Skip to main content

Overview

OX Security is an application security posture management (ASPM) platform that provides comprehensive visibility into your software supply chain. This integration connects Backline with OX Security to automatically import Open Source Security and Container Security vulnerabilities, enabling centralized remediation workflows.

What You Can Do

With the OX Security integration, Backline can:
  • Automatically import SCA & Container Image vulnerabilities from OX Security
  • Track vulnerabilities detected across your repositories
  • Create remediation workflows for imported vulnerabilities
  • Maintain vulnerability detection timestamps from OX Security
  • Centralize security vulnerabilities from multiple scanners in one place

Prerequisites

Before connecting OX Security, ensure you have:
  • An OX Security account
  • An API token with read-only permissions
  • Access to the Integration Hub in Backline

Generating an API Token

1

Log in to OX Security

Access your OX Security dashboard at https://app.ox.security
2

Navigate to Settings

Go to your organization settings or API settings section.
3

Generate API Token

Create a new API token with read access to issues and applications. Copy the token and store it securely.
Store your API token securely. It will only be shown once during creation.

Connecting OX Security

1

Navigate to Integrations

In Backline, go to the Integration Hub from the main menu.
2

Select OX Security

Find and click on the OX Security integration card.
3

Enter API Token

In the connection form, enter your OX Security API token.
4

Test Connection

Click Connect to verify your credentials. Backline will test the connection to ensure the token is valid.

How It Works

Once connected, Backline will:
  1. Fetch Vulnerabilities: Periodically scan OX Security for new SCA vulnerability findings
  2. Filter Relevant Issues: Import only Open Source Security & Container Security issues that contain CVE information
  3. Map to Repositories: Associate vulnerabilities with the correct repositories in your Backline workspace
  4. Track Detection Time: Preserve the original detection timestamp from OX Security

Scan Schedule

After connecting OX Security, Backline automatically schedules periodic scans to fetch new vulnerabilities. The scan runs every 6 hours to ensure your vulnerabilities stay up to date.
The initial scan begins shortly after the integration is connected. You can view imported issues in the Vulnerabilities section.

Managing the Integration

Viewing Connection Status

To check your OX Security connection:
  1. Open the Integration Hub
  2. Find the OX Security card
  3. A Configure button indicates the integration is connected

Reconnecting

If your API token expires or needs to be updated:
  1. Click Configure on the OX Security card
  2. Enter the new API token
  3. Click Connect to verify the new credentials

Troubleshooting

Connection Failed

If the connection test fails:
  • Verify your API token is correct and has not expired
  • Ensure your OX Security account has the necessary permissions
  • Check that your network allows connections to OX Security’s API

Missing Vulnerabilities

If expected vulnerabilities are not appearing:
  • Only SCA (Open Source Security) and Image (Container Security) vulnerabilities with CVE identifiers are imported
  • Verify the relevant repositories are accessible to Backline via the connected source control management integration
  • Check that the vulnerability exists in OX Security under the right categories

Incorrect Detection Dates

If detection dates appear incorrect:
  • The detection date reflects when OX Security first detected the vulnerability, not when it was imported