# Table of Contents - [Making connections | OX docs](#making-connections-ox-docs) - [Connectors | OX docs](#connectors-ox-docs) - [GPT | OX docs](#gpt-ox-docs) - [OX Broker | OX docs](#ox-broker-ox-docs) - [Model Context Protocol | OX docs](#model-context-protocol-ox-docs) - [MCP Integration Guide | OX docs](#mcp-integration-guide-ox-docs) - [GPL-Licensed Components and Source Availability | OX docs](#gpl-licensed-components-and-source-availability-ox-docs) - [OX Connectors | OX docs](#ox-connectors-ox-docs) - [OX Runtime Sensor | OX docs](#ox-runtime-sensor-ox-docs) - [Source Control | OX docs](#source-control-ox-docs) - [OX K8s Inspector | OX docs](#ox-k8s-inspector-ox-docs) - [GitHub | OX docs](#github-ox-docs) - [Bitbucket | OX docs](#bitbucket-ox-docs) - [GitLab | OX docs](#gitlab-ox-docs) - [Getting GitHub Tokens | OX docs](#getting-github-tokens-ox-docs) - [Ticket Management | OX docs](#ticket-management-ox-docs) - [Connecting to Azure | OX docs](#connecting-to-azure-ox-docs) - [Azure Repos | OX docs](#azure-repos-ox-docs) - [Asana Ticketing | OX docs](#asana-ticketing-ox-docs) - [Azure Cloud | OX docs](#azure-cloud-ox-docs) - [GitHub Issues | OX docs](#github-issues-ox-docs) - [Azure Boards | OX docs](#azure-boards-ox-docs) - [Tenable | OX docs](#tenable-ox-docs) - [Invicti | OX docs](#invicti-ox-docs) - [AWS | OX docs](#aws-ox-docs) - [GitGuardian | OX docs](#gitguardian-ox-docs) - [Monday | OX docs](#monday-ox-docs) - [Bitsight | OX docs](#bitsight-ox-docs) - [AWS OX Integration Policy | OX docs](#aws-ox-integration-policy-ox-docs) - [Jira Permissions | OX docs](#jira-permissions-ox-docs) - [Bright Security | OX docs](#bright-security-ox-docs) - [Adding comments to Jira tickets | OX docs](#adding-comments-to-jira-tickets-ox-docs) - [JFrog Artifactory | OX docs](#jfrog-artifactory-ox-docs) - [Applause | OX docs](#applause-ox-docs) - [Dynamic App Security | OX docs](#dynamic-app-security-ox-docs) - [Automating Jira Ticketing | OX docs](#automating-jira-ticketing-ox-docs) - [ServiceNow | OX docs](#servicenow-ox-docs) - [Jenkins | OX docs](#jenkins-ox-docs) - [Nexus IQ CLI | OX docs](#nexus-iq-cli-ox-docs) - [Slack | OX docs](#slack-ox-docs) - [EKS | OX docs](#eks-ox-docs) - [Red Hat Quay | OX docs](#red-hat-quay-ox-docs) - [Microsoft Teams | OX docs](#microsoft-teams-ox-docs) - [Jira | OX docs](#jira-ox-docs) - [GKE | OX docs](#gke-ox-docs) - [Google | OX docs](#google-ox-docs) - [CyCognito | OX docs](#cycognito-ox-docs) --- # Making connections | OX docs [](https://docs.ox.security/making-connections#before-you-begin) Before you begin -------------------------------------------------------------------------------------- To ensure successful integration with services that enforce IP restrictions, make sure the OX Security IP address 108.128.213.11 is added to the service’s whitelist. [](https://docs.ox.security/making-connections#in-this-section) In this section: ------------------------------------------------------------------------------------- * **Source control** * [GitHub](https://docs.ox.security/making-connections/ticket-management/github-issues) * [GitLab](https://docs.ox.security/making-connections/source-control/gitlab) * [Bitbucket Cloud](https://docs.ox.security/making-connections/source-control/bitbucket) * [Bitbucket Data Center/Server](https://docs.ox.security/making-connections/source-control/bitbucket) * [Azure Repos](https://docs.ox.security/making-connections/source-control/azure) * [Azure TFS](https://docs.ox.security/making-connections/source-control/azure) * [AWS CodeCommit](https://docs.ox.security/making-connections/aws) * **Code security (static analysis)** * [GitHub SAST](https://docs.ox.security/making-connections/ticket-management/github-issues) * [GitLab SAST](https://docs.ox.security/making-connections/source-control/gitlab) * **Secret/PII scan** * [GitHub Secret Detection](https://docs.ox.security/making-connections/ticket-management/github-issues) * [GitLab Secret Detection](https://docs.ox.security/making-connections/source-control/gitlab) * **Open source security** * [GitHub Dependabot](https://docs.ox.security/making-connections/ticket-management/github-issues) * [GitLab Dependency Scanning](https://docs.ox.security/making-connections/source-control/gitlab) * **CI/CD** * [Azure Pipelines](https://docs.ox.security/making-connections/source-control/azure) * [GitHub Actions](https://docs.ox.security/making-connections/ticket-management/github-issues) * [GitLab CI/CD](https://docs.ox.security/making-connections/source-control/gitlab) * [Jenkins](https://docs.ox.security/making-connections/jenkins) * **Registry** * [Amazon ECR](https://docs.ox.security/making-connections/aws) * [Azure Container Registry](https://docs.ox.security/making-connections/source-control/azure) * [GitLab Container Registry](https://docs.ox.security/making-connections/source-control/gitlab) * [Google Artifact Registry](https://docs.ox.security/making-connections/google) * [Google Container Registry](https://docs.ox.security/making-connections/google) * [JFrog Artifactory](https://docs.ox.security/making-connections/jfrog-artifactory) * **Kubernetes** * [EKS](https://docs.ox.security/making-connections/eks) * **Cloud deployment** * [AWS](https://docs.ox.security/making-connections/aws) * [Azure](https://docs.ox.security/making-connections/source-control/azure) * **Ticket management** * [Jira](https://docs.ox.security/making-connections/ticket-management/jira) * **Dev alerts** * [Slack](https://docs.ox.security/making-connections/slack) * Microsoft Teams Last updated 8 months ago --- # Connectors | OX docs **At a glance:** Integrate your infrastructure systems and (optionally) additional security tools with OX to get your full application security posture in our single, centralized platform – providing complete coverage, issue aggregation and prioritization, and automation. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-84a3bbdf7caf446d7883f26f8c9437a746b1071d%252Fconnectors.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=977f4c5&sv=2) [](https://docs.ox.security/making-connections/connectors#overview) Overview --------------------------------------------------------------------------------- The **Connectors** page is the single location from which you can connect your infrastructure and security tools to OX. OX supports 2 primary types of connectors: * Development & production infrastructure * Security tools Additionally, you can connect tools such as ChatGPT, Jira, Slack, Logz.io, and Splunk to facilitate collaboration and remediation of issues. You can find a full list of all supported connectors [here](https://docs.ox.security/get-started-1/supported-connectors) . ### [](https://docs.ox.security/making-connections/connectors#development-and-production-infrastructure) Development & production infrastructure These are the systems that provide your supply chain infrastructure, including: * Source control systems (such as GitHub, GitLab, and Bitbucket) * CI/CD systems (such as Jenkins and Azure Pipelines) * Registries (such as Docker Hub and JFrog) * Cloud deployment infrastructure (such as AWS and Google Cloud Platform) ### [](https://docs.ox.security/making-connections/connectors#security-tools) Security tools These are the security tools that scan and secure your software throughout the development lifecycle. * OX provides complete coverage for each lifecycle stage with its combination of proprietary and open-source tools (such as Trivy, Bandit, DevSkim, Semgrep, GitLeaks, Checkov, and Prowler). * We also provide you the flexibility to integrate other dedicated, security tools you are using (either commercial or open source) into the OX platform. * Examples of these tools include Snyk for SCA, Checkmarx for static code analysis, or Prisma for CSPM. #### [](https://docs.ox.security/making-connections/connectors#ox-security-tools) OX security tools By default, OX security tools (proprietary and open source) are enabled to provide **full supply chain coverage out of the box** in the optimal configuration for your environment. OX tools cover any stage you have not protected with dedicated tools. Additionally, all of these tools can work in parallel with any dedicated security tools you already have installed. In other words, you can keep the OX tools active even if you do add additional tools to cover specific categories. Of course, you can elect to disable any of the OX tools according to your needs. [](https://docs.ox.security/making-connections/connectors#connecting-your-tools) Connecting your tools ----------------------------------------------------------------------------------------------------------- To connect a tool, click its box on the **Connector** page. Each tool has its specific connection options and instructions. Usually, the connection can be made using one or more of the following methods: * Identity provider * Token * Username & password * Shared secret Specific instructions for each connector can be found inside its box on the **Connectors** page. For certain connectors, additional details are available in the **Making connections** section of this help center. ### [](https://docs.ox.security/making-connections/connectors#connection-status) Connection status An icon in a connector's box on the **Connectors** page indicates its status: ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1bc61660ab2d3de94162ab7ac64b1c04337d7ace%252Fconnected.png%3Falt%3Dmedia&width=42&dpr=4&quality=100&sign=cf306ce3&sv=2) Tool is connected and active ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-45ef5f6b111c7df7fbb30ab8869dbb155b9e6604%252Fnot_connected_icon.png%3Falt%3Dmedia&width=43&dpr=4&quality=100&sign=cf1692c1&sv=2) Tool was discovered in your environment, but it is not yet connected ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-65925dba0daeedf07c233908c9ade27e31786c99%252Fbroken_connection.png%3Falt%3Dmedia&width=43&dpr=4&quality=100&sign=51b81ed&sv=2) Tool was connected, but there are connection issues Last updated 5 days ago --- # GPT | OX docs The GPT connector lets OX run AI-powered capabilities with your own GPT account and policies. When connected, OX routes all LLM requests with your GPT token. Ownership, logging, and billing stay on your side, and your network rules apply. For on-prem, the connector is required to enable AI capabilities. For SaaS, it lets you use AI without relying on an OX-managed account, whether for compliance, data-handling, or internal policy. During operation, OX sends only the context required to fulfill a request, for example, prompts or short code snippets, to your configured provider, so confirm that this aligns with your organization’s data-handling policy. ### [](https://docs.ox.security/making-connections/gpt#gpt-saas-vs-on-prem) GPT SaaS vs on-prem Deployment Mode Without GPT Connector With GPT Connector Data Path OX SaaS AI capabilities are available by default with OX token. Requests are routed to your GPT account using your token. OX calls the provider API on your behalf. OX On-Prem AI capabilities are unavailable until configured. Required. Requests run with your GPT token. Requests leave your environment only to the approved provider or proxy you configure. [](https://docs.ox.security/making-connections/gpt#prerequisites) Prerequisites ------------------------------------------------------------------------------------ Item Details GPT API token Active API token for your provider. OX permissions OX Admin account. [](https://docs.ox.security/making-connections/gpt#connecting-to-gpt) Connecting to GPT -------------------------------------------------------------------------------------------- 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **GPT**. 3. In the **Configure your ChatGPT credentials** dialog, select **CONNECT**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b938f3a23e05af025b41305c488540fe4bfa8d6e%252FGPT_Connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b88b1cfe&sv=2) Field Description **Token** The provider token OX uses to authenticate requests. 1. Select **CONNECT**. AI capabilities become available. OX does not use an OX-managed account. Last updated 5 days ago --- # OX Broker | OX docs OX Broker is a secure, containerized service that enables communication between your environment and OX Security services, enabling connection to your internal resources. The broker component reverses the typical connection pattern. Instead of customers opening inbound ports to OX and adding OX IPs to their whitelist, a broker runs in the customer’s environment and initiates a secure outbound connection to OX. This improves security and simplifies the integration process, particularly for customers with strict security policies. [](https://docs.ox.security/making-connections/ox-broker#supported-connectors) Supported connectors -------------------------------------------------------------------------------------------------------- * GitLab * GitHub * Azure TFS * Harbor * GitLab Container Registry * JFrog Artifactory * BitBucket Data Center/Server [](https://docs.ox.security/making-connections/ox-broker#prerequisites) Prerequisites ------------------------------------------------------------------------------------------ Before you begin, contact OX Security Customer Success representative for feature enablement. Prepare a dedicated Linux-based computer in your environment and make sure your system meets the following requirements: Requirement Type Details **Operating System** * Ubuntu 22.04 or later * RHEL9 **Software** * Docker Engine and Docker Compose V2 **Access** * Root access or sudo available **Network Connectivity** * Ensure the OX Broker host has connectivity to your connectors. * Allow outgoing traffic from the host on port 443 to the address OX provides * Allow outgoing traffic from the host to pull images from Docker Hub * Share with OX the public IP address of the machine where the OX Broker is installed. **Note:** When your traffic is routed through a proxy, make sure that port 443 (HTTPS) is allowed for outbound communication to OX environment and share the proxy IP address. **Hardware** Minimum system resources: * 4 GB RAM * 2 CPU cores * 10 GB of available disk space [](https://docs.ox.security/making-connections/ox-broker#installing-ox-broker) Installing OX Broker -------------------------------------------------------------------------------------------------------- OX provides you with a script that performs the following tasks: * Generates secure credentials for your OX Broker instance * Creates SSH keys for secure communication. * Extracts and configures required components * Starts the OX Broker services **To install OX broker:** 1. Request the installation script URL from the OX Security support team. 2. Download the script to your machine. 3. Add permissions to run the script. Copy chmod +x install.sh 1. Run the script as Admin. Copy sudo -E ./install.sh The installation script runs, generating asymmetric keys and OXBroker credentials. The private key is saved on your system automatically and the public key you need to OX Security support team. 1. Send the public key to OX Security support. 2. Save the credentials on your environment in a safe location. 3. To proceed with the installation, press `p` and follow the on screen instructions. 4. When asked about the TLS configuration, reply **yes**. 5. If relevant, when asked about the Proxy configuration, reply **yes**. ### [](https://docs.ox.security/making-connections/ox-broker#configuring-ox-broker) Configuring OX Broker 1. Log in to the OX Security portal. 2. Go to the relevant connector and select **Broker**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1429960ef94673262163e58c7d18b86c08845e71%252FBR_connecting.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=bb49fd7f&sv=2) Requirement Type Details **Internal resource URL** Provide the connector URL **Token** Add your connector token. **User** Type the user that was generated by the OX script. **Password** Type the password that was generated by the OX script. **Bypass SSL Verification (not recommended)** Enable this option to ensure successful connection, if your environment lacks a proper certificate or uses a self-signed certificate. 1. To confirm the container and the OX Broker are active, run: Copy docker ps | grep oxbroker ### [](https://docs.ox.security/making-connections/ox-broker#maintaining-ox-broker) Maintaining OX Broker Use the following commands to manage the OX Broker services: Task Command Check service status `docker-compose ps` View logs `docker-compose logs -f` Restart services `docker-compose restart` ### [](https://docs.ox.security/making-connections/ox-broker#uninstall-ox-broker) Uninstall OX Broker 1. Navigate to the OX Broker directory: Copy cd oxbroker/ 2. Run the following command to stop and remove the containers and volumes: Copy docker-compose down -v Last updated 5 months ago --- # Model Context Protocol | OX docs > **Note:** This capability is currently in Early Access (EA) and is not generally available. To request access, please contact OX technical support. OX Security supports integration with AI agents through the Model Context Protocol (MCP), allowing structured, secure interaction between agents and OX Security data. With this setup, organizations can build or connect smart assistants that interact with their security data conversationally, without logging into the OX UI or navigating dashboards. Any AI system or tool that supports MCP integration can work with OX. By exposing selected data and actions through an MCP server, OX Security enables AI-powered tools, such as Cursor, Claude, VS Code extensions, and internal company agents to query and act on live security information from OX. For the actual integration instructions, refer to [MCP Integration Guide](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide) . [](https://docs.ox.security/making-connections/model-context-protocol#how-it-works) How It Works ----------------------------------------------------------------------------------------------------- When an AI agent connects to the OX MCP server using valid credentials, such as an organization token. It gains access to a set of registered tools, each representing a secure function call that retrieves or manipulates data in OX. For example: * The agent can call `Get Issues` to retrieve a list of open security issues. * The agent can access `Get Applications`, `Get Pipelines`, and other endpoints to pull context from different parts of the OX platform. This enables natural language agents to: * Access and interpret OX Security data. * Intelligently select and orchestrate the required tools to meet user goals. * Execute actions and deliver the results directly within the conversational interface. #### [](https://docs.ox.security/making-connections/model-context-protocol#read-data) Read Data The following table presents APIs that support use cases such as generating reports, answering questions like, what are my top vulnerabilities, or retrieving application-level insights directly within an agent interface. The following data can be retrieved by authorized AI agents using MCP: Area Description **Active Issues** `GetIssues` Access currently open and unresolved security issues. **Removed Issues** `GetRemovedIssues` Retrieves issues that were automatically resolved due to code or environment changes. **Resolved Issues** `GetResolvedIssues` Views issues that were manually or automatically marked as resolved. **Pipeline Issues** `GetPipelineIssues` Pulls data from pipeline scans, including scan results and related issues. **Applications** `GetApplications` Accesses metadata on registered applications, including name, environment, and ownership. SBOM `GetSbom` Retrieves Software Bill of Materials (SBOM) data for specific components or applications. #### [](https://docs.ox.security/making-connections/model-context-protocol#perform-actions) Perform Actions There are capabilities that allow AI agents to not only retrieve data but also interact with it, empowering workflows such as issue resolution, feedback tagging, or prioritization suggestions. > **Note:** All MCP operations are permission-controlled and scoped by organization-level access tokens. Agents can only access data and perform actions that have been explicitly exposed using the OX MCP server configuration. The following actions can be performed by AI agents through MCP: Action Description **Add Comment** `AddCommentToIssue` Posts a contextual comment on a specific issue. **Mark as False Positive** `ReportAsFalsePositive` `ReportFalsePositiveForPipelineIssues` Updates issue status to "false positive" for improved filtering and triage. **Change Severity** `UpdateIssueSeverity` Modifies the severity level of an issue (e.g., from High to Medium). **Exclude Issues** `ExcludeIssues` Mark an issue as excluded so it no longer affects risk metrics or reports. ### [](https://docs.ox.security/making-connections/model-context-protocol#using-mcp-on-prem) Using MCP on-prem You can use MCP SaaS and on-prem. **To use MCP on-prem:** 1. Verify the [GTP connector](https://docs.ox.security/making-connections/gpt) is connected. 2. Use the following URL: Copy // https://${onpremHostName}/api/mcp [](https://docs.ox.security/making-connections/model-context-protocol#example-use-cases) Example Use Cases --------------------------------------------------------------------------------------------------------------- When MCP is connected to OX, AI agents can assist with a wide range of queries and operations: ### [](https://docs.ox.security/making-connections/model-context-protocol#show-all-my-critical-issues) Show all my critical issues ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4a136305200288876f394e6d3a52368f7b4f54ab%252Fexample_show_critical_issues.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=89ee7aea&sv=2) ### [](https://docs.ox.security/making-connections/model-context-protocol#generate-a-leadership-report) Generate a leadership report ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0ac0d1f9241dda10f2431668067be42b54c0c859%252Fexample_security_leadership_report.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=177f6839&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3f77af31eedffb00d7c1cc077fd9a53fa4970ebf%252Fexample_security_leadership_report1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=65f811df&sv=2) ### [](https://docs.ox.security/making-connections/model-context-protocol#more-examples) More examples Use Case Example Prompt Agent Action (via MCP) **Query Top Issues** "What are the top 10 critical issues in my OX organization?" Runs `GetIssues` and returns a severity-sorted list of the top issues. **Summarize Vulnerabilities by Team** "How many issues are assigned to each team lead?" Queries ownership metadata and returns a breakdown by team lead. **Contextual Recommendations** "Should I fix this issue or mark it as excluded?" Retrieves issue details (e.g., via `GetIssueDetails`) and recommends the next action. Last updated 2 months ago --- # MCP Integration Guide | OX docs This guide explains how to integrate OX Security with your IDE using an [MCP server](https://docs.ox.security/making-connections/model-context-protocol) . It includes setup for the following: * [MCP Integration key](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#creating-a-new-mpc-integration-key) * [Cursor integration with OX MCP](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-cursor-with-ox-mcp) * [Claude Desktop integration with OX MCP](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-claude-desktop-with-ox-mpc) * [VS Code integration with OX MCP](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-visual-studio-code-with-ox-mpc) [](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#creating-a-new-mcp-integration-key) Creating a new MCP integration key ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- To integrate with the MCP server, you need to create an integration key. **To create a new MCP integration key:** 1. From the left pane of the **OX dashboard**, select **Settings > API Key Settings**. 2. In the **API Key Settings** window, select **CREATE API KEY**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ed087c212916d7e7389e378bbd03ea6c662ddbac%252FMPC%2520integration%2520key.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=161764f4&sv=2) 1. In the **Create API Key** box set the following: Parameter Description **API Key Name** A descriptive name for the API key to identify its purpose MCP key 1 **API Key Type** Select **MCP Integration** **Assign role** Assign a role according to your permissions needs. Example: **Admin** for full access. **Operator** for limited access to specific actions. **Assign scopes** Defines which applications and issues the API key can access: * **Entire organization:** Access to all applications and issues in the organization. * **Custom:** Access restricted to specific applications/issues. **Expiration Date** The date and time when the API key will expire and no longer be valid. 1. Copy the **API Key Secret** to be used when connecting to APIs. Save the key in a safe location. This is the only time when you can see and copy the actual key. 2. Select **CLOSE**. The new key appears in the **API Key Settings** page. [](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-cursor-with-ox-mcp) Integrating Cursor with OX MCP --------------------------------------------------------------------------------------------------------------------------------------------------------------- By integrating with OX’s MCP, Cursor becomes a security-aware development assistant, able to query live security data, suggest actions, and triage issues directly from your IDE **To integrate Cursor with OX MCP:** 1\. Click [here](cursor://anysphere.cursor-deeplink/mcp/install?name=ox-security&config=eyJ1cmwiOiJodHRwczovL2FwaS5jbG91ZC5veC5zZWN1cml0eS9hcGkvbWNwIiwiaGVhZGVycyI6eyJBdXRob3JpemF0aW9uIjoiUEFTVEVfWU9VUl9BUElfVE9LRU5fSEVSRSJ9fQ%3D%3D) , to open Cursor in the relevant location where you can start working. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3291943584292074739b143b39f69bd0e6fa3997%252FCursor1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=4a2f072e&sv=2) 1. In the authorization header, replace the placeholder value with the [MCP Integration key that you saved](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#creating-a-new-mpc-integration-key) . 