Book a demo

Preparing a File for Manual Upload

The OxThirdPartyIssue interface is a template for creating a structured report about issues found in third-party apps.

The schema must include the name field that identifies the origin of the uploaded issues. The name you provide in this field is used after scan, when filtering the issues to view the imported issues in OX.

The interface is flexible, so you can report as much or as little as you know, as follows:

  • Required fields: You must fill in.

  • Optional fields: You add to the file only if you have the relevant information.

// interface OxThirdPartyIssue {
  reportId: string;
  dateGenerated: string;
  testerInfo: {
    name: string;
    email: string;
  };
  applications: Array<{
    name: string;
    tags?: string[];
    findings: Array<{
      id: string;
      title: string;
      severity: string;
      summary?: string;
      impact?: string;
      recommendation?: string;
      reference?: string;
      linkToExternalProduct?: string;
      libraryName?: string;
      libraryVersion?: string;
      assets?: Array<{
        filePath: string;
        snippet?: string;
        artifacts?: Array<{
          name: string;
          tags: string[];
          sha: string;
          region: string;
        }>;
      }>;
      vulnerabilities?: Array<{
        cve: string;
        cvssScore?: string;
        cvssVersion?: string;
        cveDescription?: string;
        epss?: string;
        percentile?: string;
        kev?: boolean;
        publishedExploitDate?: string;
        hasPublicExploit?: boolean;
        publicExploitLink?: string;
        attackVector?: string;
      }>;
      severityFactorsPerIssue?: Array<{
        name: string;
        type: string;
      }>;
    }>;
  }>;
}

General info

Field
Type
Required
Description

reportId

string

Required

Unique ID for the report

dateGenerated

string

Required

Date the report was created

testerInfo.name

string

Required

Name of the tester

testerInfo.email

string

Required

Email of the tester

Applications

The following table presents the information about the applications that were tested and in which the issues were found.

Field
Type
Required
Description

name

string

Required

Name of the app

tags

string[]

Optional

Labels for the app, for examle “web”, “finance”)

findings

array

Required

List of issues found in the app

Findings

The following table presents the information about the problems that were identified in the applications.

Field
Type
Required
Description

id

string

Required

Unique ID for the issue

title

string

Required

Short name of the issue

severity

string

Required

Severity level (e.g., “High”)

summary

string

Optional

Short explanation of the issue

impact

string

Optional

Why this issue is bad

recommendation

string

Optional

Suggested fix

reference

string

Optional

Link to more info/documentation

linkToExternalProduct

string

Optional

Link to the tool/report that found this

libraryName

string

Optional

Name of the software library involved

libraryVersion

string

Optional

Version of the library

Assets

The following table presents the information about the files/code affected by the issue, if such exist. This section is optional in case no files were damaged.

Field
Type
Required
Description

filePath

string

Required

File location where issue appears

snippet

string

Optional

Small piece of code showing the issue

artifacts

array

Optional

Additional details

Artifacts

The following table presents the information about the additional info inside the affected file.

Field
Type
Required
Description

name

string

Required

Name of the artifact

tags

string[]

Required

Tags describing the artifact

sha

string

Required

Unique identifier (digital fingerprint)

region

string

Required

Region/location in the file

Vulnerabilities

The following table presents the information that is included only in case the issue is linked to a known security flaw, for example, a CVE.

Field
Type
Required
Description

cve

string

Required

CVE ID (e.g. "CVE-2024-0001")

cvssScore

string

Optional

Severity score (0–10)

cvssVersion

string

Optional

Version of the scoring system

cveDescription

string

Optional

Description of the vulnerability

epss

string

Optional

Likelihood of exploitation

percentile

string

Optional

How this compares to other CVEs

kev

boolean

Optional

Is it a Known Exploited Vulnerability?

publishedExploitDate

string

Optional

When an exploit became public

hasPublicExploit

boolean

Optional

Is there public code to attack it?

publicExploitLink

string

Optional

Link to exploit code

attackVector

string

Optional

How the attack works (e.g. "Network")

Severity factors

The following table presents the information that explains why this issue is considered severe.

Field
Type
Required
Description

name

string

Required

Name of the factor (e.g. "Remote Execution")

type

string

Required

Type/category (e.g. "Security", "Performance")

Example of a file for manual upload:

Last updated