Importing Issues by File Upload

You can upload files containing security issues discovered outside of OX, so you can manage them together with your other issues.

Typical use cases include:

You received a pen-test report and want the findings to appear in OX alongside your other issues.
You use a product that OX does not natively integrate with and want those findings in OX for single-pane tracking.

Currently, the supported file format is JSON.

Uploading issue files

You upload issue files to OX through the OX platform or using the OX API. You prepare the file according to the required schema, upload it, and OX processes the data and displays the issues in the UI.

To import the file using OX platform:

Prepare the file that you want to upload.
In the Active Issues page, select Import from the top bar.
Drag and drop or search for the file you want to upload.

Note: Make sure the files that you import have meaningful names that identify the origin of the uploaded issues, for example, Pen Test, Black Duck, Snyk, Torque. The name you provide in this field is used later in the Source Tool filter in OX, when you want to view the imported issues in OX.

Select IMPORT. When your file is successfully uploaded, you have the option to download or remove it.

Select CLOSE. The imported issues appear in the Active Issues page only after you run a new scan.

To import the file using OX API:

Prepare the file that you want to upload.
Create a new API key.
Upload the file using OX API. OX processes the file and creates or maps Applications and Issues.

An example of an API call to upload a file as curl:

curl --location '' \
--header 'content-type: application/json' \
--header 'Authorization: <ox api token>' \
--header 'x-apollo-operation-name: file-upload' \
--data '{"query":"mutation UploadThirdPartyFileBase64($data: String!, $tool: String!, $fileType: ThirdPartyUploadDataType) {\n  uploadThirdPartyFileBase64(data: $data, tool: $tool, fileType: $fileType) {\n    requestId\n    success\n  }\n}","variables":{"data":"<base64 string>","tool":"<tool name>","fileType":"<file type>"}}'

Where:

Placeholder

Description

<OX API token>

The API key you have created in OX.

<tool name>

The name of the tool that generated the issues. Can be any string.

<data>

The JSON file encoded as a Base64 string.

<file type>

Supports the following values:

JSON: Used for regular uploads in OX format.
SARIF: Used for SARIF uploads.

Perform a scan to ensure the uploaded issues are added to your organization in OX.
Note: Running a scan after the upload is required for the issues to be registered in your organization.

Viewing and managing imported files

After you run a scan, you can view the imported issues in the Active Issues page and the Applications page.

OX validates each uploaded file automatically. If any required fields are missing or invalid, the upload fails. A tooltip appears in the UI showing which fields caused the problem.

You can download or drag the file back to your computer, fix the errors, and re-upload it. Invalid files cannot be imported until all validation errors are resolved.

In case you don't want to view the imported issues, you can remove the imported files at any time. The issues imported from the removed file will not appear in OX after the next scan.

You can also download the file to your system and view the issues contained in it.

To view the imported issues in OX Security:

Go to Active Issues and in the Filters pane, select Source Tool > Manual Upload.

Applications and in the Filters pane, select Category > Manual Upload.

To remove/download the imported files:

Go to Active Issues > Manage Files.

Remove the files that you want, or download the files to view the issues that were imported. After the next scan, the issues that were imported from the file you removed no longer appear in OX.

Last updated 24 days ago