2. Click **Install**. In the Cursor tools menu, OX Security logo appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5067db4e36ccb61a04570fd7d7c92234d0ea7ece%252FCursor2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=399b2c2c&sv=2) More info: [Cursor Documentation](https://docs.cursor.com/en/tools/developers) . [](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-claude-desktop-with-ox-mcp) Integrating Claude Desktop with OX MCP ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Claude Desktop offers an intuitive interface for integrating with OX Security's MCP, providing teams with robust security capabilities directly from their desktop environment. > **Note:** Ensure Node.js v18+ is installed. If using `nvm`, make sure no versions lower than 18.x are active. **To integrate Claude Desktop with OX MCP:** 1. In Claude Desktop, go to **Settings** > **Developer**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2c38ac78f90dc26e530b97e6add13c2ef6220abf%252FClaude%2520Desktop1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3338aa44&sv=2) 1. Select **Edit Config**. Claude automatically opens the configuration file `claude_desktop_config.json` 1. Add the JSON MCP server configuration for OX Security as provided by your administrator or documentation. Copy { "mcpServers": { "ox-security": { "command": "npx", "args": [\ "-y",\ "[email protected]",\ "https://api.cloud.ox.security/api/mcp",\ "--header",\ "Authorization:${AUTH_TOKEN}"\ ], "timeout": 60000, "initTimeout": 30000, "env": { "AUTH_TOKEN": "PASTE_YOUR_API_TOKEN_HERE" } } } } 1. Replace `PASTE_YOUR_API_TOKEN_HERE` with the [MCP Integration key that you saved](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#creating-a-new-mpc-integration-key) . 2. Save the file and restart Claude Desktop. After restart, OX Security appears as an available MCP server in Claude Desktop. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a6d21a824fb18ab5b953d1a223ca1ae240f6d370%252FClaude%2520Desktop2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=797df001&sv=2) #### [](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#troubleshooting-windows) Troubleshooting (Windows) In case you have issues setting up MCP servers in Windows, consider using alternative commands, such as `npx.cmd` or direct Node.js execution. **Use** `**npx.cmd**`**:** Copy { "mcpServers": { "ox-security": { "command": "npx.cmd", "args": [\ "-y",\ "[email protected]",\ "https://api.cloud.ox.security/api/mcp",\ "--header",\ "Authorization:${AUTH_TOKEN}"\ ], "env": { "AUTH_TOKEN": "PASTE_YOUR_API_TOKEN_HERE" } } } } **Run Node.js directly:** 1. Install MCP Remote globally: Copy npm install -g [email protected] 2. Update your config with your local Node.js path: Copy { "mcpServers": { "ox-security": { "command": "C:\YOUR_NODE_INSTALL_FOLDER\node.exe", "args": [\ "YOUR_MCP_REMOTE_FOLDER\node_modules\mcp-remote\dist\client.js",\ "https://api.cloud.ox.security/api/mcp",\ "--header",\ "Authorization:${AUTH_TOKEN}"\ ], "env": { "AUTH_TOKEN": "PASTE_YOUR_API_TOKEN_HERE" } } } } [](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#integrating-visual-code-with-ox-mcp) Integrating Visual Code with OX MCP ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Visual Studio Code provides versatile options to connect with OX Security's MCP, enabling developers to streamline their security workflows within the versatile VS Code ecosystem. **To integrate VS Code with OX MCP:** 1. Open **VS Code Settings**. 2. Open **MCP User Configuration**, see [VS Code MCP Docs](https://code.visualstudio.com/docs/copilot/chat/mcp-servers) for details. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-10b8d3a1a223661db9412972b251935c45228a87%252FVS1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9e93cbf&sv=2) 1. Add the JSON MCP server configuration for OX Security in `mcp.json`: Copy { "servers": { "ox-security": { "type": "http", "url": "https://api.cloud.ox.security/api/mcp", "headers": { "Authorization": "PASTE_YOUR_API_TOKEN_HERE" } } } } 1. Replace `PASTE_YOUR_API_TOKEN_HERE` with the [MCP Integration key that you saved](https://docs.ox.security/making-connections/model-context-protocol/mcp-integration-guide#creating-a-new-mpc-integration-key) . 2. Save the configuration. 3. In the **VS Code chat**, click **Add Context**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8aed8e4e136f0e8339e2098e1136b3d4b593ba12%252FVS2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8e0b64ba&sv=2) 1. Select the desired tools. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ece98043cb07eae67b96e5f6197a6b85af10edea%252FVS3.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d87e3903&sv=2) OX Security appears as an available MCP server. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2c45ac35e40e84d52186fd51704a6a7edaee814e%252FVS4.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=bf386c46&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6f310dacb1b01293df9204be14b53191a1260b7d%252FVS5.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=55c9fc36&sv=2) Last updated 25 days ago --- # GPL-Licensed Components and Source Availability | OX docs OX Runtime Sensor includes eBPF programs that run in the Linux kernel. These programs are subject to the GNU General Public License (GPL). To comply with the GPL, OX will make the complete corresponding source code for the GPL-licensed eBPF components available on request, as follows: * **Availability window:** You may request the source code for a period of three years from the date OX distributes the software. The earliest request date is October 15, 2025. * **Who can request:** Any party that has received OX commercial software containing these GPL-licensed components may request the source code. * **How much it costs:** OX will provide the source code at no charge other than reasonable handling costs. Delivery details will be coordinated over email. **To request eBPF components:** 1. Send an email to OX legal compliance team: **[\[email protected\]](https://docs.ox.security/cdn-cgi/l/email-protection) **. 2. Use the subject line: **GPL Source Code Request**. 3. Include your name, your organization, and the specific **ox-runtime-sensor** version or release you received. Last updated 25 days ago --- # OX Connectors | OX docs OX Security provides several built-in connectors, ready for use Each connector scans specific artifacts in your repository to identify risks and issues. * OX connectors analyze source control, pipelines, BOM artifacts, policies, and more, providing unified visibility across your software development lifecycle (SDLC). * The dashboard and related pages in the OX platform display issues and real-time insights for each artifact. * Each connector has related policies which you can view on the Policies page. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2dfa741ebc02ef5b14ac843742e41e4cf84c7b18%252Fimage%2520%281%29%2520%281%29%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1e8f9956&sv=2) [](https://docs.ox.security/making-connections/ox-connectors#list-of-ox-connectors) List of OX connectors -------------------------------------------------------------------------------------------------------------- Together, OX connectors deliver an out-of-the-box unified platform for consolidated management, prioritization, and remediation of issues. OX Security includes these connectors are part of the installation: * [OX CI/CD Posture](https://docs.ox.security/making-connections/ox-connectors#ox-ci-cd-posture) * [OX Cloud Context](https://docs.ox.security/making-connections/ox-connectors#ox-cloud-context) * [OX Code Security](https://docs.ox.security/making-connections/ox-connectors#ox-code-security) * [OX Container Security](https://docs.ox.security/making-connections/ox-connectors#ox-container-security) * [OX Dynamic App Security](https://docs.ox.security/making-connections/ox-connectors#ox-dynamic-app-security) * [OX Git Posture](https://docs.ox.security/making-connections/ox-connectors#ox-git-posture) * [OX IaC Scan](https://docs.ox.security/making-connections/ox-connectors#ox-iac-scan) * [OX K8s Inspector (Beta)](https://docs.ox.security/making-connections/ox-connectors#ox-k8s-inspector-beta) * [OX Open Source Security](https://docs.ox.security/making-connections/ox-connectors#ox-open-source-security) * [OX SBOM Scan](https://docs.ox.security/making-connections/ox-connectors#ox-sbom-scan) * [OX Secret / PII Scan](https://docs.ox.security/making-connections/ox-connectors#ox-secret-pii-scan) [](https://docs.ox.security/making-connections/ox-connectors#prerequisites) Prerequisites ---------------------------------------------------------------------------------------------- There are no prerequisites. [](https://docs.ox.security/making-connections/ox-connectors#enable-a-connector) Enable a connector -------------------------------------------------------------------------------------------------------- Most OX connectors are enabled by default. If the connector isn’t enabled. **To enable the connector:** 1. Go to the **Connectors** page and locate the relevant connector. Here's an example. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-85c793b53f741a0ba2c3e14e418d880558ee4b8c%252FConnector%2520screen.png%3Falt%3Dmedia&width=300&dpr=4&quality=100&sign=cc28e955&sv=2) 2. Click the icon to open the connection screen. 3. Click the toggle to enable the connector or follow the on-screen instructions. [](https://docs.ox.security/making-connections/ox-connectors#disable-a-connector) Disable a connector ---------------------------------------------------------------------------------------------------------- You can disable a connector in the production environment, but not in the demo environment. Once disconnected, issues and related data are no longer displayed in the UI. **To disable the connector:** 1. Go to the **Connectors** page and locate the relevant connector. 2. Click the icon to open the connection screen. 3. Click the toggle to disable the connector or click **DELETE**. To reconnect, click the toggle or reconnect following the on-screen instructions. [](https://docs.ox.security/making-connections/ox-connectors#ox-ci-cd-posture) OX CI/CD Posture ---------------------------------------------------------------------------------------------------- The connector analyzes Git and repositories posture to ensure best practices and standards are maintained for code health and organization. The connector is ON by default. [](https://docs.ox.security/making-connections/ox-connectors#ox-cloud-context) OX Cloud Context ---------------------------------------------------------------------------------------------------- The connector scans cloud environments and configurations to identify security risks, misconfigurations, runtime vulnerabilities, and non-compliance with security best practices. The connector is ON by default. AWS is the cloud provider. For more on cloud-related artifacts, see the article [Cloud BOM](https://docs.ox.security/bom/cloud-bom) . [](https://docs.ox.security/making-connections/ox-connectors#ox-code-security) OX Code Security ---------------------------------------------------------------------------------------------------- The connector scans cloud environments and configurations to identify security risks, misconfigurations, runtime vulnerabilities, and non-compliance with security best practices. The connector is ON by default. For supported languages and frameworks, see the [Code Security](https://docs.ox.security/get-started-1/supported-languages-and-frameworks) section in the article [Supported Languages and Frameworks](https://docs.ox.security/get-started-1/supported-languages-and-frameworks) . [](https://docs.ox.security/making-connections/ox-connectors#ox-container-security) OX Container Security -------------------------------------------------------------------------------------------------------------- The connector scans container images for vulnerabilities, secrets, misconfigurations, and security best practices to ensure a secure containerized environment. The connector is ON by default. [](https://docs.ox.security/making-connections/ox-connectors#ox-dynamic-app-security) OX Dynamic App Security ------------------------------------------------------------------------------------------------------------------ The connector scans real-time testing of live applications to uncover vulnerabilities in their running environments. It simulates real attack scenarios to identify what truly matters, beyond static code analysis. The connector is ON by default. [](https://docs.ox.security/making-connections/ox-connectors#ox-git-posture) OX Git Posture ------------------------------------------------------------------------------------------------ The connector analyzes Git and repositories posture to ensure best practices and standards are maintained for code health and organization. The connector is ON by default. [](https://docs.ox.security/making-connections/ox-connectors#ox-iac-scan) OX IaC Scan ------------------------------------------------------------------------------------------ The connector scans source code to detect infrastructure-as-code configurations for security best practices and potential misconfigurations that could lead to vulnerabilities. The connector is ON by default. For supported languages and frameworks, see the [Infrastructure as Code Support](https://app.gitbook.com/o/IEGM87CQH7kzkNVypteW/s/DoksSYnSCvYSMGAaU9SQ/get-started/supported-languages-and-frameworks) section in the article [Supported Languages and Frameworks](https://app.gitbook.com/o/IEGM87CQH7kzkNVypteW/s/DoksSYnSCvYSMGAaU9SQ/get-started/supported-languages-and-frameworks) . [](https://docs.ox.security/making-connections/ox-connectors#ox-k8s-inspector-beta) OX K8s Inspector (Beta) ---------------------------------------------------------------------------------------------------------------- The connector runs in your Kubernetes cluster and collects runtime metadata and configuration details. It securely sends this data to the OX platform, providing visibility into active workloads, identifying public images in use, and enriching vulnerability context. The connector is OFF by default. To connect, see the article [OX K8s Inspector](https://docs.ox.security/making-connections/ox-inspector) . For supported languages and frameworks, see the [Infrastructure as Code Support](https://docs.ox.security/get-started-1/supported-languages-and-frameworks) section in the article [Supported Languages and Frameworks](https://docs.ox.security/get-started-1/supported-languages-and-frameworks) . [](https://docs.ox.security/making-connections/ox-connectors#ox-open-source-security) OX Open Source Security ------------------------------------------------------------------------------------------------------------------ The connector scans source code to detect vulnerable open-source components, libraries and docker files that could be exposed. The connector is ON by default, For supported languages and frameworks, see the section ​[Open Source Security & SBOM](https://docs.ox.security/get-started/supported-languages-and-frameworks#sca-and-sbom-support) in the article [Supported Languages and Frameworks](https://docs.ox.security/get-started/supported-languages-and-frameworks) . [](https://docs.ox.security/making-connections/ox-connectors#ox-sbom-scan) OX SBOM Scan -------------------------------------------------------------------------------------------- The connector scans source code and containers to generate a detailed Software Bill Of Materials with all components, libraries, and tools used in the software, along with their versions and dependencies, for transparency and compliance. The connector is ON by default. For supported languages and frameworks, the section ​[Open Source Security & SBOM](https://docs.ox.security/get-started/supported-languages-and-frameworks#sca-and-sbom-support) in the article [Supported Languages and Frameworks](https://docs.ox.security/get-started/supported-languages-and-frameworks) . You might also want to check these articles: [Malicious Dependencies](https://docs.ox.security/policies/malicious-dependencies) and [SBOM](https://docs.ox.security/bom/sbom) . [](https://docs.ox.security/making-connections/ox-connectors#ox-secret-pii-scan) OX Secret / PII Scan ---------------------------------------------------------------------------------------------------------- The connector scans source code to detect and alert on embedded secrets, such as passwords or API keys, and personally identifiable information (PII) that could be exposed. The connector is ON by default. Last updated 5 days ago --- # OX Runtime Sensor | OX docs > **Note:** This capability is currently in Early Access (EA) and is not generally available. To request access, please contact OX technical support. Runtime Sensor is an OX capability for Kubernetes environments that collects runtime signals from your applications and turns them into actionable insights in OX. The current version of Runtime Sensor focuses on JavaScript, so it is applicable to your system if your repositories include JavaScript. Runtime Sensor helps you decide what to fix first. It detects which third-party libraries are actually loaded in memory at runtime. When a known vulnerability affects a library in your codebase, knowing whether that library is loaded now gives you a stronger indication of urgency during triage. Insights appear in OX in the Active Issues page as severity factors. You see whether a dependency is loaded in runtime or not loaded, with evidence you can review. This context lets you prioritize fixes that reduce real, current risk in your running services. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7dc4798c7fa769bb5c39a45fdf0b9f528d06488c%252FRuntime_Active_Issues.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=66e9d40d&sv=2) The OX Runtime Sensor runs as a Kubernetes DaemonSet. It loads eBPF programs to observe runtime activity on each node, including library loading and process behavior in your workloads. The sensor authenticates to OX with an API key over outbound TLS. It does not write data to the node and does not require persistent storage. CPU, memory, and disk usage are minimal. [](https://docs.ox.security/making-connections/ox-runtime-sensor#prerequisites) Prerequisites -------------------------------------------------------------------------------------------------- * **Technology:** K8s (EKS/AKS/GKE) * **K8s version:** Kubernetes v1.20 and later * **Linux distributions:** Debian, Alpine * **Linux kernel:** v5.10 and later with BTF enabled [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-1-create-a-new-api-key) Step 1: Create a new API key ------------------------------------------------------------------------------------------------------------------------------- 1. From the left pane of **OX dashboard**, select **Settings > API Key Settings**. 2. In the **API Key Settings** window, select **CREATE API KEY**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7e81b28f5c0ff11132bf749b7a737e69b3905b09%252FRuntime%2520API%2520key.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3617e0e2&sv=2) 1. In the **Create API Key** box, set the following and select **CREATE**: * **API Key Name:** Add a meaningful name that is easy to identify. It is good practice to include the key's intended purpose in the name. * **API Key Type:** Select **K8 Inspector/Runtime Sensor Integration**. * **Expiration Date:** Until when you can use this key. 1. Copy the key that appears and save the key it in a safe location. This is the only time when you can see and copy the actual key. 2. Select **CLOSE**. The new key appears in the **API Key Settings** page. [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-2-ensure-cluster-access) Step 2: Ensure cluster access --------------------------------------------------------------------------------------------------------------------------------- Make sure that the cluster has access to: `api.cloud.ox.security` . [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-3-create-ox-runtime-namespace) Step 3: Create `ox-runtime` namespace ----------------------------------------------------------------------------------------------------------------------------------------------- Copy kubectl create namespace ox-runtime [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-4-push-api-keys-to-kubernetes-secrets) Step 4: Push API keys to Kubernetes Secrets ------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. To create a Kubernetes secret named `ox-runtime-sensor-secret` with your API key, run: Copy kubectl -n ox-runtime create secret generic ox-runtime-sensor-secret --from-literal=api-key= 1. Replace `` with the [API key](https://docs.ox.security/making-connections/ox-runtime-sensor#creating-a-new-api-key) you previously generated. [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-5-install-ox-runtime-sensor-with-helm) Step 5: Install OX Runtime Sensor with Helm ------------------------------------------------------------------------------------------------------------------------------------------------------------- Copy helm repo add ox-runtime-sensor-repo https://charts.cloud.ox.security helm repo update helm install ox-runtime-sensor ox-runtime-sensor-repo/ox-runtime-sensor --namespace ox-runtime [](https://docs.ox.security/making-connections/ox-runtime-sensor#step-6-connect-to-ox-runtime-sensor) Step 6: Connect to OX Runtime Sensor ----------------------------------------------------------------------------------------------------------------------------------------------- > **Note:** Before connecting, a DevOps team member must ensure that the CronJob is running in your environment. 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **OX Runtime Sensor**. 3. In the **Configure your OX Runtime Sensor credentials** dialog, select **CONNECT**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-639cd751b81fdc06e5bd05864256351d7ffb42a9%252FRuntime%2520connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ffbb997e&sv=2) [To use eBPF programs, OX complies with the GPL.](https://docs.ox.security/making-connections/ox-runtime-sensor/gpl-licensed-components-and-source-availability) Last updated 17 days ago --- # Source Control | OX docs OX Security integrates directly with a wide range of source control systems, providing complete visibility into the security posture of your code from the earliest stages of development. By connecting your source control platforms, whether hosted in the cloud, on-premises, or hybrid, you can continuously scan repositories for vulnerabilities, secrets, misconfigurations, open source risks, and compliance violations. Why connect your source control system: * **Shift security left** by identifying issues in code as soon as it's written. * **Automatically scan** all repositories, including new ones, with minimal manual effort. * **Map findings to code ownership** by linking vulnerabilities to specific commits, pull requests, and authors. * **Unify visibility** across your entire codebase, regardless of where it’s hosted or how it’s structured. * **Maintain coverage** across SaaS-hosted and self-managed environments without duplicating effort. [](https://docs.ox.security/making-connections/source-control#supported-systems) Supported Systems ------------------------------------------------------------------------------------------------------- OX currently supports integration with the following source control platforms: * [GitHub](https://docs.ox.security/making-connections/source-control/github) * [GitLab](https://docs.ox.security/making-connections/source-control/gitlab) * [Bitbucket Cloud](https://docs.ox.security/making-connections/source-control/bitbucket) * [Bitbucket Data Center / Server](https://docs.ox.security/making-connections/source-control/bitbucket) * [Azure Repos](https://docs.ox.security/making-connections/source-control/azure) * Azure TFS (Team Foundation Server / Azure DevOps Server) * AWS CodeCommit * Gerrit Code Review Last updated 2 months ago --- # OX K8s Inspector | OX docs > **Note:** This capability is currently in Early Access (EA) and is not generally available. To request access, please contact OX technical support. OX K8s Inspector is a lightweight data collection tool that enables secure extraction of Kubernetes cluster data without requiring external access to the Kubernetes API server. OX K8s Inspector runs as a Kubernetes CronJob inside your cluster, collecting configuration and activity data at regular intervals and securely sending it to the OX platform for analysis. This solution is designed for environments where the Kubernetes API server is not exposed publicly. The setup adheres to security best practices that minimize the cluster's attack surface. By operating entirely within the cluster and using outbound communication, K8s Inspector avoids the need for direct access from external systems while still providing full visibility into Kubernetes environments. [](https://docs.ox.security/making-connections/ox-inspector#ox-inspector-architecture) OX Inspector architecture --------------------------------------------------------------------------------------------------------------------- OX K8s Inspector components: * **Inspector CronJob:** Runs inside your Kubernetes cluster, collects relevant data, and securely transmits it to OX. * **OX Backend:** Authenticates the Inspector, handles secure data transfer, and processes the data to produce insights. OX K8s Inspector data flow: 1. The K8s Inspector CronJob runs inside your Kubernetes cluster as a scheduled task. 2. Using a configured API key, the CronJob authenticates with the OX backend. 3. The CronJob collects relevant data by querying the Kubernetes API server. 4. All collected data is encrypted locally within the cluster. 5. The encrypted data is then securely uploaded to the OX backend. 6. The OX platform analyzes the uploaded data during scans and presents insights in the user interface. [](https://docs.ox.security/making-connections/ox-inspector#installing-ox-k8s-inspector) Installing OX K8s Inspector ------------------------------------------------------------------------------------------------------------------------- To allow K8s Inspector to communicate with the OX platform, you need to create an API key, and then go to your cluster and start the installation. Here are the required installation steps: 1. [Create an API key.](https://docs.ox.security/making-connections/ox-inspector#creating-a-new-api-key) 2. Make sure that the cluster has access to: `api.cloud.ox.security` 3. [Push API keys to Kubernetes secrets.](https://docs.ox.security/making-connections/ox-inspector#pushing-api-keys-to-kubernetes-secrets) 4. [Install OX K8s Inspector with Helm](https://docs.ox.security/making-connections/ox-inspector#installing-ox-inspector-with-helm) . 5. [Connect to OX K8s Inspector.](https://docs.ox.security/making-connections/ox-inspector#connecting-to-ox-k8s-inspector) ### [](https://docs.ox.security/making-connections/ox-inspector#creating-a-new-api-key) Creating a new API key 1. From the left pane of **OX dashboard**, select **Settings > API Key Settings**. 