and activity history. |
| SLA | Displays the service level agreement status for the issue. This value shows how much time has passed relative to the defined remediation target. Positive values, such as +8mo or +2y, indicate how long the issue has exceeded its SLA. |
| Application | Identifies the application, repository, or environment where the issue was detected. This value reflects the connection source, such as a GitHub repository, container image, or cloud resource. Select the application name to navigate to the related asset or integration context. |
| Issue Owner | Shows the user currently assigned to the issue. Ownership indicates who is responsible for reviewing and coordinating remediation. If no owner is assigned, this column may be empty or display a placeholder, depending on your organization settings. |
| First Seen | Indicates when OX first detected this issue. This value helps you understand how long the risk has existed in your environment. |
| Count | Displays how many times this issue appears across assets or scans. A higher count can indicate a systemic problem, such as a vulnerable dependency used in multiple projects. |
| Actions | Provides a menu for issue-level actions. Use this column to perform tasks such as assigning an owner, updating status, or triggering workflow steps, depending on your organization configuration. |
| Filter | What it filters |
|---|---|
| Application | Issues belonging to a specific application or repository. |
| Severity | Issues by severity (Appox, Critical, High, Medium, Low, Info). |
| Severity Factor | Issues by the contextual severity factor that influenced their final score (for example, Active Secret in Exposed Cloud Asset). |
| Category | Issues by category, such as secrets, misconfiguration, or vulnerabilities. |
| Issue Name | Issues by their canonical issue name. |
| Policy | Issues triggered by a specific OX policy. |
| Actions | Issues by the action taken on them (for example, remediated, ignored, snoozed). |
| App Tag | Issues on applications that carry a given tag. |
| SLA | Issues by SLA status (within SLA, breached, soon to breach). |
| Code-to-Cloud Exposure | Issues that have a code-to-cloud exposure path. |
| Exposure by API | Issues exposed via an API. |
| Filter | What it filters |
|---|---|
| Severity Change Log | Issues whose severity has changed, based on the change log. |
| Issue Status Over Time | Issues by status at a given point in time. |
| Issue Status vs Last Scan | Issues by how their status compares to the previous scan. |
| Severity Before Prioritization | Issues by their original (pre-prioritization) severity. |
| Severity Reprioritized | Issues whose severity was changed by OX prioritization. |
| Application Source | Issues by the source of the application (for example, Git provider or registry). |
| Issue Owner | Issues by assigned owner. |
| Source Tool | Issues by the OX source or scanner that produced them. |
| OSC&R Tactic | Issues by OSC&R attack tactic (for example, Initial Access). |
| OSC&R Technique | Issues by OSC&R technique (for example, T0112: Compromised token). |
| Compliance Standard | Issues by compliance framework (for example, SOC2, PCI_DSS, ISO27001). |
| Compliance Control | Issues by specific compliance control. |
| CVE | Issues associated with a specific CVE. |
| DAST URL | Issues found at a specific DAST-scanned URL. |
| CVSS Base Score | Issues by CVSS base score (or score range). |
| CWE | Issues by CWE classification. |
| Languages | Issues by the programming language of the affected code. |
| Vulnerable Library | Issues tied to a specific vulnerable library. |
| Files With Issues | Issues by the file they live in. |
| Analyzed Branch | Issues found on a specific scanned branch. |
| Business Priority | Issues by the business priority of the affected app. |
| Registry Name | Issues found in a specific container or artifact registry. |
| Registry Type | Issues by registry type (for example, ECR, GCR, Docker Hub). |
| Artifact Image | Issues by the specific artifact image. |
| Registry Region | Issues by registry region. |
| Registry Account Id | Issues by the registry's account ID. |
| Kubernetes Cluster | Issues affecting a specific Kubernetes cluster. |
| Kubernetes Namespace | Issues in a specific Kubernetes namespace. |
| Cloud Region | Issues by cloud region. |
| Cloud Account | Issues by cloud account. |
| Cloud Service | Issues by cloud service (for example, S3, EC2, Lambda). |
| Cloud Resource | Issues by specific cloud resource. |
| Artifact OS Image | Issues by the artifact's underlying OS image. |
| Artifact Base Image | Issues by the artifact's base image. |
| Artifact SHA | Issues by artifact SHA digest. |
| Artifact Path | Issues by path within the artifact. |
| First Seen | Issues by when they were first detected. |
| Connection Name | Issues by the OX connection (integration) that detected them. |
| Ticket Status | Issues by external ticket status (for example, in Jira). |
| Commit Date | Issues by the commit date of the affected code. |
| Business Unit | Issues by business unit. |
| Rule ID | Issues by the specific rule ID that triggered them. |
| CSPM Enhanced Issues | CSPM issues that have been enriched with additional context. |
| Triage Status | Issues by triage status. |
| Issues Without … | Issues that are missing a specified attribute (for example, without an owner or without a ticket). |