# Issue Details: Extra Info
The Extra Info tab provides the surrounding metadata for the issue, including the affected application, compliance mappings, attack-framework classification, scan details, the policy that triggered the detection, and the severity trend over time.
Use this tab to put the issue in a business and compliance context, understand which framework controls it touches, and see how its severity has evolved.
### App Info
Identifies the application affected by the issue and its key attributes.
| Field | What it shows | How to use |
| ----------------------- | ----------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| Business Priority & App | The business priority score and the name of the affected application or repository. | Use this to gauge organizational importance — high-priority apps should be remediated first. |
| Creation Date | When the application or resource was first created. | Use this to understand the asset's age and likelihood of legacy configuration. |
| Last Code Change | When the resource was most recently modified. | Use this to see whether the resource is actively maintained — recent changes may be relevant to the finding. |
| Public Visibility | Whether the application is Public or Private. | Use this to understand exposure — public visibility increases the risk of the finding being abused externally. |
| Scanned Branch | The branch that was scanned to produce the finding. | Use this to confirm you are remediating in the right branch. |
### Compliance
Maps the issue to the controls it violates across recognized compliance standards.
| Column | What it shows | How to use |
| ----------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
| Standard | The compliance framework (for example, ISO27001:2022, SOC2, NIST-800-53-Revision-5, PCI\_DSS 4.0, PCI\_DSS 3.2.1). | Use this to identify which frameworks are impacted by the finding. |
| Category | The control category within the framework, such as Access Control or Confidentiality. | Use this to understand the type of control that is affected. |
| Control | The specific control identifier (for example, A.9.2.4, CC6.1, IA-5, 8.3.2). | Use this to reference the exact control when reporting to auditors or compliance teams. |
| Description | A short description of what the control requires. | Use this to confirm the relevance of the control and to scope remediation appropriately. |
### OSC\&R
Maps the issue to the OSC\&R (Open Software Supply Chain Attack Reference) framework, showing which attack tactics and techniques apply.
The horizontal track lists OSC\&R tactics — Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Lateral Movement, Collection, and so on. A counter next to a tactic (for example, **Initial Access (1/1)**) indicates how many techniques under that tactic are matched by the issue.
Each matched tactic shows technique cards (for example, **T0112: Compromised token**) with badges indicating related counts.
Use this section to understand where the issue fits in an attacker's kill chain and to anticipate the next stages of an attack if the issue is exploited.
### CWE
Lists the Common Weakness Enumeration entries that classify the underlying weakness (for example, **CWE-798: Use of Hard-coded Credentials**).
Use this to align the finding with industry-standard weakness definitions, link to external references, and standardize reporting across tools.
### More Info
Provides scan and detection metadata for traceability.
| Field | What it shows | How to use |
| ------------ | --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------ |
| Policy Name | The name of the OX policy that produced the detection (for example, Secret in Runtime). | Use this to understand which policy is responsible for the finding. |
| Rule Id | The specific rule under the policy (for example, base64-github-fine-grained-pat). | Use this to tune detection or build exceptions for the exact rule. |
| Source tools | The OX source or integration that produced the detection (for example, Cloud Context). | Use this to identify which scanner or data source generated the finding. |
| Scan ID | The unique identifier of the scan run that produced the finding. | Use this to reproduce, audit, or reference the scan in support requests. |
### Policy
Describes the policy that triggered the detection and explains why it matters.
The Policy field links to the underlying policy (for example, Secret in Runtime). The "Why Should I Care" section provides a plain-language description of the risk the policy is designed to catch.
Use this section to understand the rationale behind the detection, share context with stakeholders who are unfamiliar with the policy, and decide whether the finding is in scope for your team.
### Trend
Shows how the severity of the issue has changed over a selected time window.
The chart plots severity (Info, Low, Medium, High, Critical, Appox) over time. The First Change and Last Change panels on either side describe the earliest and latest severity changes within the selected period — for example, "Severity did not change in the selected period."
Use this section to see whether the issue is escalating, stable, or being actively reprioritized, and to spot patterns across re-detections.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/scan-and-analyze-with-ox/analyzing-scan-results/active-issues-new/issue-details-extra-info.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.