2. In the **API Key Settings** window, select **CREATE API KEY**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-45bc3c861b9afded39a32a23722fbc5fc33b035e%252FK8%2520API%2520key.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1091410&sv=2) 1. In the **Create API Key** box, set the following and select **CREATE**: * **API Key Name:** Add a meaningful name that is easy to identify. It is good practice to include the key's intended purpose in the name. * **API Key Type:** Select **K8s Inspector Integration**. * **Expiration Date:** Until when you can use this key. 1. Copy the key that appears and save the key it in a safe location. This is the only time when you can see and copy the actual key. 2. Select **CLOSE**. The new key appears in the **API Key Settings** page. ### [](https://docs.ox.security/making-connections/ox-inspector#pushing-api-keys-to-kubernetes-secrets) Pushing API keys to Kubernetes Secrets 1. To create a Kubernetes secret named `ox-inspector-secret` with your API key, run: Copy kubectl create secret generic ox-inspector-secret --from-literal=api-key= Replace `` with the [API key](https://docs.ox.security/making-connections/ox-inspector#creating-a-new-api-key) you previously generated. ### [](https://docs.ox.security/making-connections/ox-inspector#installing-ox-inspector-with-helm) Installing OX Inspector with Helm Copy helm repo add ox-inspector-repo https://charts.cloud.ox.security helm repo update helm install ox-inspector ox-inspector-repo/ox-inspector \ --set-string oxInspector.cluster.cloud_provider="" \ --set-string oxInspector.cluster.account_id="" \ --set-string oxInspector.cluster.region="" \ --set-string oxInspector.cluster.name="" Placeholder Description `` Cloud provider where the cluster is running (EKS, GKE, or AKS) `` Cloud provider account identifier (AWS Account ID, Azure Subscription ID, or GCP Project ID) `` Cloud provider region where the cluster is deployed (e.g., "us-west-2", "eu-west-1") `` Name of the Kubernetes cluster where OX Inspector will run **Additional Values:** * `oxInspector.cluster.is_on_prem` :Whether you are an OX on-premises customer (true) or OX SaaS customer (false). Default: false * wheather your an OX SaaS customer or an OX onprem customer * `oxInspector.schedule` : Cron schedule expression for the Inspector job. Default: "0 12 \* \* " (runs daily at 12:00 PM) * `oxInspector.proxy_url` : A value you can set to route all traffic from Inspector through your proxy server. [](https://docs.ox.security/making-connections/ox-inspector#connecting-to-ox-k8s-inspector) Connecting to OX K8s Inspector ------------------------------------------------------------------------------------------------------------------------------- > **Note:** Before connecting, a DevOps team member must ensure that the CronJob is running in your environment. 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **OX** **K8s Inspector**. 3. In the **Configure your OX K8s Inspector credentials** dialog, select **CONNECT**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4300be51d6781de20685c54e4a5b64f3d09b5f42%252FK8s%2520Inspector%2520connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=4306495a&sv=2) 1. To select specific clusters for scanning by the OX platform, select the gear icon next to **DELETE**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-07f73b8b0e9278c5539a519850d40be46afae27e%252Fgear_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9691b186&sv=2) 1. Select the clusters you want to protect. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2f724f79cebc1b533567fbc3ca8465dafc144fff%252FK8s%2520Inspector%2520cluster%2520selection.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9d118ba3&sv=2) 1. Select **SAVE**. Last updated 3 days ago --- # GitHub | OX docs GitHub provides cloud-based hosting for software development and version control using Git. It offers distributed version control and source code management capabilities. By connecting GitHub to OX, you enable the system to map your applications and scan them for security issues. In addition, when connecting GitHub, GitHub Actions is a CI/CD platform that automates the build, test, and deployment pipeline. The following connection methods are available: * [GitHub App](https://docs.ox.security/making-connections/source-control/github#github-app) * [Identity Provider](https://docs.ox.security/making-connections/source-control/github#identity-provider) * [Token](https://docs.ox.security/making-connections/source-control/github#token) * [OX Broker](https://docs.ox.security/making-connections/ox-broker) ### [](https://docs.ox.security/making-connections/source-control/github#github-server-options) GitHub Server Options * **GitHub.com (Public SaaS)**: If you are using the public GitHub server, you can log in using either the Identity Provider or Token method. The Token method defaults to the public GitHub server address. * **GitHub Enterprise (Private Server)**: If you are using a private GitHub instance, select the Token login option and provide your GitHub server URL. [](https://docs.ox.security/making-connections/source-control/github#connecting-multiple-accounts) Connecting Multiple Accounts ------------------------------------------------------------------------------------------------------------------------------------ You can connect multiple source control accounts within the same organization, securing them all under a single organization in the OX platform. For instance, you can connect multiple GitLab accounts under one organization using multiple token connections, multiple identity providers, or multiple apps connections. Integrating with multiple accounts is especially beneficial for large organizations where different departments may need separate credentials to access different GitLab instances or other services. The integration is flexible and robust because you can combine different connection methods, such as using tokens for more sensitive accounts and apps and identity providers for less sensitive ones. [](https://docs.ox.security/making-connections/source-control/github#connecting-using-github-app) Connecting using GitHub App ---------------------------------------------------------------------------------------------------------------------------------- The GitHub App method offers a streamlined way to connect an OX platform account to GitHub. This method uses an application created by OX Security, which simplifies the connection process. When using this method, you install the OX GitHub app into your GitHub organization. The app is granted permissions to access your GitHub data, allowing the OX platform to interact with your repositories. This method is ideal if you prefer a straightforward, no-fuss way to connect GitHub without needing to manage API tokens. The integration process is quick, and permissions are automatically configured, making it an easy option for those seeking a fast setup, however, this method is less secure and provides you less control over the process than the token-based method. **To connect with GitHub App:** 1. In the **OX** platform, go to **Connectors** and select **GitHub > GITHUB APP**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-d8debfd1eb5b33855b677aef380b9e229693f43e%252FGH_app_connection.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c52d1649&sv=2) 1. Select **CONNECT**. You are automatically redirected to the source control system’s authentication dialog. 2. Login to GitHub. The **Install OX Security** dialog appears with the list of organizations that you have defined on GitHub. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-44504b421d58ba7402d27f5041aea355b45fee9d%252FGH_APP_connecting1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=5508b7c&sv=2) 1. Select the organization with which you want to set the GitHub-OX integration. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-28edf4f43f0be89cfe4e586c821ecf20a3fc6125%252FGH_APP_connecting2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a74a2a70&sv=2) 1. In the **Install & Authorize OX Security** dialog, select as follows: * **All repositories:** Grants OX GITHUB APP permissions to all the GitHub repositories within the selected GitHub organization. * **Only select repositories:** Select GitHub repositories to which you want to grants OX GITHUB APP permissions within the selected GitHub organization. 1. Select **Install & Authorize**. The connection is established and you are redirected back to OX Security, where the list of all the repositories that participate in the integration appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1c5aef154f13badd37b9095f85209c5c49a34272%252Fselecting%2520repos_no_title.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=175b4728&sv=2) 1. Select the repos you want to scan and click **SAVE**. 2. (optional) [Select branches you want to scan within the selected repos.](https://docs.ox.security/scanning/multi-branch-support) 3. To connect more GitHub accounts to the same organization in the OX platform, select **Add another GitHub App +**, add the app and select **CONNECT**. [](https://docs.ox.security/making-connections/source-control/github#connecting-using-identity-provider) Connecting using Identity Provider ------------------------------------------------------------------------------------------------------------------------------------------------ The Identity Provider (IDP) method is another way to link GitHub to OX Security. This method relies on authentication services provided by GitHub or a third-party service. The user connects using their GitHub account credentials, allowing the OX platform to use GitHub as the identity provider for authentication. The Identity Provider method is simple and does not require users to manage API tokens. It's suitable for users who prefer a centralized authentication method and don’t need detailed control over repository permissions. **To connect with Identity Provider:** 1. In the **OX** platform, go to **Connectors** and select **GitHub > IDENTITY PROVIDER**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-46522ae18ee352447b5bd1af0952a6abe64e3951%252FGH_IDP_connecting1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2bff04cc&sv=2) need to replace this screenshot 1. Select **CONNECT**. You are automatically redirected to the source control system’s authentication dialog. 2. Log in to GitHub and grant permissions to access the data. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-cadbfe7a5305e4d8b9859efa782c0bc6c3d2b705%252FGH_IDP_connecting2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d2598f0e&sv=2) 1. Select **Authorize oxsecurity**. The connection is established and you are redirected back to OX Security, where the list of all the repositories that participate in the integration appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1c5aef154f13badd37b9095f85209c5c49a34272%252Fselecting%2520repos_no_title.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=175b4728&sv=2) 1. Select the repos you want to scan and select **SAVE**. 2. (optional) [Select branches you want to scan within the selected repos.](https://docs.ox.security/scanning/multi-branch-support) 3. To connect more GitHub accounts to the same organization in the OX platform, select **Add another Identity Provider +**, set the required parameters and select **CONNECT**. [](https://docs.ox.security/making-connections/source-control/github#connecting-using-token) Connecting using Token ------------------------------------------------------------------------------------------------------------------------ The Token method provides the most flexibility for connecting GitHub to OX Security. In this method, users generate an API token in GitHub, which serves as a security credential to allow OX Security access to specific repositories and actions. This method is ideal for users who require granular control over the permissions granted to OX Security. It’s especially useful for users in larger organizations or those with specific security requirements, as it allows them to fine-tune repository access. **To connect with Token:** 1. [Get a GitHub token.](https://docs.ox.security/making-connections/source-control/github/getting-github-tokens) 2. In the **OX** platform, go to **Connectors** and select **GitHub > TOKEN**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b8474369b2f51bce151b9731abe6f5f0cab893e4%252FGH_SC_Token.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=73544f19&sv=2) 1. In the **Configure your GitHub credentials** dialog, set the following parameters: Parameter Description **GitHub Host URL** Add your GitHub organization account URL. **Token** Paste the GitHub token you have created. **Token Name** The token name is automatically generated by OX app. You can change/edit the connection name at any time. 2. To select specific repositories for scanning by OX platform, select the gear icon next to **DELETE**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-07f73b8b0e9278c5539a519850d40be46afae27e%252Fgear_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9691b186&sv=2) 1. Select the repos you want to protect. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1c5aef154f13badd37b9095f85209c5c49a34272%252Fselecting%2520repos_no_title.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=175b4728&sv=2) 1. Select **SAVE**. 2. (optional) [Select branches you want to scan within the selected repos.](https://docs.ox.security/scanning/multi-branch-support) 3. To connect more GitHub accounts to the same organization in the OX platform, select **Add another Token +**, set the required parameters and select **CONNECT**. Last updated 2 months ago --- # Bitbucket | OX docs This document provides guidance for connecting to **Bitbucket Cloud**, referred to as Bitbucket.com, and **Bitbucket Data Center/Server** referred to as Bitbucket Enterprise. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Connecting your BitBucket allows OX to map your apps and scan them for security issues. ### [](https://docs.ox.security/making-connections/source-control/bitbucket#bitbucket-server) Bitbucket server * **Bitbucket.com** - if you are using the public SaaS Bitbucket server, you can use either "Identity provider" or "Username & Password" login. The Username & Password option has the address of the SaaS server by default. * **Bitbucket** **Enterprise** - if you are using a private Bitbucket installation, use "Username & Password" login and provide the Bitbucket server URL on the "Username & Password" login tab. ### [](https://docs.ox.security/making-connections/source-control/bitbucket#connection-options) Connection options * **Identity Provider** - just click “Connect” under the “Identity Provider” tab and follow the instructions on the screen. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4f6382555cdea6329442e2324acae9e7531595f0%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e587bdf2&sv=2) BitBucket connector * **Username and Password** - [Create an App password in BitBucket](https://support.atlassian.com/bitbucket-cloud/docs/create-an-app-password/) with the permissions mentioned below, enter your username in the username field, copy the password into the password field and click “Connect”. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0fca183006d5378ac5540beff8d4636a1da72049%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9c792444&sv=2) BitBucket Username & Password ### [](https://docs.ox.security/making-connections/source-control/bitbucket#permissions-required) Permissions required * Account - Read and Write * Workspace memberships - Read and Write * Projects - Write and Admin * Repositories - Write and Admin * Pull requests - Read and Write * Issues - Read and Write * Snippets - Read * Webhooks - Read and write * Pipelines - Read * Runners - Read ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a551fbfedf4c519df8b1309c5f867b9f46e5187b%252Fimage%2520%288%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1d91cd2&sv=2) Once you have verified BitBucket connectivity, you can see all of the repositories and can select them for scanning. ### [](https://docs.ox.security/making-connections/source-control/bitbucket#setting-repositories-scope) Setting repositories' scope You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned. Here you can also decide what will happen by default with newly discovered repositories. Last updated 3 months ago --- # GitLab | OX docs GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking, and continuous integration and deployment pipeline features. Connecting your GitLab allows OX to map your apps and scan them for security issues. ### [](https://docs.ox.security/making-connections/source-control/gitlab#gitlab-server) GitLab server * **gitlab.com** - if you are using the public SaaS GitLab server, you can use either an "Identity provider" or "Token" login. The Token option has the address of the SaaS server by default. * **GitLab Enterprise** - if you are using a private GitLab installation, use the "Token" login and provide the GitLab server URL on the "Token" login tab. ### [](https://docs.ox.security/making-connections/source-control/gitlab#connection-options) Connection options * **Identity Provider** - just click “Connect” under the “Identity Provider” tab and follow the instructions on the screen. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-feec73edb17c0160720665af8702db81ba356c9c%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ac0a5d3d&sv=2) GitLab connector 3MB [GitLab Connector - Identity Provider.mp4](https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-8aab6a6065c018fc22dfb2d52bb3801549d8a7ae%2FGitLab%20Connector%20-%20Identity%20Provider.mp4?alt=media) Download[Open](https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-8aab6a6065c018fc22dfb2d52bb3801549d8a7ae%2FGitLab%20Connector%20-%20Identity%20Provider.mp4?alt=media) GitLab Connector - Onboarding using Identity Provider - Video * **Token** - Create a token in GitLab with the permissions (scopes) mentioned below, copy the token into the token field and click “Connect.” ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6c267b6fda6f826821b58b6008b65850c64013d6%252Fimage%2520%286%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=f34d6234&sv=2) Token ### [](https://docs.ox.security/making-connections/source-control/gitlab#token-scopes-required) Token scopes required * api * read\_user * read\_registry ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-c93965f5fdc6825d34237bf8cb1aca578ea1e804%252Fimage%2520%285%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6476e28d&sv=2) Token scopes Once you have verified GitLab connectivity, you can see all the repositories and select them for scanning. ### [](https://docs.ox.security/making-connections/source-control/gitlab#setting-repositories-scope) Setting repositories' scope You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned. Here you can also decide what will happen by default with newly discovered repositories. 4MB [GitLab Connector - Token.mp4](https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-de5aba894fd0bd66c32ff96810bcb76abaaff8f8%2FGitLab%20Connector%20-%20Token.mp4?alt=media) Download[Open](https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-de5aba894fd0bd66c32ff96810bcb76abaaff8f8%2FGitLab%20Connector%20-%20Token.mp4?alt=media) GitLab Connector - Onboarding using a Token - Video Last updated 1 year ago --- # Getting GitHub Tokens | OX docs When integrating with [GitHub](https://docs.ox.security/making-connections/source-control/github) source control and [GitHub Issues](https://docs.ox.security/making-connections/ticket-management/github-issues) , you need to get GitHub tokens. **To get GitHub tokens:** 1. Log in to your GitHub account. 2. From your profile picture in the top-right corner select **Settings**, then scroll down and select **Developer settings**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a807fe88c9396bae32f9688dff0c800992c90859%252FGH_dev_settings.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=614418fa&sv=2) 1. In the **Developer settings** page, select **Personal access tokens > Tokens (classic)** and define the parameters as follows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-14ad9f0d3e269543a30f500f31bb24d7c7f50e96%252FGH_dev_settings_access_token.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ab4a2aa6&sv=2) Parameter Description **Name** A significant name that makes it easy to identify the purpose of the token. **Expiration** Set the expiration date as far as possible. **Select scopes** By selecting scopes you define the access permissions. For GitHub source control - OX integration, select the following scopes: * read:packages * write:org * read:org * read:repo\_hook * user:email For GitHub Issues - OX integration, select the following scopes: * repo * read:user * project 1. Select **Create token**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-17853548cd91ca96cdc3b4e7ce70536b004a36c1%252FGH_taken.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=74e802a5&sv=2) 1. Copy the token and store it in a different location. After closing this dialog you cannot see it again. Last updated 2 months ago --- # Ticket Management | OX docs In OX Security, ticketing connectors play an essential role in linking security incident management with ticketing platforms. These connectors facilitate the efficient transfer of incident data, ensuring rapid response and resolution times. Ticketing connectors support integrated workflows by automatically creating and updating tickets based on security events, thus improving organizational security posture and operational efficiency. #### [](https://docs.ox.security/making-connections/ticket-management#supported-ticketing-connectors-in-ox-security) Supported Ticketing Connectors in OX Security * [Asana](https://docs.ox.security/making-connections/ticket-management/asana) * [Azure Boards](https://docs.ox.security/making-connections/ticket-management/azure-boards) * [GitHub Issues](https://docs.ox.security/making-connections/ticket-management/github-issues) * [Jira](https://docs.ox.security/making-connections/ticket-management/jira) * [Monday](https://docs.ox.security/making-connections/ticket-management/monday) * [ServiceNow](https://docs.ox.security/making-connections/ticket-management/servicenow) Last updated 3 months ago --- # Connecting to Azure | OX docs #### [](https://docs.ox.security/making-connections/source-control/azure/connecting-to-azure#getting-your-subscription-id) Getting your Subscription ID 1. Search "subscriptions" in the search bar and click on it. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0cf446398077221a30512405114ad69c98410425%252FAzure%25201.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3e7111a3&sv=2) 1. Select your Subscription. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-285a8ca957764c345a0edc7489173bfaa32a6b7c%252FAzure%25202.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a53f8270&sv=2) 1. Once you click on subscription, select overview on the right-side panel you will get your **Subscription ID**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-498b6f229ff7cf4b518205ec3928ba8f0243a5ab%252FAzure%25203.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=503a204a&sv=2) #### [](https://docs.ox.security/making-connections/source-control/azure/connecting-to-azure#get-client-id-client-secret-and-tenant-id) Get Client ID, Client Secret and Tenant ID 1. Search for "App Registrations" in the search bar and click on it. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2f592cf1986fe3dce6583e46fdaf1a0ae8ed3903%252FAzure%25201.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e25c5aa7&sv=2) 1. From the list, select the App which will have Container registry access. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-dfa7c9e09864d78690cba06464e8b7213f1557d9%252FAzure%25202.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ab95fba2&sv=2) 1. Once selected, click on overview on the left side menu and on the right-side panel you will see Client ID and Tenant ID. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-091d6ff2c4025707e37238e9e6903b3acd093da2%252FAzure%25203.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ff4106fd&sv=2) 1. On the same page on the left side menu click on the only option - Certificates & Secrets. You can create a new secret or use an existing secret value. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-606975ea54aedae114a9852bdcd703cebbd22675%252FAzure%25204.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a8d164e1&sv=2) Last updated 1 year ago --- # Azure Repos | OX docs Azure Repos is a set of version control tools that you can use to manage your code. Azure Repos provides two types of version control: 1. Git: distributed version control. 2. Team Foundation Version Control (TFVC): centralized version control. Azure Pipelines is a cloud-based solution that automatically builds and tests code projects. Connecting your Azure account allows OX to map and scan your apps for security issues. ### [](https://docs.ox.security/making-connections/source-control/azure#connection-options) Connection options * **Identity Provider** - just click “Connect” under the “Identity Provider” tab and follow the instructions on the screen. * **Token** - [Create an access token in Azure DevOps](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows) with the permissions mentioned below, copy the token into the token field and click “Connect”. ### [](https://docs.ox.security/making-connections/source-control/azure#token-scopes-required) Token scopes required * Auditing - Read Audit Log * Build - Read * Code - Full * Code - Status * Graph - Read and Manage * Identity - Read and Manage * Member Entitlement Management - Read and Write * Project and Team - Read, Write and Manage * Release - Read * Security - Manage * User profile - Read * Wiki - Read * Work items - Read and Write ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4013c036920e65983326e62a8743799d26e55dde%252Fimage%2520%289%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6b57312a&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3aa2bbe7e67e18579c33fe233292735f85e0e248%252Fimage%2520%2810%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=783f8578&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a41864dc3bd7ee84d61c371fb1a2038f7f1ebff1%252Fimage%2520%2811%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d9933257&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3222c5ff39aaa3b55869ea18646248b4566fda46%252Fimage%2520%2812%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b1b37ada&sv=2) Once you have verified Azure repos connectivity, you can see all the repositories and can select them for scanning. ### [](https://docs.ox.security/making-connections/source-control/azure#setting-repositories-scope) Setting repositories' scope You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned. Here you can also decide what will happen by default with newly discovered repositories. Last updated 1 year ago --- # Asana Ticketing | OX docs Asana is a powerful work management platform that helps teams organize, track, and manage their projects and tasks efficiently. With features like task assignments, project timelines, collaboration tools, and automation, Asana enables teams to stay aligned and productive, ensuring smooth project execution from start to finish. Integrating OX Security with Asana brings security into the heart of your project management workflow, ensuring that security issues are tracked and resolved alongside other development tasks, as follows: * **Automated Security Task Creation**: Security vulnerabilities detected by OX Security can be automatically logged as tasks in Asana, ensuring they are addressed without delay. * **Improved Collaboration**: Developers, security teams, and project managers can work together seamlessly by managing security-related tasks within their existing Asana workflows. * **Enhanced Visibility and Tracking**: Security issues are prioritized alongside other work, giving teams clear visibility into security risks and their resolution status. * **Better Compliance and Risk Management**: By tracking security-related tasks within Asana, organizations can maintain compliance and reduce security risks proactively. [](https://docs.ox.security/making-connections/ticket-management/asana#prerequisites) Prerequisites -------------------------------------------------------------------------------------------------------- * Asana account [](https://docs.ox.security/making-connections/ticket-management/asana#getting-asana-token) Getting Asana Token -------------------------------------------------------------------------------------------------------------------- 1. Log in to your Asana account. 2. Click your profile picture in the top-right corner and select **Settings**, then select **Apps**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1672d9e5476fca59c58ec3ece4b51a041f4a743e%252FAsana_settings_Apps.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=cb8d6722&sv=2) 1. Click **View developer console**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-933b78724931d70acc7b03645de124c9b531116c%252FAsana_settings_my_Apps%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=824d2dd9&sv=2) 1. Select + **Create new token**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-867598bcc7393d87c25bbf6bc5fd09ca0935d3f8%252FAsana_Create_new_token.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e00f7432&sv=2) 1. Add token details: **Token name** A significant name that makes it easy to identify the purpose of the token. **I agree to the Asana API Terms** To read the terms, click **Asana API Terms** and then select the option. 1. Select **Create token**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-db8782f217d470e8bcce00eb7a5e5eccfdb18e5d%252FAsana_token_details.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1485d1c4&sv=2) 1. Copy the token and store it in a different location. After closing this dialog you cannot see it again. [](https://docs.ox.security/making-connections/ticket-management/asana#connecting-to-asana) Connecting to Asana -------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Asana. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-fdc9f33df9d64a56bf799de3e420ae75f776c8a1%252FAsana_icon_correct.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2a4c7aea&sv=2) 1. Select **Asana**. The **Configure your Asana credentials** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-734df47de8a81dda835c7016f80cdc328faf6937%252FAsana_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d4ff7b93&sv=2) 1. Select **CONNECT**. The Asana connector is configured. [](https://docs.ox.security/making-connections/ticket-management/asana#adding-asana-tickets) Adding Asana Tickets ---------------------------------------------------------------------------------------------------------------------- After establishing the connection with Asana, you can add Asana tickets to tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ab281971d3df05fae41bef6c04de6b271a469106%252FAsana_WF.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6c03e13d&sv=2) **To add a new Asana ticket in OX:** 1. In the **Issues** page, identify and select the issue for which you want to add a new ticket in Asana. 2. Select the Asana icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8ef49a85f73230de2ac74bcd6108813c929be1a3%252FAsana_issues_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c44a92e2&sv=2) 1. Set the ticket details in the **Create Asana Ticket** dialog and select CREATE TICKET. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-07d2f1396e216adfbe436ee5f3cbdbf277fabddc%252FAsana_create_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b1ba1e07&sv=2) Parameter Description **Title** The title of the ticket that describes the problem/issue. **Project** The name of the project, as it's defined in Asana. **Priority** Set the priority that you think should be assigned to this ticket. **Assignee** Set the team member who will work on the ticket. **Tags** Add tags for ticket classification. You can add only default Asana tags or tags that you have added in Asana. **Dependencies** Here you can add other Asana tickets that are related to/dependent on this ticket. The new ticket appears in Asana. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-408e3c07372f205f39b41d295e3752f81f6b6db9%252FAsana_new_ticket_in_app3.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=5fb2c8a8&sv=2) Last updated 8 months ago --- # Azure Cloud | OX docs ### [](https://docs.ox.security/making-connections/azure-cloud#automatic-connection-instructions) Automatic connection instructions 1. Make sure you are logged into your Azure Portal on the correct Tenant you want to connect and that you have a \\"User Access Administrator\\" Role which is required in order to run this script. * You can either run the script from the Azure Portal (Cloud Shell) or locally on your machine if you have Azure CLI installed. * If running locally you can run the following command to log in: 'az login --tenant $TENANT\_ID --use-device-code --output none'. 2. Click the 'Download Script' button In the OX Connector window to download the script. 3. Run the downloaded script by executing \`./azure-connector.sh -t TENANT\_ID -s SUBSCRIPTION\_ID\` in the terminal. TENANT\_ID is the ID of the tenant you want to connect (this parameter is required), SUBSCRIPTION\_ID is the ID of the Subscription you want to connect (this parameter is optional, if no SUBSCRIPTION\_ID has been entered the default Subscription will be chosen). 4. Once the script completes, it will output the Client ID and Client Secret that has been created. 5. In the OX Connector fields below, enter your Tenant ID and the values you got from running the script (Client ID and Client Secret). 6. Click Connect. 7. You should receive a message that the connection was successful, if not please repeat the steps above or contact support. ○ Note - if you want to create the required assets manually please follow the instructions below. ### [](https://docs.ox.security/making-connections/azure-cloud#manual-connection-instructions) Manual connection Instructions 1. Log in to your Azure portal. 2. Navigate to Microsoft Entra ID → App registrations → New registration. 3. You should be in the following screen: ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-e8df1f600eb59fac4329fe9678b40d97e641c221%252FScreenshot%25202023-10-04%2520141427.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7e32404a&sv=2) 4. In the Register an application screen: * Enter a name for the application, e.g. "ox-security-connector-sp". * Keep the single tenant option selected in the Supported account types. * Click Register. 5. Note the generated values: ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-10e776950bdd94f91c3a745167d3f25e19e71dae%252FScreenshot%25202023-10-04%2520150010.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e3df1ea6&sv=2) 6. Note down the Application (client) ID and Directory (tenant) ID. 7. Navigate to Subscriptions → Your subscription → Access control (IAM) → Add → Add role assignment. 8. In the Add role assignment screen: * Role tab: Click the “Reader” role and then click next. * Members tab: Click “Select Members”, search for the app you created in step 3, click it, and then click select so it will be added. * Click “Review + assign”. > **Note:** To connect to Azure Kubernetes Service (AKS), in addition to the Reader role, assign: > > * **Azure Kubernetes Service RBAC Reader** at the subscription or cluster level. > > * **Azure Kubernetes Service Cluster User Role** at the subscription or cluster level. > 9. Navigate back to App registrations → Your app → Certificates & secrets → New client secret. 10. Enter a description for the secret and set the expiration for the desired time period (note that if the secret expires you will have to reconnect again in the OX platform) and click “Add”. 11. Note down the Value of the client secret. 12. In the Ox Connector, enter the Tenant ID, Client ID, and Client Secret. 13. Click Connect. 14. You should receive a message that the connection was successful, if not please repeat the steps above or contact support. Last updated 2 months ago --- # GitHub Issues | OX docs GitHub is a widely used platform for version control and collaborative software development. It enables teams to manage repositories, track issues, and collaborate efficiently through pull requests, code reviews, and project boards. Integrating OX Security with GitHub enhances your software development lifecycle by embedding security insights directly into your GitHub workflow, as follows: * **Automated Issue Tracking**: Security findings detected by OX Security can be logged as issues or pull requests in GitHub, ensuring that vulnerabilities are tracked and addressed promptly. * **Seamless Collaboration**: Developers, security teams, and project managers can manage security-related tasks within their existing GitHub environment, streamlining the remediation process and improving team collaboration. * **Improved Security Visibility**: The integration provides clear visibility into security risks within the development pipeline, helping teams prioritize and resolve issues more efficiently. * **Enhanced Compliance Management**: Organizations can ensure compliance by tracking security-related tasks alongside other development activities, simplifying audits and reporting. [](https://docs.ox.security/making-connections/ticket-management/github-issues#prerequisites) Prerequisites ---------------------------------------------------------------------------------------------------------------- GitHub account. OX integration supports GitHub privet repositories only. [](https://docs.ox.security/making-connections/ticket-management/github-issues#connecting-to-github-issues) Connecting to GitHub Issues -------------------------------------------------------------------------------------------------------------------------------------------- 1. [Get a GitHub token.](https://docs.ox.security/making-connections/source-control/github/getting-github-tokens) 2. In the **OX** platform, go to **Connectors** and search for **GitHub Issues**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-21ff6cf6202d81ab6fb4e5a406bf7e3b890de463%252FGH_issues_icon1%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=f78d2e3a&sv=2) 1. Select **GitHub Issues** and set the following parameters in the **Configure your GitHub Issues credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-f788a68fefdf502dd13d4989c9dc4b9c185662e4%252FGH_connect%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d5deb928&sv=2) Parameter Description **GitHub Issues Host URL** Add your GitHub organization account URL. **Token** Paste the GitHub token you have created. **Token Name** The token name is automatically generated by OX. You can change/edit the connection name at any time. 1. Select **CONNECT**. The success message appears. [](https://docs.ox.security/making-connections/ticket-management/github-issues#adding-github-tickets) Adding GitHub Tickets -------------------------------------------------------------------------------------------------------------------------------- After establishing the connection with Jira, you can add Jira tickets for a variety of tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-d1ab936b7c3d0b7f33dd7b1da9d15d21cd27803c%252FGH_WF.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a1ac623&sv=2) **To add a new GitHub ticket in OX:** 1. In the **Issues** page, identify and select the issue for which you want to add a ticket in GitHub. 2. Select the GitHub icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5d3a1fed19bc8e9c239aa5358567b4287ed57efd%252FGH_issues_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a454aafe&sv=2) 1. Set the ticket parameters in the **Create GitHub Issue Ticket** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5cfb2e670d377064b86e1435808dd177c8c2e094%252FGH_issue_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8b601729&sv=2) Parameter Description **Title** The title of the ticket that describes the problem/issue, as it appears in the OX Issues page. **Organization** Your organization name. **Project** The name of the project, as it's defined in GitHub. **Labels** Select GitHub labels. **Repository** Select the repository where the issue was identified. **Assigned To** Select the person to who you want to assign the ticket. 1. Select **CREATE TICKET**. The new ticket appears in GitHub. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-63cf70a79fb7446913751496fd08916d50c24be6%252FGH_final_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=218a57d9&sv=2) Last updated 2 months ago --- # Azure Boards | OX docs Azure Boards is a work tracking tool within Azure DevOps that helps software development teams plan, track, and discuss work items efficiently. It provides customizable Kanban boards, backlogs, dashboards, and reporting tools to streamline project management, ensuring teams can collaborate effectively on software development and delivery. Integrating OX Security with Azure Boards enhances your software development lifecycle by embedding security insights directly into your workflow, as follows: * **Automated Issue Tracking:** Security findings detected by OX Security can be logged as work items in Azure Boards, ensuring that vulnerabilities are addressed promptly. * **Seamless Collaboration:** Developers, security teams, and project managers can manage security-related tasks within their existing work tracking system, reducing friction in the remediation process. * **Improved Security Visibility:** The integration provides clear visibility into security risks within the development pipeline, helping teams prioritize and resolve issues efficiently. * **Enhanced Compliance Management:** Organizations can ensure compliance by tracking security-related tasks alongside other development activities, making audits and reporting more manageable. [](https://docs.ox.security/making-connections/ticket-management/azure-boards#prerequisites) Prerequisites --------------------------------------------------------------------------------------------------------------- * Microsoft Azure account [](https://docs.ox.security/making-connections/ticket-management/azure-boards#getting-azure-boards-token) Getting Azure Boards Token ----------------------------------------------------------------------------------------------------------------------------------------- 1. Log in to your Azure DevOps account: [https://${hosturl}/${OrgName}](https://${hosturl}/$%7BOrgName%7D) 2. From your profile picture in the top-right corner select **User settings**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7d7e3fa85c85b2d86daf70904640fcb8dd216c9e%252FAzureBoards2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7e648943&sv=2) 1. Select **Personal Access Tokens** and then click **\+ New Token**. 2. In the **Create a new personal access token dialog box**, set the following: ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-01581e4cbeb701eb3dcff9974baaa3e458d7b294%252FAzureBoards4%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d38133f4&sv=2) Parameter Description **Name** A significant name that makes it easy to identify the purpose of the token. **Organization** Your organization name. In case your azure account is used for several organizations, you need to choose from a list. **Expiration (UTC)** Set the expiration date as far as possible. Set a specific number of days for the token's validity. Define a number of days based on your organization needs. **Note:** For security reasons, it is not recommended to use the option **Never expire**. **Scopes** The scope of access associated with this token. Set the following: - **Work items**: **Read & write**. - **Member Entitlement Management**: **Read** - **Project and Team**: **Read** 1. Select **Create**. The dialog with the token appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1b3eb3a8fe4236be10b877482722854e669bdb5c%252FAzureBoards7.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d4818153&sv=2) 1. Copy the token and store it in a different location. After closing this dialog you cannot see it again. [](https://docs.ox.security/making-connections/ticket-management/azure-boards#connecting-to-microsoft-azure) Connecting to Microsoft Azure ----------------------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Azure Boards. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2944f1e601c47c91aeba3a8ff7add36624c2e9f8%252FAzureBoards_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=371f7f2b&sv=2) 1. Select **Azure Boards** and set the following parameters in the **Configure your Azure Boards credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6ace8bacd7e4bf8b63d9be76022b8b89461b0cad%252FAzureBoards8.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=463ac4&sv=2) Parameter Description **Azure Boards Host URL** Add your Azure DevOps account URL. **Token** Paste the token you have created. **Token Name** The name is generated automatically by OX. 1. Select **CONNECT**. The success message appears. [](https://docs.ox.security/making-connections/ticket-management/azure-boards#adding-azure-boards-tickets) Adding Azure Boards Tickets ------------------------------------------------------------------------------------------------------------------------------------------- After establishing the connection with Azure Boards, you can add Azure tickets for DevOps tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b8eb1045380211a8f569626c07018fab11538d11%252FAzureBoards13.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6d44b1da&sv=2) **To add a new Azure ticket in OX:** 1. In the Issues page, identify and select the issue for which you want to add a devops related ticket in Azure Boards. 2. Select the Azure Boards icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-c85b4657c97b4d5bc9804c1742e7bc1fe0c68c92%252FAzureBoards_OXicon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c5a018d5&sv=2) 1. Set the ticket details in the **Create Azure Boards Ticket** dialog and select CREATE TICKET. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6c88f06fed7144fd17ad88f0ec2fc4983b506ae6%252FAzureBoards10.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=f211c263&sv=2) Parameter Description **Title** The title of the ticket that describes the problem/issue. **Project** The name of the project, as it's defined in Azure Boards. **Priority** Set the priority that you think should be assigned to this issue. **Assign To** Set the team member who will work on the ticket. **Tags** Add tags for ticket classification. **Story Points** Define how long it should take to resolve this ticket. **Type** Specify the type of the Azure ticket (**Epic, Issue, Task**). **Teams** The team that should resolve the ticket. **Area** The area, as defined in the Azure Boards ticket. **Iteration** The sprint in which this ticket must be resolved. The new ticket appears in Azure Boards. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-87a7d930ce9ed57d5971d68942a51b4d93426bf7%252FAzureBoards12.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a1665e46&sv=2) Last updated 8 months ago --- # Tenable | OX docs Tenable is a leading provider of vulnerability management solutions, offering comprehensive tools to identify, assess, and manage security vulnerabilities in IT environments. It enables organizations to continuously monitor their networks, systems, and applications for potential weaknesses, providing critical insights to help mitigate security risks. Tenable's platform, including products like Tenable.io and Tenable.sc, delivers real-time visibility into vulnerabilities and facilitates efficient remediation strategies. By integrating with OX Security, Tenable helps enhance security teams' ability to proactively manage vulnerabilities and prioritize responses to potential threats, ensuring stronger protection across organizational systems. Through this integration, OX Security can import vulnerability data from Tenable and correlate it with security issues found using the OX Security platform. This allows security teams to gain a broader view of vulnerabilities and manage them more effectively. Seamless integration between the two platforms, allows continuous vulnerabilities monitoring and prioritization. It helps security teams streamline their workflows by centralizing data from multiple sources, improving the accuracy and efficiency of remediation efforts. The integration supports automated reporting, enabling organizations to stay on top of security vulnerabilities across their environment. The integration process includes the following steps: 1. [Generate Tenable API key.](https://docs.ox.security/making-connections/tenable#generating-a-tenable-vulnerability-management-api-key) 2. [Connect the OX platform to Tenable.](https://docs.ox.security/making-connections/tenable#connecting-to-tenable) [](https://docs.ox.security/making-connections/tenable#prerequisites) Prerequisites ---------------------------------------------------------------------------------------- Tenable account. [](https://docs.ox.security/making-connections/tenable#generating-a-tenable-vulnerability-management-api-key) Generating a Tenable Vulnerability Management API Key ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1. Log in to Tenable at [cloud.tenable.com](http://cloud.tenable.com/) . 2. In the upper-right corner, click the user profile icon. The **My Account** page appears. 3. In the left navigation, click **API Keys**. The **API Keys** section appears. 4. In the bottom-left corner, click **Generate**. In the top-right corner, a dialog appears with a message that existing keys will be unauthorized. 5. Click **Continue**. Under **ACCESS KEY** and **SECRET KEY**, new keys appear. 6. Copy the keys to a safe location. After you close the **My Account page**, you cannot view the keys again. [](https://docs.ox.security/making-connections/tenable#connecting-to-tenable) Connecting to Tenable -------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Tenable. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a95a2533dd31f5f665edc0c500a029cef8d7fa4c%252FTenable%2520icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a41e3438&sv=2) 1. Select **Tenable** and set the following parameters in the **Configure your Tenable credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0f927512d1ff44d861fcd7992a216db1f0eaf427%252FTenable_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1db44781&sv=2) Parameter Description **Tenable Host URL** Add your Tenable organization account URL. **API Access Key** Paste the Tenable access key you have generated. **API Secret Key** Paste the Tenable secret key you have generated.. 1. Select **CONNECT**. The success message appears. \\ Last updated 7 months ago --- # Invicti | OX docs > **Note:** This capability is currently in Early Access (EA) and is not generally available. To request access, please contact OX technical support. You can connect OX to your Invicti instance to import Dynamic Application Security Testing (DAST) results. This allows you to view DAST issues alongside other security findings in the OX Security platform. Integrating Invicti with OX provides you with unified view of vulnerabilities across your application stack. OX automatically pulls Invicti DAST scan results and displays them in the Active Issues page. > **Notes:** > > * Some advanced Invicti capabilities, such as automatic crawling of subdomains, depend on your Invicti configuration and may affect what data is shown in OX. > > * The Invicti connector does not support automatic discovery of credentials from the Invicti UI. You must obtain the required credentials manually. > > * If your Invicti instance requires a token instead of a username and password, consult your Invicti administrator. > [](https://docs.ox.security/making-connections/dynamic-app-security/invicti#step-1-get-an-invicti-api-token-invicti) Step 1: Get an Invicti API token \[Invicti\] ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. Log in to **Invicti Enterprise**. 2. Select **\[Your Name\]** (top right) > **API Settings**. 3. If prompted, enter your **Current password**. 4. To display your **User ID** and **API token**, select **Submit** . 5. Copy the token and store it in a secure location. If your organization uses Single Sign-On (SSO), the **API Settings** page may open without a password prompt. If SSO is enabled but you’re still prompted for a password, go to **Settings > Single Sign-On** and select **Enforce to authenticate only with single sign-on**. [](https://docs.ox.security/making-connections/dynamic-app-security/invicti#step-2-connect-invicti-to-ox-ox) Step 2: Connect Invicti to OX \[OX\] ------------------------------------------------------------------------------------------------------------------------------------------------------ 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **Invicti**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-66859245dfb8efc3d04ea0e7dc618c1acf116f2b%252FInvicti_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2da140f4&sv=2) 1. In the **Configure your Invicti credentials** box, provide the following details: Field Description Invicti host URL Use the base URL of your Invicti instance: [https://www.netsparkercloud.com](https://www.netsparkercloud.com/) User Name Your Invicti username. Password Your Invicti password. 1. Select **CONNECT**. 2. To select specific Invicti projects to import, click the gear icon next to the **DELETE** button. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b7b3ba10314c29db54c380bda3f342616a498767%252Fselect%2520projects.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=47e74be5&sv=2) 1. Select the Invicti projects and select **SAVE**. When connected, OX starts pulling DAST data from Invicti. Last updated 3 days ago --- # AWS | OX docs **AWS (Amazon Web Services**) is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings. **Amazon Elastic Container Registry (ECR**) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying development to production workflow. **Amazon CloudWatch** is a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources. Connecting your AWS account to our system will allow us to analyze it and find vulnerabilities regarding IaC and Artifact integrity, using our own tools as well as other security tools such as Prowler. The connection is being established by giving us (and only us) permissions for specific, carefully picked resources/ policies that will enable us to run the tools on them. ### [](https://docs.ox.security/making-connections/aws#connection-options) Connection options #### [](https://docs.ox.security/making-connections/aws#automatic) Automatic A sort of "plug-and-play" to connect a single AWS account, everything is pre-configured to what we need in order to run our tools, it will automatically create for you the user, role, and policies that we require, all you have to do is follow the instructions. 1. Log in to your AWS console. 2. Under the Automatic tab, click the 'Cloud Formation Assume Role' button. 3. On the CloudFormation page: 3.1. Check the two acknowledgment boxes at the bottom. 3.2. Click Create stack. Note: if you have already created a Cloud Formation stack before for ox-security you will need to rename the stack name, otherwise it will issue an error (Stack \[ox-security\] already exists) 4. Once the stack has been created, open CloudFormation outputs and copy the OxRoleArn value 5. In the OX Connector below paste the value in the field AWS Role ARN. 6. Click Connect. 7. You should receive a message that the connection was successful, if not please repeat the steps above. #### [](https://docs.ox.security/making-connections/aws#manual) Manual This is a more advanced way of configuration for companies who want to create all the user/ roles/ policies that we need themselves. 1. Log in to your AWS console. 2. Create a new role in the AWS IAM Console. 3. Select Another AWS account for the Role Type. 4. For Account ID, enter 351456651185 (OX's account ID). This means that you are granting OX read only access to your AWS data. 5. Select Require external ID and enter the one generated in the OX AWS integration tile. Make sure you leave Require MFA disabled. 6. Click Next: Permissions. 7. In the Attach permissions policies screen Filter policies search and include the following policies: 1. ViewOnlyAccess 2. SecurityAudit 8. Click Next: Tags and Next: Review. 9. Name the Role OxAWSIntegrationRole or one of your own choosing, and provide an appropriate description. 10. Click Create Role 11. Once the Role creation is complete, open the Role and copy the Role ARN value. 12. In the OX Connector below paste the value in the field AWS Role ARN. 13. Click Connect. 14. You should receive a message that the connection was successful, if not please repeat the steps above. #### [](https://docs.ox.security/making-connections/aws#organization) Organization In case you have multiple AWS accounts, this configuration is the right one for you. By connecting your AWS management account to our system we will be able to scan all of the accounts under it for vulnerabilities. The way we do it is similar to the automatic connection (meaning we do the heavy lifting for you by creating all the assets needed), with an extra step to connect your management account with all of the accounts under it. 1. Log into your AWS console and navigate to the **CloudFormation** service. 2. Click on **StackSets** and then **Create StackSet**. 3. In the **Choose a template** page: a. Under **Permissions**, select the **Service-managed permissions** option. b. Under **Prerequisite – Prepare template**, make sure the **Template is ready** option is selected. c. Under **Specify template**, select the **Amazon S3 URL** option. d. Under **Amazon S3 URL**, paste the following link: [https://ox-cloudformation-template.s3.eu-west-1.amazonaws.com/aws/ox\_aws\_integration\_stackset\_template\_k8s.yml](https://ox-cloudformation-template.s3.eu-west-1.amazonaws.com/aws/ox_aws_integration_stackset_template_k8s.yml) e. Click **Next**. 4. In the **Specify StackSet details** page: a. Set StackSet name **ox-security** (must be unique). b. Change the description if you want. c. Set **External Id** – paste the **AWS External ID** generated below. d. Ensure **IAMRoleName** and **OxAWSAccountId** are already filled. e. Click **Next**. 5. In the **Configure StackSet options** page: a. Under **Execution configuration**, make sure **Managed execution** is set to **Inactive**. b. Click **Next**. 6. In the **Set deployment options** page: a. Set **Add stacks to stack set** to **Deploy new stacks**. b. Set **Deployment targets** to **Deploy to organization**. c. Set **Automatic deployment** to **Enabled**. d. Set **Account removal behavior** to **Delete stacks**. e. In the **Specify regions** section, select the region your organization is in. > **Note:** Select only one region. Choosing multiple regions will cause the deployment to fail. f. In the **Deployment options** section, set: i. Maximum concurrent accounts – 1 ii. Failure tolerance – 0 iii. Region Concurrency – Sequential g. Click **Next**. 7. **Review the configuration:** a. Check that everything is correct and adjust if necessary. b. Check the **I acknowledge that AWS CloudFormation...** checkbox under **Capabilities**. c. Click **Submit**. 8. You have now successfully deployed the StackSet. 9. Click the **Cloud Formation Assume Role** button below. 10. On the **CloudFormation** page: a. Check the acknowledgment box at the bottom. b. Click **Create stack**. **Note:** if you already created a Cloud Formation stack for ox-security you will need to rename the stack name, otherwise it will issue an error (Stack \[ox-security\] already exists). 11. Once the stack has been created, open **CloudFormation outputs**, copy the **OxRoleArn** value, and paste it in the **AWS Role ARN** below. 12. Click **Connect**. 13. You should receive a message that the connection was successful; if not, please repeat the steps above. When using “**Service-managed permissions**” (Enabled in AWS Organizations), the parent/admin account has a stack set admin role named AWSServiceRoleForCloudFormationStackSetsOrgAdmin, while the child/target accounts have the stack set execution role named stacksets-exec-. As the name suggests, the CloudFormation service automatically adds both roles to their respective accounts to establish the trust relationship. However, this method only adds the default trust and permission policies (administrative access), and does not allow the user to customize the IAM roles when they are created. Please note that some CSPM Tools might flag this role as a violation, thus it is recommended to remove the stacksets-exec- role from the target accounts. Last updated 16 days ago --- # GitGuardian | OX docs GitGuardian is a leading provider of automated secrets detection and remediation solutions, helping organizations protect sensitive information across their codebases and development workflows. GitGuardian enables continuous monitoring of public and private repositories to detect exposed secrets like API keys, credentials, and other sensitive data, providing real-time alerts to minimize security risks. GitGuardian’s platform offers actionable insights and collaboration tools to facilitate swift remediation and ensure compliance with security policies. By integrating with OX Security, GitGuardian enhances the ability of security teams to correlate detected secrets with broader security issues identified within the OX Security platform. This integration provides: * unified visibility into code-related vulnerabilities and secrets exposure, allowing teams to manage and prioritize risks more effectively * automated detection * centralized data analysis * efficient response workflows * security operations streamline * stronger control over sensitive data throughout the development lifecycle The integration process includes the following steps: 1. [Generate a GitGuardian token.](https://docs.ox.security/making-connections/gitguardian#generating-a-gitguardian-token) 2. [Connect the OX platform to GitGuardian.](https://docs.ox.security/making-connections/gitguardian#connecting-to-gitguardian) [](https://docs.ox.security/making-connections/gitguardian#prerequisites) Prerequisites -------------------------------------------------------------------------------------------- GitGuardian account with read access. [](https://docs.ox.security/making-connections/gitguardian#generating-a-gitguardian-token) Generating a GitGuardian Token ------------------------------------------------------------------------------------------------------------------------------ 1. Log in to GitGuardian at [dashboard.gitguardian.com](http://dashboard.gitguardian.com/) . 2. In the left sidebar, click on **Settings**. 3. Navigate to the **API** section. 4. Click **Create a token**. 5. Enter a name for the token and configure the necessary permissions. 6. Click **Generate**. 7. Copy the token to a secure location. You will not be able to view it again after closing the dialog. [](https://docs.ox.security/making-connections/gitguardian#connecting-to-gitguardian) Connecting to GitGuardian -------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for GitGuardian. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-c1634e3f50e5b299e3f9378732e9969cb8651a4c%252FGitGuardian_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b54643a4&sv=2) 1. Select **GitGuardian** and set the following parameters in the **Configure your GitGuardian credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6d4a33b62935141b295e7d25952d4050297a79c0%252FGitGuardian_Connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=45174689&sv=2) Parameter Description **GitGuardian Host URL** Add your GitGuardian organization account URL. - Use the default account: [https://api.gitguardian.com](https://api.gitguardian.com/) , - Or use your org account. **Token** Paste the GitGuardian token you have generated. 1. Select **CONNECT**. The success message appears. \\ Last updated 6 months ago --- # Monday | OX docs Monday is a versatile work management platform that helps teams streamline workflows, track projects, and collaborate efficiently. It offers customizable dashboards, automation, and integrations to enhance productivity across various industries. By integrating OX Security with Monday.com, teams can seamlessly incorporate security insights into their existing workflows. This integration enables the following: * automatic tracking of security issues * real-time updates on vulnerabilities * visibility into security risks With OX Security’s capabilities, development and security teams can prioritize and address threats directly from their Monday.com workspace, ensuring a more secure and efficient software development process. OX Security supports only working with Monday boards. [](https://docs.ox.security/making-connections/ticket-management/monday#prerequisites) Prerequisites --------------------------------------------------------------------------------------------------------- * Monday account. [](https://docs.ox.security/making-connections/ticket-management/monday#getting-monday-token) Getting Monday Token ----------------------------------------------------------------------------------------------------------------------- 1. Log in to your Monday.com account. 2. Click your profile picture in the top-right corner and select **Administration**. 3. In the left pane, select **Connections** and then in the right pane select the **API** tab. 4. In the **API Token** section, click **Generate** and then **Copy**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ce1caf7b49a4cc8ed67bb3b36cee3c546c1a994e%252FMonday_token2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d9e4a7c1&sv=2) 1. Copy the token and store it in a different location. After closing this dialog you cannot see it again. [](https://docs.ox.security/making-connections/ticket-management/monday#connecting-to-monday) Connecting to Monday ----------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Monday. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9bab919c6598b5f91f9f7206484bd63d3475f0d9%252FMonday_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=49901469&sv=2) 1. Select **Monday**. The **Configure your Monday credentials** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-dda6fe8629e71dd0523f2447fc463cabb7060f22%252FMonday_connecting.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ff109148&sv=2) 1. Select **CONNECT**. The Monday connector is configured. [](https://docs.ox.security/making-connections/ticket-management/monday#adding-monday-tickets) Adding Monday Tickets ------------------------------------------------------------------------------------------------------------------------- After establishing the connection with Monday, you can add Monday tickets to tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3d658a09e9057500ad4c0b219daeec4d76d30bec%252FMonday_WF.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=83ce3cd4&sv=2) **To add a new Monday ticket in OX:** 1. In the **Issues** page, identify and select the issue for which you want to add a new ticket in Monday. 2. Select the Monday icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-f6efe34061f6ab5c3bf48bb25df4412c73415390%252FMonday_icon_issues.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ed324fd3&sv=2) 1. Set the ticket details in the **Create Monday Ticket** dialog and select **CREATE TICKET**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8a765feae87213089018ae0021b5b617df318b3e%252FMonday_Ticket_issue.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=79211135&sv=2) Parameter Description **Title** The title of the ticket that describes the problem/issue. **Workspace** The name of the workspace, as it's defined in Monday. **Board** The Monday board associated with this ticket. **Status** The status of the ticket. **Assigned To** Set the team member who will work on the ticket. The new ticket appears in Monday. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8dac8492b700cda46fe0fc1822545f66e698dc07%252FMonday_tickets_in_Monday.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6a13f75&sv=2) Last updated 8 months ago --- # Bitsight | OX docs > Note: This capability may be in Early Access (EA) in your environment. Coordinate availability with your OX technical contact. You can connect OX to your BitSight tenant to import BitSight security-ratings data. This lets you view BitSight items alongside other security findings in the OX platform. [](https://docs.ox.security/making-connections/dynamic-app-security/bitsight#prerequisites) Prerequisites -------------------------------------------------------------------------------------------------------------- * BitSight Admin or VRM Admin role to generate the integration token. [](https://docs.ox.security/making-connections/dynamic-app-security/bitsight#step-1-get-a-bitsight-api-token-bitsight) Step 1: Get a BitSight API token \[BitSight\] ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- To start using the BitSight API, create a token from **User Preferences**. 1. In BitSight, go to **Settings > Account > User Preferences**. 2. Choose the token type to generate: * **User API Token**: In **User API Token**, select **Generate New Token**. * **Company API Token**: In **Company API Token**, enter a **description** in **New Token** (purpose) and select **Generate**. 3. Copy the generated token and store it securely. For security purposes, a **Company API token** is displayed only once. [](https://docs.ox.security/making-connections/dynamic-app-security/bitsight#step-2-connect-bitsight-to-ox-ox) Step 2: Connect BitSight to OX \[OX\] --------------------------------------------------------------------------------------------------------------------------------------------------------- 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **BitSight**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5842f986966540508e702769f86db1aceea9e936%252FBitSight.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=cab799b2&sv=2) 1. In the connector configuration, provide the following: Field Description **Bitsight Host URL** The base server URL Bitsiht provides. **API token** Paste your BitSight **Company API token**. 1. Select **CONNECT**. 2. When the connection succeeds, OX starts scheduled imports of Bitsight data. Last updated 2 days ago --- # AWS OX Integration Policy | OX docs * ViewOnlyAccess * SecurityAudit When creating the OX Integration Policy as directed in the AWS connection instructions, include the ViewOnlyAccess policy and the SecurityAudit policy, and then copy the following JSON object and paste it in the policy creation page: Copy { "Version": "2012-10-17", "Statement": [\ {\ "Action": [\ "apigateway:GET",\ "autoscaling:Describe*",\ "backup:List*",\ "ec2:GetEbsEncryptionByDefault",\ "ec2:GetSnapshotBlockPublicAccessState",\ "ec2:GetInstanceMetadataDefaults",\ "ecr:Describe*",\ "ecr:GetRegistryScanningConfiguration",\ "support:Describe*",\ "tag:GetTagKeys",\ "lambda:GetFunction",\ "glue:GetConnections",\ "glue:GetSecurityConfiguration",\ "glue:SearchTables",\ "glue:GetMLTransforms",\ "s3:GetAccountPublicAccessBlock",\ "shield:GetSubscriptionState",\ "shield:DescribeProtection",\ "elasticfilesystem:DescribeBackupPolicy",\ "iam:SimulatePrincipalPolicy",\ "account:Get*",\ "appstream:Describe*",\ "appstream:List*",\ "backup:Get*",\ "bedrock:List*",\ "bedrock:Get*",\ "cloudtrail:GetInsightSelectors",\ "codeartifact:List*",\ "codebuild:BatchGet*",\ "codebuild:ListReportGroups",\ "cognito-idp:GetUserPoolMfaConfig",\ "dlm:Get*",\ "drs:Describe*",\ "ds:Get*",\ "ds:Describe*",\ "ds:List*",\ "dynamodb:GetResourcePolicy",\ "ec2:GetSnapshotBlockPublicAccessState",\ "lambda:GetFunction*",\ "logs:FilterLogEvents",\ "lightsail:GetRelationalDatabases",\ "macie2:GetMacieSession",\ "macie2:GetAutomatedDiscoveryConfiguration",\ "securityhub:BatchImportFindings",\ "securityhub:GetFindings",\ "servicecatalog:Describe*",\ "servicecatalog:List*",\ "ssm:GetDocument",\ "ssm-incidents:List*",\ "states:ListTagsForResource",\ "wellarchitected:List*",\ "eks:ListNodegroups",\ "eks:DescribeFargateProfile",\ "eks:ListTagsForResource",\ "eks:ListAddons",\ "eks:DescribeAddon",\ "eks:ListFargateProfiles",\ "eks:DescribeNodegroup",\ "eks:DescribeIdentityProviderConfig",\ "eks:ListUpdates",\ "eks:DescribeUpdate",\ "eks:AccessKubernetesApi",\ "eks:DescribeCluster",\ "eks:ListClusters",\ "eks:DescribeAddonVersions",\ "eks:ListIdentityProviderConfigs"\ ],\ "Resource": "*",\ "Effect": "Allow"\ },\ {\ "Action": [\ "ecr:GetAuthorizationToken*",\ "ecr:BatchGetImage*",\ "ecr:GetDownloadUrlForLayer*"\ ],\ "Resource": "*",\ "Effect": "Allow"\ }\ ] } Last updated 17 days ago --- # Jira Permissions | OX docs * **Permission name:** May differ, depending on your version of Jira. For on-premises Jira the permissions interface is similar to Jira Cloud, but the might look slightly different. * **Project permissions:** Are configured in the project administration page and may differ, depending on their project permission scheme. * **Cloud Jira:** Has specific team-managed projects, where permissions are defined for roles and then roles are assigned to users. Role permissions are similar to project level permissions defined in the permission scheme. **Settings > Projects > Target Projects > Project Settings > Access > Manage Users/Roles** * **Default permission scheme:** Grants access to add-on for all the members of administrators and developers groups. No additional configuration is required in this case. [](https://docs.ox.security/making-connections/ticket-management/jira/jira-permissions#project-level-permissions) Project Level Permissions ------------------------------------------------------------------------------------------------------------------------------------------------ To change, go to **Settings > Projects > Target Projects > Project Settings > Permissions**. **Permission Name** **Code** **Purpose / Required For** **Browse Projects** `BROWSE_PROJECTS` \- Viewing project information - Searching projects - Accessing project settings **Create Issues** `CREATE_ISSUES` \- Creating new issues - Bulk issue creation **Edit Issues** `EDIT_ISSUES` \- Updating existing issues - Transitioning issues **Comment Issues** `ADD_COMMENTS` \- Adding comments to issues **Close Issues** `TRANSITION_ISSUES` \- Closing/resolving issues - Changing issue status **Assign Issues** `ASSIGN_ISSUES` \- Changing issue assignees - Assigning during issue creation [](https://docs.ox.security/making-connections/ticket-management/jira/jira-permissions#global-permissions) Global Permissions ---------------------------------------------------------------------------------------------------------------------------------- To change, go to **Settings > System > Global Permissions**. **Permission Name** **Code** **Purpose / Required For** **Browse Users** `BROWSE_USERS` \- Searching users - Viewing user information [](https://docs.ox.security/making-connections/ticket-management/jira/jira-permissions#additional-jira-cloud-requirements) Additional Jira Cloud Requirements ------------------------------------------------------------------------------------------------------------------------------------------------------------------ To ensure a successful integration with Jira Cloud, the user whose credentials are used during the connector integration process, must have the **User** role for the relevant Jira product. Most Jira projects are associated with either Jira Software or Jira Service Management. To prevent integration issues, assign the **User** role to the user for both products. This role provides the necessary permissions to make API calls. **To check your user role:** 1. Sign in to Jira Cloud as an administrator. Make sure you have the required permissions to manage users. 2. Go to **Settings** > **User Management**. 3. Search for the user whose credentials are used in the connectors. 4. Select the username to open their profile. 5. Under **Product Access**, confirm that the user has access to the relevant Jira product. 6. Verify that the user role is set to **User** for the applicable product. Last updated 8 months ago --- # Bright Security | OX docs > Note: This capability may be in Early Access (EA) in your environment. Coordinate availability with your OX technical contact. You can connect OX to your Bright Security instance to import Dynamic Application Security Testing (DAST) results. This lets you view DAST issues alongside other security findings in the OX platform. [](https://docs.ox.security/making-connections/dynamic-app-security/bright#prerequisites) Prerequisites ------------------------------------------------------------------------------------------------------------ Bright Security Admin account. [](https://docs.ox.security/making-connections/dynamic-app-security/bright#step-1-get-a-bright-api-key-bright-security) Step 1: Get a Bright API key \[Bright Security\] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Bright Security (Bright DAST) utilizes API keys for authentication and integration purposes, as follows: * **User Keys (Personal API Keys):** These keys are created and managed within a user's personal settings in the Bright DAST platform. They are used for individual user-specific operations and integrations. * **Project Keys:** These keys are associated with specific projects within Bright DAST and are used for project-level integrations and operations. * **Organization Keys:** These keys provide access at the organizational level, often used for broader integrations and management across multiple projects. For integration with OX, you need to create a Personal API Key. Use a read-only key. If your organization prefers stricter scoping, create a dedicated service account and generate the key from that account. **To generate a Bright Security API key:** 1. Sign in to Bright Security. 2. Access your personal settings by clicking on your profile in the upper-right corner of the screen and selecting **User Settings**. 3. Locate the **MANAGE YOUR USER API KEYS** section, and select **\+ Create API key**. 4. Define the token **Name**. 5. Select the **scope(s)** and **action types** (such as read or write), as follows: Scope Purpose Notes `projects:read` View available projects and project issues Recommended minimum (read-only) `issues:read` View detected scan issues Recommended minimum (read-only) `scans:read` View existing scans (Optional) For richer evidence 1. (Optional) Set an **Expiration Date**. 2. Select **Create**. Copy the key and store it securely, you won’t be able to view it again after leaving the popup. Created keys (without full values) appear under **Manage your organization API keys**. [](https://docs.ox.security/making-connections/dynamic-app-security/bright#step-2-connect-bright-to-ox-ox) Step 2: Connect Bright to OX \[OX\] --------------------------------------------------------------------------------------------------------------------------------------------------- 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **Bright**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-aa0cbaf289873b46c0001191d7df94616c4759b6%252FBright.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=579b55e2&sv=2) 1. In the **Configure your Bright Security credentials** box, provide the following details: Field Description **Bright Host URL** The base server URL Bright provides. **Token** The unrestricted API key (no products selected) you generated in Bright Security. 1. Select **CONNECT**. 2. To select specific Bright projects to import, click the gear icon next to the **DELETE** button. 3. Select the Bright projects and select **SAVE**. When connected, OX starts pulling DAST data from Bright. Last updated 2 months ago --- # Adding comments to Jira tickets | OX docs You can configure OX platform to automatically add comments to a variety of ticketing systems when specific actions are taken on OX issues. This ensures that developers working in this system are informed of changes made by security teams without needing direct communication. When enabled, OX adds the comment directly to the linked ticket automatically, no manual entry is required. You can choose which actions should trigger comments and enable them individually. This allows teams to control the level of detail shown in the ticketing system and avoid unnecessary noise. The following ticketing systems are supported: * Jira * Azure Boards * Asana * Monday * ServiceNow **To add comments automatically:** 1. Go to **Settings > TICKETING AND MESSAGING**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-d88738e022959cd80dc7619cf71278b3dd7dccb5%252FComments.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=968a916b&sv=2) 2\. Enable the options that you want, as follows: * **The issue is resolved:** The issue was resolved or reopened in the OX platform. * **The issue's severity changes:** The severity definition of this issue was changed. * **The issue is excluded:** The issue was excluded from the security scan, and from now on this issue will not be reported. * **The issue is no longer available:** The issue was not identified in a specific scan. * **The issue is reported as false positive:** The issue was manually defined in the OX platform as false positive, and a comment about it is automatically generated in the ticket linked to this issue. * **A comment was added to the OX issue:** A new comment is manually added to an issue in the OX platform, and the same comment is automatically added to the ticket. Last updated 2 months ago --- # JFrog Artifactory | OX docs JFrog Artifactory is a universal DevOps solution that manages and automates artifacts and binaries during the application delivery process. By connecting your JFrog, you allow OX to seamlessly scan your artifactories for vulnerabilities. ### [](https://docs.ox.security/making-connections/jfrog-artifactory#setting-up-your-connection) Setting up your connection 1. Log in to your JFrog account. 2. In the top right corner, select "Edit profile" from the drop-down menu. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-e5cce305d802641547d14f27a3f0d8b0800e37a6%252FJFROG%25201.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d32cb209&sv=2) 1. Select "Generate API token". ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-08527a526d033cc58156fc7e372adf4154319ab2%252FJFROG%25202.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=335d036f&sv=2) 1. After clicking "Next", copy the generated code and paste it into OX. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ab737d76e4a8553029d110f523a715e489e4c324%252FJFROG%25203.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=16b132d&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-452ec5f13ab1cda70749beddbf59dfde8ffc39da%252FJFROG%25204.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6428a98d&sv=2) 1. Copy your unique JFrog URL and your JFrog username and paste them into OX. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a178d57847608c0546bbbc476abbef2b7641ed44%252FJFROG%25205.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c0337f64&sv=2) ### [](https://docs.ox.security/making-connections/jfrog-artifactory#granting-permissions) Granting Permissions We kindly ask that you provide us with the following permissions: ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6b73d6350ce0b5a9b1440f128f98afa40d210d50%252FScreen%2520Shot%25202023-04-17%2520at%252013.46.09.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=daa38c20&sv=2) Last updated 1 year ago --- # Applause | OX docs > Note: This capability may be in Early Access (EA) in your environment. Coordinate availability with your OX technical contact. You can connect OX to your Applause instance to import Dynamic Application Security Testing (DAST) results without interfering with live cycles. If your Applause deployment is self-hosted or uses a custom domain, you may need a custom API host URL. [](https://docs.ox.security/making-connections/dynamic-app-security/applause#prerequisites) Prerequisites -------------------------------------------------------------------------------------------------------------- * **Applause role**: You must have **Primary Manager** account in Applause to manage API keys. * **Access to the customer tenant** where products and test cycles are defined. [](https://docs.ox.security/making-connections/dynamic-app-security/applause#step-1-generate-an-applause-api-key-applause) Step 1: Generate an Applause API key \[Applause\] --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- For validation, Applause users can issue a restricted API key, which is limited to 1–2 test cycles and certain issue types. After testing, they can issue an unrestricted API key that works for all products in the customer’s Applause tenant. **To generate a restricted Applause API key:** 1. Sign in to Applause with a **Primary Manager** account. 2. Go to **Configurations > API keys**. 3. Select **Generate New API key**. 4. **In the Generate New API Key dialog**, set the following: Field Description **Key Name** Provide a key name. **Restricted Key by Product (Optional)** * **Unrestricted (recommended for OX)**: Do not select any products. The key will work for all products in the tenant. * **Product-restricted**: Select one or more products to limit the key strictly to those products. 1. Select **Generate Key**. The information box with the key appears. 2. Select **Copy Key & Close**, and store the copied key securely, it is shown only once. [](https://docs.ox.security/making-connections/dynamic-app-security/applause#step-2-connect-applause-to-ox-ox) Step 2: Connect Applause to OX \[OX\] --------------------------------------------------------------------------------------------------------------------------------------------------------- 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **Applause**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a95d2c02d544396ba99c62a801c1932a625be180%252FApplause.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=5522208b&sv=2) 1. In the **Configure your Applause credentials** box, provide the following details: Field Description **Applause Host URL** The base server URL Applause provides. **Token** The unrestricted API key (no products selected) you generated in Appause. 1. Select **CONNECT**. 2. To select specific Applause projects to import, click the gear icon next to the **DELETE** button. 3. Select the Applause projects and select **SAVE**. When connected, OX starts pulling DAST data from Applause. Last updated 2 months ago --- # Dynamic App Security | OX docs Dynamic application security testing (DAST) scanners probe running web apps and APIs to find runtime risks, such as SQL injection or cross-site scripting. OX connects to third-party DAST tools to import their findings, enrich them with OX context, and present everything in one place alongside SAST, SCA, cloud, and infrastructure data. OX does not run scans in your DAST tool. Each connector reads findings through the vendor’s API, then maps them to your applications and workflows in OX so you can triage, prioritize, and report consistently. Where you will see DAST data in OX: * **Active issues:** Filter by **Source tool** to focus on a specific vendor. * **Issue details:** Tabs include Summary, URL, Request, Response, Compliance, and CWE, and OX context, such as attack path. * **Applications:** Imported applications appear in the Applications list and dashboards. The following DAST connectors are supported: * [Invicti](https://docs.ox.security/making-connections/dynamic-app-security/invicti) * [Bright Security](https://docs.ox.security/making-connections/dynamic-app-security/bright) * [CyCognito](https://docs.ox.security/making-connections/dynamic-app-security/cycognito) * [Bitsight](https://docs.ox.security/making-connections/dynamic-app-security/bitsight) * [Applause](https://docs.ox.security/making-connections/dynamic-app-security/applause) [](https://docs.ox.security/making-connections/dynamic-app-security#how-data-from-dast-connectors-is-used-by-ox) How data from DAST connectors is used by OX ----------------------------------------------------------------------------------------------------------------------------------------------------------------- When a DAST connector is active, issues from connectors appear in the Active Issues page, under the DAST Source Tool. Severity factors in these issues are displayed only for issues that include CVEs. This means that if an issue pulled from the connector has an associated CVE, OX will show its severity level. However, not all DAST issues include CVEs, so severity scoring will only be available for those that do. This distinction helps users quickly assess which issues are tied to known vulnerabilities and prioritize accordingly, but it also means that some issues may appear without severity factors if they lack a CVE reference. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6a5abb7abf8b5458ab31837f745358d46b052e32%252FDAST%2520issues.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=35e3348f&sv=2) Each issue includes the following info received from a DAST connector: * The attacked URL, or a group of URLs; all URLs that triggered this issue appear under the same issue. * The HTTP request that triggered the issue. * The HTTP response returned by the application. * Issue severity as reported by the connector. * CWE identifiers, if provided. * Compliance-related tags, if provided. * Other metadata specific to the connector. Last updated 3 days ago --- # Automating Jira Ticketing | OX docs In addition to [creating Jira tickets from OX](https://docs.ox.security/making-connections/ticket-management/jira) , you can automate several aspects of how security issues are tracked and updated in Jira. These automations help you sync key information between platforms, reduce manual updates, and ensure consistency across issue workflows. You can automatically add comments to Jira tickets based on actions taken in OX, set due dates aligned with your SLAs or custom rules, and map issue severity to Jira priorities. These capabilities improve collaboration between security and development teams by keeping Jira issues accurate and up to date. The following automated capabilities are available: * [Adding comments to Jira tickets](https://docs.ox.security/making-connections/ticket-management/jira/page-1) * [Mapping default due dates](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#mapping-default-due-dates) * [Mapping Jira priorities](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#mapping-jira-priorities) * [Closing Jira tickets](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#closing-jira-tickets) [](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#mapping-default-due-dates) Mapping default Due Dates --------------------------------------------------------------------------------------------------------------------------------------------------------------- You can add to a Jira ticket a custom field named Due Date and then configure a default Due Date value in OX platform based on the OX issue severity. This helps ensure that tickets align with your SLA expectations without requiring manual date entry. > Jira ticket must include the Due Date field for this mapping to work. If you manually change the value of the Due Date parameter in Jira while creating the ticket, that value overrides the default defined in OX. For example, if a critical issue has a 3-day SLA, the Due Date parameter in Jira will automatically be set to 3 days from the ticket creation date, unless manually overridden. **To map default Due Dates:** 1. Go to **Settings > TICKETING AND MESSAGING**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3c6575683bfd218ab99736023ac2c74f640e4fe3%252FDue_Dates.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=be9ed97d&sv=2) 1. Enable **Add Due Dates to Jira tickets**. 2. Set the **Due Date** parameter in Jira in one of the following ways: * **Use Due Dates from OX SLA Settings**: The **Due Date** is automatically taken from the **Settings > SLA** definitions in OX. * **Set default Due Dates**: Define manually SLA for each severity level. These settings override all the other SLA settings for the selected issues. [](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#mapping-jira-priorities) Mapping Jira Priorities ----------------------------------------------------------------------------------------------------------------------------------------------------------- You can map issue severity levels in OX to the Priority parameter values in Jira. This ensures that each ticket created reflects the appropriate level of urgency within your existing Jira workflows. For example, mappings might include: * `Critical` severity → `Highest` Jira priority * `High` severity → `High` Jira priority * `Medium` severity → `Medium` Jira priority After you configure these settings, all the they are applied automatically for all the new when tickets created for OX issues. **To map priorities:** 1. Go to **Settings > TICKETING AND MESSAGING**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-71df66e9286eff61b7b7a32e949899d8e8dda468%252FPrioritization.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a059719d&sv=2) 1. Enable **Map severity to Jira Priority field**. 2. Enable the severity levels that you want to map and define the **Priority** value in Jira associated with each severity level in OX. [](https://docs.ox.security/making-connections/ticket-management/jira/automating-jira-ticketing-in-ox#closing-jira-tickets) Closing Jira tickets ----------------------------------------------------------------------------------------------------------------------------------------------------- You can configure automatic Jira ticket closure when an issue is resolved or excluded. Depending on your organization's Jira status settings, you can select the status that is applied to closed tickets. The process runs automatically once configured. **To set automatic status updates:** 1. Go to **Settings > TICKETING AND MESSAGING**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-94203faac73c3dc7a11696019e7b6b8024473e48%252Fclose%2520issues.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=809fa41a&sv=2) 1. Enable the automatic Jira ticket closure option(s). 2. For each closure option, set the status that you want to appear in Jira when the ticket is closed. Last updated 1 month ago --- # ServiceNow | OX docs ServiceNow is a leading digital workflow platform that helps organizations manage IT services, operations, and business processes with automation and efficiency. It’s widely used for incident management, change control, and service requests across enterprise environments. Integrating OX Security with ServiceNow brings security insights directly into your IT operations workflows. Vulnerabilities and security issues detected by OX can be automatically converted into ServiceNow incidents or tasks, allowing IT and security teams to respond faster and more effectively. **Benefits of the integration include:** * **Centralized Incident Management:** Track and resolve security issues within the same platform used for IT operations. * **Faster Response Times:** Automate ticket creation based on real-time vulnerability findings from OX. * **Improved Collaboration:** Bridge the gap between security and IT teams with shared visibility and accountability. * **Consistent Workflow:** Align security issue handling with your organization’s existing escalation and resolution processes. [](https://docs.ox.security/making-connections/ticket-management/servicenow#prerequisites) Prerequisites ------------------------------------------------------------------------------------------------------------- * ServiceNow admin account. [](https://docs.ox.security/making-connections/ticket-management/servicenow#creating-a-dedicated-servicenow-api-user) Creating a Dedicated ServiceNow API User ------------------------------------------------------------------------------------------------------------------------------------------------------------------- For ServiceNow-OX integrated incident management, you need to [define a new dedicated API user](https://docs.ox.security/making-connections/ticket-management/servicenow#create-a-new-api-user) and then [assign this user the required roles and permissions](https://docs.ox.security/making-connections/ticket-management/servicenow#assign-required-roles) . ### [](https://docs.ox.security/making-connections/ticket-management/servicenow#create-a-new-api-user) Create a new API user 1. Go to [https://developer.servicenow.com/](https://developer.servicenow.com/) and log in to your ServiceNow admin account. 2. Select **Start Building >** **Request Instance**. The process of instace creation takes 5-10 mins). 3. Select **Manage instance password**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-e0bed55797af3fd4382ce24b3da55123ad85ce1c%252FSN_1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=50abfdb0&sv=2) 1. Top start using services, click **Instance URL** and use the **Username** and the **Password**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3aed93b6523a22dc2b5c1f719b650f24bea848b5%252FSN_1_A.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=dcc5f34b&sv=2) 1. From the top menu, select **All > Users** and then in the right top corner, select **New**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-f656b37e0dfb6753aaa8842b1dd1e9ba80e15ec0%252FSN_2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e9b9cdb1&sv=2) 1. Set the following parameters and select **Submit**. Parameter Description **User ID** api\_incident\_user **First Name** Your first name. **Last Name** Your last name. **Password needs reset** Select this checkbox. **Active** Select this checkbox. **Email** Type your email address for getting notifications. **Time zone** Verify that the time zone is correct. The new user appears in the list of users. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4698079e5692a987d9deefce65bbce58769b3ad8%252FSN_3.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e1922196&sv=2) 1. Select the desired User ID. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9972cd6d525095db3575f3435bf75a0d3945e6c6%252FSN_3_A.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8eaea9b7&sv=2) 1. Select **Set Password**, then select **Generate**, copy the new password and store it in a safe location. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0f91943e99261dd761d84216fb32ecec7e9a9478%252FSN_4.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d4222a07&sv=2) 1. To link the new password to the user, select **Update**. ### [](https://docs.ox.security/making-connections/ticket-management/servicenow#assign-required-roles) Assign required roles 1. In the user definitions page, scroll down and select **Roles > Edit**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1374737c2b0ab36f39890012ff55a5edc9218ea8%252FSN_4_A.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6b8a290e&sv=2) 1. Define the roles as follows and then select **Save**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-63959cb3ea22da903bc5f25a72a70e4d4d0f7d62%252FSN_5.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2b3aa7f8&sv=2) Role Description itil for incident creation and management rest\_service essential for API access. rest\_api\_explorer for testing API access catalog\_admin for category access sn\_incident\_read for incident reading scope sn\_incident\_write for incident writing scope The new services appear in the user defidition page. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a6ee61988afbb1c1c6ccc57403b7e0794c3db9d4%252FSN_6.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=abff3042&sv=2) [](https://docs.ox.security/making-connections/ticket-management/servicenow#connecting-to-servicenow) Connecting to ServiceNow ----------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for ServiceNow. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5d146182eac5340c49028e0e2db29c0a6660a8cf%252FSN_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2f7f058b&sv=2) 1. Select **ServiceNow**. The **Configure your ServiceNow credentials** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-259eb86fb6e0089cbd6d986338d388e8529cfd44%252FSN_OX_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=92af2cd&sv=2) Parameter Description **ServiceNow Host URL** The URL of the ServiceNow developer site. **User Name** The name of the user that was defined in ServiceNow for the integration with OX. **Password** The password for the OX user in ServiceNow. **Token Name** The token name is automatically generated by OX. 1. Select **CONNECT**. The ServiceNow connector is configured. [](https://docs.ox.security/making-connections/ticket-management/servicenow#adding-servicenow-tickets) Adding ServiceNow Tickets ------------------------------------------------------------------------------------------------------------------------------------- After establishing the connection with ServiceNow, you can add ServiceNow tickets to tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-352efad8621a3f7159ea1f541855744f688a0aa9%252FSN_WF.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=aa475abd&sv=2) **To add a new ServiceNow ticket in OX:** 1. In the **Issues** page, identify and select the issue for which you want to add a new ticket in ServiceNow. 2. Select the ServiceNow icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-80e9f9d304cc2996df01ddb26f79f866bdcbd173%252FSN_issues_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=44736c34&sv=2) 1. Set the ticket details in the **Create ServiceNow Ticket** dialog and select **CREATE TICKET**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-bca83ba4fa3cf12ab77b18a060237de0b3d0d299%252FSN_issue_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9bcffaac&sv=2) Parameter Description **Title** The title of the ticket that describes the problem/issue. **Category** The name of the workspace, as it's defined in Monday. **Assigned To** Set the team member who will work on the ticket. **Priority** Set the priority for the ticket The new ticket appears in ServiceNow. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-425a51c83c60a9c7e68ac2023e01e6872f3fb0e1%252FSN_what%2520you%2520get%2520in%2520SN.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3b089f12&sv=2) Last updated 8 months ago --- # Jenkins | OX docs **Jenkins** is an open-source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration and continuous delivery. ### [](https://docs.ox.security/making-connections/jenkins#connection-options) Connection Options * Login * Create a specific user for us (i.e ox-security) * Provide roles/permissions to the user to read ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5ec2881f4934f57b93e1bacf455a7a368c607613%252F1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=4c6416a&sv=2) * Generate API key * Make sure you are logged into the Jenkins instance as administrator * Click on "Manage Jenkins" in the dashboard ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9c453c914ee6adf9a0c27b17dd034da1f6f1be5b%252F2.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e3b3dec1&sv=2) 3\. Click on "Manage Users". ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-57f0386a9f03dbc07122437c124d99f531633354%252F3.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=21c47f8&sv=2) * Select the user you would like to generate an API token for, then click on their name to access their user configuration page ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1b652012977607eae3a2b7c84eff9ba33ebda9b6%252F4.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=aa09203b&sv=2) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-36313b9e85534e50d51254c845ac79283ee2145a%252F5.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b850daf6&sv=2) * Generate a token using the "Add new token" section ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8cdfc7ed89b269b458cdf2ed7e6178bc89b7e2f1%252F6.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=53e0bf77&sv=2) * Save your configuration * Enter the API key in the system Last updated 1 year ago --- # Nexus IQ CLI | OX docs OX Security integrates with Nexus IQ CLI, a tool from Sonatype, to analyze vulnerabilities in customer-selected repositories. OX leverages Sonatype’s security capabilities to scan these repositories and identify risks related to the libraries they use. This integration enhances the OX system’s visibility into software dependencies and potential security threats The process includes identifying security risks associated with the libraries used in the repository. OX Security enhances these results by enriching the findings beyond the standard tool capabilities, including the following: * whether a library is direct or indirect * if it is actively used * who committed it * when it was committed * what is the commit message OX aggregates this data for a more comprehensive security assessment. Then the enriched results are displayed at the policy level within OX. Additionally, the some base findings from Nexus IQ CLI are sent back to the Nexus platform, allowing customers to view them there under the corresponding repository name. The enriched insights are not shared with Nexus, as the enrichment is exclusive to OX Security. Last updated 8 months ago --- # Slack | OX docs Slack is an instant messaging app that allows employees to connect faster and more efficiently. OX offers you seamless connectivity with Slack in order to streamline any open issues and take fast action. ### [](https://docs.ox.security/making-connections/slack#system-requirements) System Requirements To use OX Security Alerts, you'll need the following: * An OX Slack account with admin or installation permissions * Slack workspace Key Features: * OAuth identity provider installation * Create Manual alerts * Create Automated alerts \[Coming Soon\] ### [](https://docs.ox.security/making-connections/slack#installation-instructions) Installation Instructions Getting started with OX Security Alerts is easy! To install our app on your Slack workspace, follow these simple steps: * Visit https://www.ox.security and open a new organization account * In the left drawer menu, navigate to the Connectors page. Look up your SCM vendor thumbnail and follow the prompts to authorize it. * After you have successfully connected SCM, from the Connectors Page look for the Slack thumbnail and click on it. Follow the prompts to authorize OX Security Alerts to access your Slack workspace. * Initiate your first scan by clicking the 'Scan' button located on the upper corner top menu bar. That's it! You can now start using OX Security Alerts via your Slack workspace. * Navigate via issues via the left drawer menu. * Select an issue from the issue menu and click 'Send To Slack Channel'. Select your desired channel and press 'Send'. Please note installation is possible only via the OX SaaS platform. ### [](https://docs.ox.security/making-connections/slack#capabilities-and-permissions-scopes) Capabilities and Permissions Scopes In order for your app to function properly, it requires the following capabilities and permissions scopes: * **Channls:read:** OX Security as an appsec product needs to be able to publish appsec issues in a slack channel. OX needs to present the list of slack channels available so that the user can select which channel an issue should be published in. In addition, OX would like to scan chat history for secrets as part of its channel read functionality. * **Channls:write:** OX Security as an appsec product needs to be able to publish appsec issues in a slack channel. The user of OX gets to select which channel an issue should be published in. Therefore, we need the ability to publish an issue in any el that the user selects. This is why we need chat.write and chat.write.public permissions. * **Channls:write:public:** OX Security as an appsec product needs to be able to publish appsec issues in a slack channel. The user of OX gets to select which channel an issue should be published in. Therefore, we need the ability to publish an issue in any channel that the user selects. This is why we need chat.write and chat.write.public permissions. ### [](https://docs.ox.security/making-connections/slack#how-do-i-send-a-message-to-slack-directly-from-ox) How do I send a message to Slack directly from OX? #### [](https://docs.ox.security/making-connections/slack#directly-from-the-issue-ribbon) Directly from the issue ribbon From the kebab on the right-hand side of the issue ribbon, select "Send to Slack" ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0d0886464fa3ac49188ef78e105adae68f722a7c%252FSLACK%25201.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c592b79d&sv=2) #### [](https://docs.ox.security/making-connections/slack#from-the-issue-options) From the issue options 1. Click on the desired issue 2. From the menu that opens up at the bottom of the page, select the Slack icon ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-cc8c83f194b51988118e4c2e69ecdb7bf89ff458%252FSLACK%25202.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e1a343b8&sv=2) In both options, you'll be directed to the following screen, where you can choose the Slack channel to send the message to and write your message. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-fe50c1aaa971f2ce3105d1ecdb06bd59f519ab1a%252FSLACK%25203.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3e45e03d&sv=2) Last updated 1 year ago --- # EKS | OX docs **At a glance:** Connect your EKS clusters to OX Security so we can map your organization's security vulnerabilities from code to cloud. **Important!** Your OX organization must be connected to AWS before connecting to EKS. [](https://docs.ox.security/making-connections/eks#overview) Overview -------------------------------------------------------------------------- For the **OX Attack Path** feature to provide a full code-to-cloud map of your organization's security vulnerabilities, OX must be able to query individual Kubernetes clusters. To facilitate this integration for EKS, we have provided a Python utility (the **OX EKS connector script**) that executes the required configuration processes. **Best practices for using the script** This article describes the steps for running the **OX EKS connector script**, which is downloadable from the OX platform. The script as provided is fully functional, but we recommend that you **don’t run it “as-is.”** Instead, provide it to your DevOps team to use as a reference for adapting the configuration to your environment or IaC (infrastructure as code) framework. ### [](https://docs.ox.security/making-connections/eks#what-does-the-script-do) What does the OX EKS connector script do? The script performs the following key operations: * Creates a dedicated namespace named `oxsecurity`. * Creates a service account named `ox-service-account` within the `oxsecurity` namespace. * Creates a read-only **ClusterRole** named `ox-security-read-only`.​ * Establishes a **ClusterRoleBinding** to link the `ox-security-read-only` role to the `ox-service-account`**.** * Updates the **aws-auth configMap** to ensure proper IAM identity mapping between the `ox-security-read-only` role and the `ox-service-account`. Note that the script: * Does not install workloads into the cluster itself. * Requires separate execution on each cluster. [](https://docs.ox.security/making-connections/eks#running-the-ox-eks-connector-script) Running the **script** ------------------------------------------------------------------------------------------------------------------- Before you continue: 1. Ensure your OX organization is connected to AWS. 2. Install the following standard command-line utilities if they are not already installed: * AWS CLI * eksctl * kubectl Additional details about these utilities are available on the [AWS documentation site](https://docs.aws.amazon.com/eks/latest/userguide/setting-up.html) . **Tip:** The process for downloading and connecting using the **OX EKS connector script** includes steps in the OX platform and the AWS CLI. We recommend keeping both open as you complete the connection. **To run the OX EKS connector script:** **Part 1: Download the script** 1. From the OX side navigation menu, go to the **Connectors** page. 2. Search for `EKS` using the **Search** field in the upper-right corner of the page or scroll down to the **Kubernetes** section. 3. Click the EKS connector square ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7e7f54334dcd7498820175769c890c50d43c82a9%252FEKS.png%3Falt%3Dmedia&width=40&dpr=4&quality=100&sign=e8658dda&sv=2). 4. In the **Configure your EKS credentials** dialog, click the ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5cfbe47b27905786148d232186cc5b2cb445af80%252Fdownload_script_button.png%3Falt%3Dmedia&width=212&dpr=4&quality=100&sign=8889f59f&sv=2) button. **Part 2: Copy the AWS CLI command** 1. In the same dialog, click **INSTRUCTIONS: EKS CONNECTION.** 2. In the instructions that open, scroll down to find the command to run in the AWS CLI. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-33b1548ca5cb7bf81e301c1eb30b120a7b8bb19f%252Feks_script_command.png%3Falt%3Dmedia&width=300&dpr=4&quality=100&sign=a51dce9c&sv=2) * The command looks similar to the following: `python eks_ox_onboarding.py --cluster {CLUSTER_NAME} --arn {YOUR_ORGANIZATION'S_ARN_VALUE} --region {REGION}` 3. Copy the command to a code or text editor. 4. In the command you copied: * Change `{CLUSTER_NAME}`and `{REGION}` to the correct values for the EKS cluster you're connecting. * We've already provided the value for the `--arn` parameter based on your OX AWS connection, so you shouldn't need to change it **except in the following circumstances:** * **Important!** If your OX AWS connection was set up using the **Organization** option _(see image below),_ replace the AWS Account ID in the provided `--arn` parameter with the AWS Account ID of the EKS cluster you are connecting. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-11cad409a356eef7661cad6fa56f2d34162d34a4%252Faws_connector_organization_option.png%3Falt%3Dmedia&width=300&dpr=4&quality=100&sign=f3ec314c&sv=2) **Part 3: Connect your EKS clusters** 1. From the AWS CLI command prompt, run the command you copied (as modified according to the instructions above). 2. Run the script individually for each EKS cluster you are connecting, making the appropriate changes each time to the `{CLUSTER_NAME}`and `{REGION}` values (and, if necessary, to the `--arn` parameter, as discussed above). **Part 4: Finalize the connection** 1. Once you've run the script for all relevant EKS clusters, return to the **Configure your EKS credentials** dialog in the OX platform. * If you've closed the dialog, reopen it by following steps 1-3 of Part 1, above. 2. Click the ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0ec8f1a7b795a6ca3e306fc07ae4608d1b0ee162%252Fconnect_button.png%3Falt%3Dmedia&width=149&dpr=4&quality=100&sign=af0bb082&sv=2) button. Last updated 1 year ago --- # Red Hat Quay | OX docs Integrating Red Hat Quay with OX Security's Active Application Security Posture Management (ASPM) Platform enhances your organization's container image security and management. Red Hat Quay is a scalable, security-focused container image registry designed for storing, building, and distributing container images across enterprise environments. As a fully-featured registry, Quay provides robust capabilities, including automated vulnerability scanning, image signing, access control, and geo-replication, making it a preferred choice for organizations that prioritize security and compliance. By integrating Red Hat Quay with OX Security's Active ASPM Platform, organizations can achieve: * **Unified Visibility**: Consolidate data from Quay and other sources to gain a comprehensive view of your container images and their security posture.​ * **Automated Vulnerability Management**: Leverage OX Security's capabilities to continuously monitor and prioritize vulnerabilities detected in container images stored within Quay.​ * **Streamlined Compliance**: Ensure that container images meet organizational and regulatory compliance standards through automated policies and reporting. [](https://docs.ox.security/making-connections/red-hat-quay#prerequisites) Prerequisites --------------------------------------------------------------------------------------------- * Red Hat account. [](https://docs.ox.security/making-connections/red-hat-quay#connecting-to-red-hat-quay) Connecting to Red Hat Quay ----------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Red Hat Quay. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-bf58f1f15208978ce2d703e56b1451f12c69208d%252FQuay%2520icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9ef8739&sv=2) 1. Select **Red Hat Quay** and The **Configure your Red Hat Quay credentials** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4a7bc97951c11873bfe4bfeb6054744bc01a16c5%252FConfig_credentials.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1e2e0b6b&sv=2) Parameter Description **Red Hat Quay Host URL** Add your Red Hat account URL. **Token** Paste the token you have created. **Token Name** The name is generated automatically by OX. 1. Select **CONNECT**. The Red Hat Quay connector is configured. need to rewrite this part: 1. Sign in to Quay account. 2. Select organization. 3. Go to 'Applications' and create new application. 4. Select application and press 'Generate Token'. 5. Set 'View all visible repositories' and 'Read User Information' checkboxes. 6. Press 'Generate Access Token'. Querying and managing container images in a registry [](https://docs.ox.security/making-connections/red-hat-quay#how-the-integration-works) How the Integration Works --------------------------------------------------------------------------------------------------------------------- Quay projects are associated with images, which accumulate over time as new commits are made. OX connects to the registry and starts managing images created each time a developer pushes new code. ### [](https://docs.ox.security/making-connections/red-hat-quay#configuring-which-images-to-retain) Configuring which images to retain By default, OX Security selects and retains the last image from each project. You can configure which images to retain. You can specify images to scan based on tags, allowing different versions to be stored for different customers or environments. **To configure images for scanning:** 1. In the **OX app**, go to **Settings > Scan > Container Security > Enter Regex for Container Scanning**. 2. To select container images that you want to include in the scan, enter a regex pattern and select **UPDATE**. ### [](https://docs.ox.security/making-connections/red-hat-quay#extending-retention-period) Extending retention period By default, only images from the last six months are retained. You can extend the retention period if needed. The system automatically deletes the latest images unless configured otherwise. Images older than six months are removed by default unless you specify a longer retention period. If a project has no new commits for six months, its images are not deleted. **To change the retention period:** 1. In the **OX app**, go to **Settings > Scan > Container Security > Container Age Threshold for Scanning.** 2. Set the number of months after which the container is excluded from scan. 3. **Database & Requirements**: * A database is needed for this functionality. * The system is mostly self-sufficient beyond this requirement. 4. **Upcoming Feature on Unscanned Containers**: * A new feature related to unscanned containers is being introduced. * A new screen will display information about why certain images were not deleted. * This screen will include image details such as name, tag, creation date, and the reason for retention. 5. **Conclusion**: * The logic ensures that only relevant images are retained while providing users with flexibility in configuration. * The system balances automated cleanup with user-defined retention rules. * Future updates will enhance visibility into image retention decisions. [](https://docs.ox.security/making-connections/red-hat-quay#undefined) -------------------------------------------------------------------------- Last updated 8 months ago --- # Microsoft Teams | OX docs Microsoft Teams is a powerful collaboration platform that enables seamless communication and coordination across organizations. With its integration capabilities, it can serve as an effective notification and communication system for security platforms such as OX Security. By leveraging Microsoft Teams, you can receive real-time security alerts, incident updates, and workflow notifications directly within your Teams channels or private chats, ensuring swift response and improved security operations. This way, you can streamline incident management, reduce response time, and enhance team collaboration. Integration use-cases: * [Sending information about an individual issue to Teams.](https://docs.ox.security/making-connections/microsoft-teams#sending-a-teams-message-about-an-issue) * [Adding OX-Teams related tasks as part of OX workflows.](https://docs.ox.security/making-connections/microsoft-teams#adding-teams-messages-to-workflows) [](https://docs.ox.security/making-connections/microsoft-teams#prerequisites) Prerequisites ------------------------------------------------------------------------------------------------ * Microsoft Teams account * (Optional) Administrative access to Microsoft Azure Admin Center * Permissions to manage enterprise applications in Azure [](https://docs.ox.security/making-connections/microsoft-teams#connecting-to-microsoft-teams) Connecting to Microsoft Teams -------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Microsoft Teams. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2be737198576ca1ce5a95ba2f7dc954ce2ed0291%252FTeams%2520icon%2520in%2520Ox.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ce825686&sv=2) 1. Select **Microsoft Teams**. The **Configure your Microsoft Teams credentials** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7a49a7e92e26d5a70c15d7c946f78244831b9448%252FConfigure%2520MS%2520teams%2520credentials%2520in%2520OX_identity_provider.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=dcf37b30&sv=2) 1. Select **CONNECT**. The Microsoft Teams connector is configured. 2. In case you do not have the administrative access to Microsoft Azure Admin Center, the permissions request appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-718b7643ace610e2c5ab56d80cfb43d7b691700d%252FPemission%2520Request.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=57cdfa5b&sv=2) 1. Select **Accept**. [](https://docs.ox.security/making-connections/microsoft-teams#viewing-ox-in-microsoft-entra-admin-center) Viewing OX in Microsoft Entra admin center ---------------------------------------------------------------------------------------------------------------------------------------------------------- 1. Go to **Microsoft Entra admin center,** login and select **Applications** **\>** **Enterprise Applications**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ca2f9fb8cac96c7261e7dd89ad590f830374ab1b%252FEnterprise%2520applications%2520in%2520MS.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=40f47116&sv=2) 1. From the right pane, select **OXSecurity**. The **OX Security Overview** pane appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-a75fd12e647bf904b21ee7e3b754cd28447506f0%252FEnterprise%2520applications%2520in%2520MS_OX.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8e1129d3&sv=2) 1. From the left pane, select **Permissions**. The **Permissions** pane appears, displaying the list of the channels through which you can get messages to Teams. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b64833ced487ab6519a16da950b051920af5c008%252FEnterprise%2520applications%2520in%2520MS_OX_permissions.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=24b34ca8&sv=2) [](https://docs.ox.security/making-connections/microsoft-teams#sending-a-teams-message-about-an-issue) Sending a Teams message about an issue -------------------------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Active Issues,** select the issue about which you want to send a message to Microsoft Teams, and in the issue property section, select the Teams icon. The **Send message to Teams** dialog appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0d138ca3e42280ce357045ae5e553d184161e2a6%252FSend%2520message%2520to%2520teams.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a83ca1f0&sv=2) 1. Add recipients and a comment, and select **SEND**. [](https://docs.ox.security/making-connections/microsoft-teams#adding-teams-messages-to-workflows) Adding Teams messages to workflows ------------------------------------------------------------------------------------------------------------------------------------------ 1. In the **OX app**, go to **Workflows** and select the workflow to which you want to add sending Teams messages. 2. In the workflow, find the step to which you want to add the Teams-related action and click **+**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-61a38d478b1a7735acc9a7558cfc0cf33433f3d9%252FWF_teams_message_1%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=402631ed&sv=2) 1. Select **Action > Teams** and set the following: **Select recipients:** Select message recipients. **Select recipients fallback:** Select fallback recipients. **(Optional) Add your own comment:** IT's a good practice to add a comment to the message, providing additional info. **Execute on:** Select one of the following conditions: - New Issues - Updated Issues - New or Updated Issues - New, Updated or Existing Issues - Periodic ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-e077bcf2df6bd0a953101a38a76d32934109911a%252FWF_teams_message.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=19693556&sv=2) 1. Select **ADD**. The new action appears in the workflow. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-73800adc7d0792af6bac89a2922c87e0e467353c%252FWF_teams_message_2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7cbff588&sv=2) Last updated 6 days ago --- # Jira | OX docs Jira is a powerful project management and issue-tracking tool widely used by development teams to plan, track, and manage software projects. It provides robust workflows, automation, and integrations that streamline collaboration between teams. Integrating OX Security with Jira enhances security visibility within your existing development workflows. This integration allows security issues and vulnerabilities detected by OX to be automatically logged as Jira issues, ensuring they are tracked, prioritized, and resolved alongside other development tasks. By seamlessly embedding security insights into Jira, teams can maintain a proactive approach to risk management while minimizing workflow disruptions. [](https://docs.ox.security/making-connections/ticket-management/jira#jira-cloud-and-jira-on-prem) Jira Cloud and Jira On-Prem ----------------------------------------------------------------------------------------------------------------------------------- OX supports integrating with both JIRA Cloud and JIRA On-Prem for ticketing automation. When integrating OX with JIRA On-Prem, you can automatically create and update tickets based on issues detected in your environment. Unlike JIRA Cloud, JIRA On-Prem requires additional configuration steps, particularly around the URL format and authentication method. When connecting OX to a JIRA On-Prem instance, you need to decide what authentication method to use for the connection. You define the method by defining the URL format, as follows: * Token-based authentication (this method is recommended, as it is more secure) Copy https:///release/v${version}/api/2/bearer * Basic username-password authentication Copy https:///release/v${version}/api/2 The integration process includes the following: 1. [Prerequisites](https://docs.ox.security/making-connections/ticket-management/jira#prerequisites) 2. Get Jira tokens: for [Jira on Cloud](https://docs.ox.security/making-connections/ticket-management/jira#getting-jira-cloud-token) , for [Jira On-Prem](https://docs.ox.security/making-connections/ticket-management/jira#getting-jira-on-prem-token) * Connect to: [Jira on Cloud](https://docs.ox.security/making-connections/ticket-management/jira#connecting-to-jira-on-the-cloud) , [Jira On-Prem](https://docs.ox.security/making-connections/ticket-management/jira#connecting-to-jira-on-prem) * [Add Jira tickets](https://docs.ox.security/making-connections/ticket-management/jira#adding-jira-tickets) [](https://docs.ox.security/making-connections/ticket-management/jira#prerequisites) Prerequisites ------------------------------------------------------------------------------------------------------- A Jira account. [](https://docs.ox.security/making-connections/ticket-management/jira#getting-jira-cloud-token) Getting Jira Cloud token ----------------------------------------------------------------------------------------------------------------------------- 1. Log in to your Atlassian account. 2. From your profile picture in the top-right corner, select **Profile**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6b5617b62a8f5c3ef43eeca6f0ee6e6d7d682e80%252FJira1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=eff52ac8&sv=2) 1. In your profile settings page, select **Manage your account** and then select **Security**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-07fa5acb0c5831162372b106ede180093a234af7%252FJira2.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9267fe75&sv=2) 1. Scroll down to the **API Tokens** section, select **Create and manage API tokens**, and then select **Create API token.** ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-837b4750b225ff1519b0c63bad737531a5825621%252FJira3.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ad6b2e26&sv=2) 1. In the **Create API token** dialog, define the following. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ca9a43b8418c216d216c399590a5053eb03a5a7b%252FJira4.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8ced74e8&sv=2) Parameter Description **Name** A significant name that makes it easy to identify the purpose of the token. **Expires on** Set the expiration date as far as possible. 1. Select **Create**. The dialog with the token appears. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8d205fb97fbb61b35b868293c32448b318474916%252FJira5%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e5cfa668&sv=2) 1. Copy the token and store it in a safe location. After closing this dialog you cannot see it again. [](https://docs.ox.security/making-connections/ticket-management/jira#getting-jira-on-prem-token) Getting Jira On-Prem token --------------------------------------------------------------------------------------------------------------------------------- 1. Log in to your Atlassian account. 2. Click your profile avatar and select **Profile**. 3. Navigate to **Personal Access Tokens**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-cc4789c05eb7c631bdbcef1fa0a84523d50013ef%252Fonprem_jira_personal%2520access_token.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d820b5eb&sv=2) 1. Click **Create token**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-61b8997dfd4858f8e2c498512e3f2a236d717b03%252Fonprem_jira_create_token.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d7d315e2&sv=2) 1. Provide a name and expiration period, then click **Create**. 2. Copy the token and store it in a safe location. After closing this dialog, you cannot see it again. > **Note:** This process may differ slightly based on your JIRA On-Prem version. [](https://docs.ox.security/making-connections/ticket-management/jira#connecting-to-jira-on-the-cloud) Connecting to Jira on the Cloud ------------------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Jira. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-c6f44ee1247382415c721a60e695720924006a62%252FJira_connect_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3ed46fd8&sv=2) 1. Select **Jira** and set the following parameters in the **Configure your Jira credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6cff819917ba7d4cc6dd55fb95203f035b9fe4fa%252FJira_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=fdfcc89c&sv=2) Parameter Description **Jira Host URL** Add your organization account URL. **User Name** Type the email address used as your Jira user name. **Token Name** Paste the Jira token you have created. 1. Select **CONNECT**. The success message appears. [](https://docs.ox.security/making-connections/ticket-management/jira#connecting-to-jira-on-prem) Connecting to Jira On-Prem --------------------------------------------------------------------------------------------------------------------------------- 1. In the **OX app**, go to **Connectors** and search for Jira. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-c6f44ee1247382415c721a60e695720924006a62%252FJira_connect_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=3ed46fd8&sv=2) 1. Select **Jira** and set the following parameters in the **Configure your Jira credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2671a09bb7aa0c562b598f90c346efd50ee6e76c%252FJira_on_prem_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=778ba946&sv=2) Parameter Description **Jira Host URL** Add the URL format that defines the [authentication method for the Jira on-prem](https://docs.ox.security/making-connections/ticket-management/jira#jira-cloud-and-jira-on-prem) connection, where: * `` : The base domain of the JIRA server * `` : The JIRA version **User Name** Type your JIRA username. **Token Name** Based on the authentication method you are using, paste the Jira token you have created, or add your actual JIRA password. 1. Select **CONNECT**. The success message appears. [](https://docs.ox.security/making-connections/ticket-management/jira#adding-jira-tickets) Adding Jira tickets ------------------------------------------------------------------------------------------------------------------- After establishing the connection with Jira, you can add Jira tickets for a variety of tasks and issues in OX using one of the following methods: * Adding a new ticket to an issue, or bulk of issues. * Adding a new ticket as a scheduled task using workflows. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9eb60a075f5d9855d44556de36a9a4bbda79cf52%252FWF_Jira_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=df82877f&sv=2) **To add a new Jira ticket in OX:** 1. In the Issues page, identify and select the issue for which you want to add a new ticket in Jira. 2. Select the Jira icon. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-4eb8c5280041c629e4d38764f78ac7b20534a7c6%252FJira_icon_issue.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=f02a913d&sv=2) 1. Set the ticket mandatory parameters in the **Create Jira Issue** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-cb1e873a2858331d9767cf9ffe35a59bf77b6cf6%252FJira_create_issue.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8036deb2&sv=2) Parameter Description **Summary** The title of the ticket that describes the problem/issue, as it appears in the OX Issues page. **Project** The name of the project, as it's defined in Jira. **Issue Type** Select the issue type. 1. (Optional)Set the other Jira ticket parameters. 2. Select **SUBMIT**. The new ticket appears in Jira. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-1f02a7c71ef197d950390c3a1cdfa4050a41e9e6%252FJira_new_ticket.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a5896ec9&sv=2) Last updated 2 months ago --- # GKE | OX docs Google Kubernetes Engine (GKE) is a managed Kubernetes service that simplifies the deployment, scaling, and management of containerized applications in Google Cloud. It abstracts infrastructure management while providing flexibility and control over Kubernetes clusters. Integrating OX Security with GKE gives your security team real-time visibility into what’s running in your clusters and improves workload protection, as follows: * **Workload-Level Scanning:** OX identifies which container images are actively running in your Kubernetes workloads, such as deployments and pods, and scans those confirmed to be in use. This improves precision and reduces unnecessary overhead. * **Runtime Context:** OX enriches security findings across your environment with runtime metadata. If a vulnerability is found in code or an image that is actually deployed and running, the issue is flagged with additional severity context. This context supports more informed decision-making and triage. * **Risk Prioritization Support:** You can prioritize issues based on whether they are actively running, filter findings by runtime status, or create custom policies to adjust severity accordingly. When you connect your GKE clusters to OX Security, the platform adds cloud-native context to enhance visibility and prioritization across the system: * The Applications page is enriched with cloud deployment details, including Application Flow and Tags that reflect Kubernetes deployment and internet exposure. * Issues from SAST, SCA, and container scanning are enhanced with Kubernetes reachability severity factors, based on real-time cloud deployment data. * The Attack Path tab in Issues is updated to show full cloud reachability, helping you understand how issues can be exploited in your Kubernetes environment. * Artifact integrity issues are raised for images that are running in the cluster but originate from untrusted or unknown sources. * The Artifact BOM page now includes cloud deployment visibility, helping track where and how artifacts are used across clusters. * OX scans specific versions of container images found in the cloud, not just the latest versions available in your registry. [](https://docs.ox.security/making-connections/gke#prerequisites) Prerequisites ------------------------------------------------------------------------------------ * A Google Cloud project with IAM permissions to: * Create service accounts * Manage service account keys * Enable required APIs (e.g., Compute Engine API, IAM API, Kubernetes Engine API). * Optional: `gcloud` CLI installed and configured. * A running GKE cluster in the selected GCP project, with Kubernetes API enabled. * Authorized OX static IP address to access your GKE: 34.241.46.143, 34.247.61.212. [](https://docs.ox.security/making-connections/gke#creating-a-new-service-account) Creating a new service account ---------------------------------------------------------------------------------------------------------------------- 1. Log in to the [Google Cloud Console](https://console.cloud.google.com/) . 2. Select your GKE project. 3. Navigate to **IAM & Admin**. 4. Select **Service Accounts**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-2d4ebcb4b2f99ff571881d481f34ebc42a0ad2c8%252Fimage1.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=931235ec&sv=2) 1. Select **\+ Create Service Account**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-7e9fa6cf17c4828c2e3a4c56cf2a0f022f2ae618%252FGKE_Create_SA.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8bd43413&sv=2) 1. Add a meaningful name and an optional description. 2. Select **Create and Continue**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-ff10e6b449203542004554433247a3ee942d18c0%252FGrant_SA.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8ec6d345&sv=2) 1. Grant the **Viewer** role to the new service account and select **Done**. The new service account appears in the **Service accounts** table. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-53fb1a976fc786093e8f37d5c7a28a43cbe3898d%252Fgke_connector_result.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7afbf245&sv=2) 1. In the **Actions** column, select the newly created service account, click the three dot menu related to it, and select **Manage keys**. 2. In the **Keys** pane, select **Add key > Create new key**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b538d5a9a59ff956c8463ebcd5ae83017266c19c%252FGKE_connector__create_key.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a6a058a6&sv=2) 1. Select **JSON** and then select **Create**. The file is automatically downloaded to your system. 2. Securely store the JSON key file. 3. To encode the Key File in Base64: * On **macOS/Linux**, run: `base64 .json` * On **Windows**, use a tool or plugin to convert the JSON to a one-line Base64 string. > **Note:** The Base64 encoding ensures multi-line keys are compacted into a single string. 1. To enable required Google Cloud APIs, in the **Google Cloud Console**: 1. Navigate to **APIs & Services**. 2. In the left pane, select **Library**. 3. Search for and enable the following APIs: * Compute Engine API (compute.googleapis.com) * Kubernetes Engine API (container.googleapis.com) * Cloud Resource Manager API (cloudresourcemanager.googleapis.com) ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-01c799b58b5eddec595b9365826d0347175c9ef4%252FAPI_enable.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ce98807&sv=2) d. Alternatively, use the gcloud CLI to enable all the required APIs at once: Copy gcloud services enable compute.googleapis.com \ apikeys.googleapis.com \ artifactregistry.googleapis.com \ bigquery.googleapis.com \ sqladmin.googleapis.com \ storage.googleapis.com \ dns.googleapis.com \ containerregistry.googleapis.com \ container.googleapis.com \ iam.googleapis.com \ dataproc.googleapis.com \ cloudkms.googleapis.com \ logging.googleapis.com e. To verify the APIs were enabled, run: Copy gcloud services list --enabled [](https://docs.ox.security/making-connections/gke#connecting-to-gke) Connecting to GKE -------------------------------------------------------------------------------------------- 1. In the **Google Cloud Console**, locate the ID of the project in which you have created a service account. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b5ac6afd45ac0773bfe14b64f466b226d0ef5115%252Fproject%2520in%2520GCC.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=87a85901&sv=2) 1. In the **OX Security** platform, go to **Connectors** and search for **GKE**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-97852b228bdde0619c7adcc4165fdf45023b6830%252FGKE_icon.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8c5191dc&sv=2) 1. Select **GKE** and set the following parameters in the **Configure your GKE credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-f2959b744bb692e5c77007113f5b51355a7e18f2%252FGKE_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=bb5f06ad&sv=2) Parameter Description **Project ID** Copy the value from the step 1 **API** **Token** Base64-encoded key 1. Select **CONNECT**. A success message appears. 2. To select specific repositories for scanning by OX platform, select the gear icon next to **DELETE**. 3. Select the clusters you want to protect. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-538824e0188b8140773fa419d0f6beb79c0fe879%252FGKE_clusters_selection_single.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=abb39d6&sv=2) 1. Select **SAVE**. [](https://docs.ox.security/making-connections/gke#multi-project-access) Multi project access -------------------------------------------------------------------------------------------------- To reuse one service account across multiple GKE projects: 1. [Create a new service account](https://docs.ox.security/making-connections/gke#creating-a-new-service-account) . 2. In the source project, copy the email of the service account. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-fedd0cd4d44632779f630b22f64f112c7548957c%252Fgke_connector_result_email.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e61a317&sv=2) 1. For each target project, navigate to **IAM & Admin** and select **Grant Access**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-0b659975e096c899980ed903ff56f6be142b1467%252FMulti_project_grant_perm.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8d156403&sv=2) 1. In the **New principals** box, add the copied email address. 2. In the **Role** box, select **Viewer** and then click **Save**. 3. In the **OX Security** platform, go to **Connectors** and search for **GKE**. 4. Select **GKE** and set the following parameters in the **Configure your GKE credentials** dialog. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8ae3899b2e409eb13dcf3620a582d91fadd3c7b5%252Fmulti_project_connect.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=b7d1fa8c&sv=2) Parameter Description **Project ID** Add \* **API** **Token** Base64-encoded key 1. Select **CONNECT**. A success message appears. 2. To select specific repositories for scanning by OX platform, select the gear icon next to **DELETE**. 3. Select the clusters you want to protect from all the projects you have connected to OX. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8e8a4fb0187ade4190bf7f814d64d3d2fb9dceba%252FGKE_clusters_selection%2520%282%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ffb37fb4&sv=2) 1. Select **SAVE**. * * * Last updated 6 months ago --- # Google | OX docs [](https://docs.ox.security/making-connections/google#introduction) Introduction ------------------------------------------------------------------------------------- Google Cloud Artifact Registry (GAR) is a unified registry service for managing and securing software artifacts. GAR offers: * **Centralized hosting** for multiple artifact types like Docker images, language-specific packages (Maven, npm, Python) and OS packages. * **Granular access contro**l through Cloud IAM. * **Direct integration with Google Cloud's deployment services**, such as Cloud Run and Google Kubernetes Engine (GKE). By connecting GAR to OX Security, you have a constant connection to GAR and scanned results are displayed in the Artifact’s BOM. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-e91f2a84b4bbf6354361ea27d51822dad248b20d%252Fartifact%2520bom.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=66e74288&sv=2) [](https://docs.ox.security/making-connections/google#prerequisites) Prerequisites --------------------------------------------------------------------------------------- Ensure the following requirements are met: * You have OX Security admin permissions to set up the connection. * You have a Google Cloud account with permissions to create projects and API tokens. * You have a project in Google Cloud. [](https://docs.ox.security/making-connections/google#connection-overview) Connection overview --------------------------------------------------------------------------------------------------- These steps summarize the connection process. 1. [Enable API services in Google Cloud.](https://docs.ox.security/making-connections/google#step-1-enable-api-services-in-google-cloud) 2. [Create a custom role in Google Cloud with specific permissions.](https://docs.ox.security/making-connections/google#step-2-create-a-custom-role-in-google-cloud-with-specific-permissions) 3. [Create a service account in Google Cloud.](https://docs.ox.security/making-connections/google#step-3-create-a-service-account-in-google-cloud) 4. [Create the service account API key in Google Cloud.](https://docs.ox.security/making-connections/google#step-4-create-the-service-account-api-key-in-google-cloud) 5. [Pass the credentials to OX Security](https://docs.ox.security/making-connections/google#step-5-pass-the-credentials-to-ox-security) [](https://docs.ox.security/making-connections/google#connection-steps) Connection steps --------------------------------------------------------------------------------------------- To connect GAR to OX Security, follow these steps: ### [](https://docs.ox.security/making-connections/google#step-1-enable-api-services-in-google-cloud) Step 1: Enable API services in Google Cloud 1. From the dashboard use the search bar to find **API & Services** and click **Enable API & Services**. This opens the **API Library** page. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6a025de47c23b6976a86454282c391bbec7acb47%252Fenable%2520api%2520services.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=594764ae&sv=2) 2. From the **API Library** page, use the search bar to find **Cloud Resource Manager AP**I and click the **Cloud Resource Manager API** link. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-63ac5ea93bc768f0dbeba82867ddf991a52c532d%252Fcloud%2520resource%2520manager.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=367460f2&sv=2) 3. Verify that the **API is enabled** (default). If not, click **Manage** to enable it. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-5ea4c37f7f73881150fa82c7c63d05ee879b26bf%252Fcloud%2520resource%2520manager%2520enabled.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d2b293c3&sv=2) 4. Next, use the same search action to open the **Artifact Registry API** page and verify that it is also enabled. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9b464825f4c59504528ed106492c4869d307c7db%252Fartifact%2520registry%2520api%2520enabled%2520%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=cce15415&sv=2) * * * ### [](https://docs.ox.security/making-connections/google#step-2-create-a-custom-role-in-google-cloud-with-specific-permissions) Step 2: Create a custom role in Google Cloud with specific permissions 1. From the Google Cloud dashboard menu, select **IAM & Admin > Roles**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-60e032992ae3f48b52317da64e57233e942d6939%252Fgoogle%2520iam%2520menu.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9a465a20&sv=2) 2. From the **Roles** page, click **Create role**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-3f548600fea1e05f824182bd8430f385cb07e93a%252Fcreate%2520role.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=76e730cb&sv=2) 3. Enter a title and description. 1. The ID is auto-generated. 2. Leave the **Role launch stage** as is. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-6a3f572b665ff674805bc14d3246c21e3a7e0567%252Frole%2520add%2520permissions%2520buttons.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=754ed71f&sv=2) 4. Click **Add permissions** to open a dialog box. You’ll add two permissions **Artifact Registry Reader** and **resourcemanager.projects.get**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b4f0556efaef381a9148a3c1e36dc0f4405e1a3d%252Fpermissions%2520add%2520artifact%2520registry.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1a073d8&sv=2) 5. Locate the **Artifact Registry Reader**, activate the checkbox and click **OK**. 6. You’ll see that there are multiple pages of related permissions. To select all permissions on a specific page, activate the “master” checkbox in the header. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-454c0b0077ffe8238c593e2607e3eb98ba655f76%252Fpermissions%2520add%2520pemissions%2520header.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2433504&sv=2) 7. Use the navigation chevron at bottom to move to the next page and select all the permissions on that page. 8. Repeat until all the related permissions are selected, then click **Add**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-682bad32350ce85d72ad8dd1996e00938bd440de%252Fpermissions%2520add%2520permissions%2520start.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7ad828bb&sv=2) 9. Next, locate the **permission resourcemanager.projects.get** and click **Add**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-63bf9dc1d9e733f459faa7903c9b1f2fc9493334%252Fresourcemanager%2520get%2520add.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=5af08436&sv=2) 10. To complete and create the role, click **Create**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-d9123384d305c2eb0fad7f673167e5fb79b965aa%252Fassigned%2520permissions%2520screen.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=dbf3f685&sv=2) * * * ### [](https://docs.ox.security/making-connections/google#step-3-create-a-service-account-in-google-cloud) Step 3: Create a service account in Google Cloud 1. From **IAM & Admin / Roles**, select **Service Accounts** from the menu and click **Create service accoun**t. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b3785ae3275b7c375754e6dcfe7161477652c65b%252Fcreate%2520service%2520account%2520button.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d6ead4f8&sv=2) 2. Enter a **Service account name** and **Service account description** (the **Service account ID** is auto-generated). Then click **Create and continue** to assign permissions to the service account. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-8eea39ea21f873f72bf2f38c933b7e8a9032c436%252Fcreate%2520service%2520account%2520with%2520details.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=fbb507ce&sv=2) 3. To add the role you just created, open the **Select a role dropdown**, select **Custom**. Select the role (left screen), then click **Continue** (right screen). ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-17369d50769d14ac466af08d2e55ace42b4ada7f%252Fcreate%2520service%2520account%25202%2520screens.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=725a527e&sv=2) 4. Leave the **Principals with access** as is. To complete the creation of the service account, click **Done**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9f9ddbbaae1482d92cf2a9458d8a40d046ee3d1b%252Fcreate%2520service%2520account%2520leave%2520principals.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=57736acd&sv=2) 5. To verify the service account, enter the service account name you just created in the filter. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-9f5491987d104f90f114817a6777405465b6126d%252Fservice%2520account%2520registry%2520access%2520filter.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ff2f00d3&sv=2) * * * ### [](https://docs.ox.security/making-connections/google#step-4-create-the-service-account-api-key-in-google-cloud) Step 4: Create the service account API key in Google Cloud 1. Continue from the previous screen, select the service account you created and select the **Keys** tab. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-77a338494853159c87539ae486378962eb2378b7%252Fservice%2520account%2520keys.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1a648e0&sv=2) 2. On the **Keys** tab, click **Add key** and select JSON as the Key type. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-32f67df164af20ce2ed3ffed283fe53d81f49fa1%252Fprivate%2520key%2520json.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d2e1a500&sv=2) 3. Read the warning about data security. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-133577711fa0398f1778cf9a87a55ff0106ac4ba%252Fprivate%2520key%2520warning%2520saved.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ed08733b&sv=2) 4. To complete, click **Close**. The JSON key is now saved to your computer. * * * ### [](https://docs.ox.security/making-connections/google#step-5-pass-the-credentials-to-ox-security) Step 5: Pass the credentials to OX Security 1. Create a Base64 string including the Key and the Project name from the JSON key. There are several methods to do this. If you use [Node.js/Browser](http://node.js/Browser) , here is a code example. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-eca029991567b9b086e2b22d84d7ae3d557603a9%252Fbase64.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6c5dee69&sv=2) 2. Sign in to OX Security. From the **OX Connectors** page open the **GAR connector** and enter these details: 1. **Project ID:** The ID of the project you want to scan. 2. **API Token:** The Base64 string you created. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-53f5e4f7bd4d59dce5cda0be5be76e8a1b6c4b33%252Fgar%2520connector%2520ox%2520screen.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=509cbace&sv=2) 3. Click **Connect**. If the credentials are valid, a success message appears. That’s it. OX Security is now connected to your Google Artifact Registry. [](https://docs.ox.security/making-connections/google#post-setup-checks) Post-setup checks ----------------------------------------------------------------------------------------------- Use either or both of these steps. * From the OX Connectors page open the GAR connector and click **Verify Connectivity**. * From the same screen, click **Settings**. This displays a list of all images. [](https://docs.ox.security/making-connections/google#logs-and-alerts) Logs and alerts ------------------------------------------------------------------------------------------- If your credentials are not accepted, an error message shows on the connection screen. [](https://docs.ox.security/making-connections/google#troubleshooting) Troubleshooting ------------------------------------------------------------------------------------------- If your credentials are valid but you can’t connect to GAR, reach out to Customer Support. [](https://docs.ox.security/making-connections/google#disconnection) Disconnection --------------------------------------------------------------------------------------- To disconnect, open the GAR connector and select **DELETE**. To reconnect, re-enter the Project ID and API Token. Last updated 5 days ago --- # CyCognito | OX docs > Note: This capability may be in Early Access (EA) in your environment. Coordinate availability with your OX technical contact. You can connect OX to your CyCognito instance to import Dynamic Application Security Testing (DAST) results. This lets you view DAST issues alongside other security findings in OX. [](https://docs.ox.security/making-connections/dynamic-app-security/cycognito#prerequisites) Prerequisites --------------------------------------------------------------------------------------------------------------- * A CyCognito account with Admin role or IT User role, and access to the projects you plan to import. * Projects or applications in CyCognito that already have at least one completed scan so findings exist. [](https://docs.ox.security/making-connections/dynamic-app-security/cycognito#step-1-generate-a-cycognito-api-token-cycognito) Step 1: Generate a Cycognito API token \[CyCognito\] ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Use a read-only token. If your organization prefers stricter scoping, create a dedicated service account and generate the token from that account. 1. In CyCognito, go to **Settings > API Key Management**. * Some tenants label this path **Workflow & Integration > API Key Management**. **Note:** If your tenant separates _personal_ and _organization_ tokens, choose the option your security policy requires. 2. Select **Add API Key**. 3. In the dialog, configure the key: Field What to enter **Key name** A unique name that explains the purpose, for example, `OX ingestion`. **Access** Choose **Read only** for ingestion. Select **Read and write** only if your use case requires writes. **Set expiration** (Recommended) Set a validity period to enforce rotation. 4. Select **Generate** and copy the key value. The API key value is shown only once, store it in a secure location. [](https://docs.ox.security/making-connections/dynamic-app-security/cycognito#step-2-connecting-to-cycognito) Step 2: Connecting to Cycognito -------------------------------------------------------------------------------------------------------------------------------------------------- 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **CyCognito**. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-eb3aaa0de31216289fe004cb809f9e76cfeaf038%252FCyCognito.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=511a858c&sv=2) 1. In the **Configure your CyCognito credentials** box, provide the following details: Field Description **CyCognito Host URL** The base server URL CyCognito provides. **Token** The API key you generated in CyCognito. 1. Select **CONNECT**. 2. To select specific CyCognito projects to import, click the gear icon next to the **DELETE** button. ![](https://docs.ox.security/~gitbook/image?url=https%3A%2F%2F884876233-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FdK3XMLdV8zRg847RmGmZ%252Fuploads%252Fgit-blob-b73492c5434033876ccc9834221fd01f31b02b94%252FCyCognito_apps.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d918b180&sv=2) 1. Select the CyCognito projects and select **SAVE**. When connected, OX starts pulling DAST data from CyCognito. Last updated 2 days ago ---