Performing a Search

Getting Started with Advanced Search

You can fine-tune the search query by using a combination of multiple search terms/item types in conjunction with the supported search syntax. Such queries can be used to find specific organizations, applications, components and policies by names, IDs, etc. Advanced Search results do not return policy violations. Use the Violations View on the Dashboard to view policy violations.

Steps to use Advanced Search:

  1. Go to Advanced Search in the main left navigation bar.
  2. Click on the Add Search Terms button to start building your query.
  3. Click on the required search item types and enter the corresponding search value to complete the search criteria.
  4. Hit Search to view the results

To perform advanced searches using REST API, use Advanced Search REST API.

NEW IN RELEASE 136 Advanced Search for Components with Vulnerabilities

Selecting any search item type from the Component category will give an option to retrieve:

  1. All components that match the search criteria or 
  2. Only components that match the search criteria and have security vulnerabilities

NEW IN RELEASE 170 Search for Components in Applications from a Specific Organization

You can search for components or vulnerabilities in applications that belong to a specific organization by including the organizationName or organizationID in the search query.
The results will show the occurrences of the component found in the applications and the organization to which it belongs.

When using this feature for the first time, a Re-Index will be required, after upgrading IQ Server/Lifecycle. The Re-Index button is located on the Advanced Search Configuration page, accessible from the System Preferences menu.

Currently, organization hierarchy is not supported by Advanced Search. Including an organization in the search query will not retrieve results for its child organizations, if any exist. The search will retrieve components and vulnerabilities in applications that belong to the organization specified in the search query.

Search Item Types, Field Names, and Examples

Refer table below for more information on search item types, field names and corresponding examples to build your search criteria. 

Item TypeField NameExample
ORGANIZATIONorganizationIdorganizationId:ROOT_ORGANIZATION_ID
organizationNameorganizationName:"Root Organization"
APPLICATIONapplicationIdapplicationId:22951997a36045ab8593e3b6aafb9745
applicationNameapplicationName:"My Application Name"
applicationPublicIdapplicationPublicId:MyApplicationPublicId
APPLICATION_CATEGORYapplicationCategoryIdapplicationCategoryId:319cde35ef9749f4ab99a6473ad10b74
applicationCategoryNameapplicationCategoryName:Distributed
applicationCategoryColorapplicationCategoryColor:yellow
applicationCategoryDescriptionapplicationCategoryDescription:"outside the company"



COMPONENT


componentHashcomponentHash:f5149f0aaf01daf4bb2f
componentFormatcomponentFormat:maven
componentNamecomponentName:"javax.mail : mailapi : 1.4.2"
componentCoordinateGroupIdcomponentCoordinateGroupId:commons-fileupload
componentCoordinateArtifactIdcomponentCoordinateArtifactId:mailapi
componentCoordinateVersioncomponentCoordinateVersion:1.2.16
componentCoordinateClassifiercomponentCoordinateClassifier:dist
componentCoordinateExtensioncomponentCoordinateExtension:jar
componentCoordinateNamecomponentCoordinateName:"org.webjars bootstrap"
componentCoordinateQualifiercomponentCoordinateQualifier:cp37-cp37m-win32
componentCoordinatePackageIdcomponentCoordinatePackageId:loadash
componentCoordinateArchitecturecomponentCoordinateArchitecture:x86_64
componentCoordinatePlatformcomponentCoordinatePlatform:ruby
COMPONENT_LABELcomponentLabelIdcomponentLabelId:0d3f4015332e4b298ac1ed95c12ff3a3
componentLabelNamecomponentLabelName:Architecture-Cleanup
componentLabelColorcomponentLabelColor:orange
componentLabelDescriptioncomponentLabelDescription:"relics of a build"
POLICYpolicyIdpolicyId:b4ca64a8b8264f03b65127016859b2a2
policyNamepolicyName:Component-Unknown
policyThreatCategorypolicyThreatCategory:security
policyThreatLevelpolicyThreatLevel:10
SECURITY_VULNERABILITYreportIdreportId:a6860277aa844ab5af8bfef041f7e6e5
policyEvaluationStagepolicyEvaluationStage:Build
vulnerabilityIdvulnerabilityId:CVE-2014-3625
vulnerabilityStatusvulnerabilityStatus:Open
vulnerabilitySeverityvulnerabilitySeverity:7.1
vulnerabilityDescriptionvulnerabilityDescription:"directory traversal"
N/AitemTypeitemType:ORGANIZATION

Search Syntax

Example for single field search

fieldName:value

fetches results where each result has fieldName exactly matching value.

Default search term for single field search is vulnerabilityId. If no fieldName is specified, then the vulnerabilityId is used, and the equivalent search term is considered to be:

vulnerabilityId:value

Boolean operators for single fields is + meaning each result must satisfy this condition +fieldName:value

Example for multiple fields search

fieldName1:value1 AND fieldName2:value2

fetches results where each result has fieldName1 with exactly value1 and has fieldName2 with exactly value2

Boolean operators for multiple fields are listed below:

  • AND  or && meaning each result must satisfy both conditions i.e.
    fieldName1:value1 AND fieldName2:value2
    fieldName1:value1 && fieldName2:value2
  • OR  or || meaning each result must satisfy one condition or the other condition i.e.
    fieldName1:value1 OR fieldName2:value2
    fieldName1:value1 || fieldName2:value2
  • NOT  or ! or - meaning each result must not satisfy the condition i.e.
    fieldName1:value1  NOT fieldName2:value2
    fieldName1:value1 ! fieldName2:value2
    fieldName1:value1 - fieldName2:value2

Boolean operators are case-sensitive.

Default operator: If no boolean operator is specified, then the default boolean operator OR is used. Example:

fieldName1:value1 fieldName2:value2

is equivalent to searching for

fieldName1:value1 OR fieldName2:value2

Example for using Boosting Operator

A boosting operator is used to specify the relevancy order for the search results. You can boost a term within a query to increase its relevance by changing the order in which it appears in the results. Example:

fieldName1:value1^x OR fieldName2:value2

fetches results where each result has fieldName1 with exactly value1 boosted by x or has fieldName2 with exactly value2.

Note that x, must be positive, may be fractional, and is by default one.

Example for searching for multiple phrases separated by whitespace

fieldName:"value1 value2"

Using quotes encasing the values fetches results where each fieldName matches the exact phrase "value1 value2".

This can be used for fields like descriptions.

Example for search using wildcards * and ?

fieldName:v*

fetches results where each result has fieldName with a value starting with v and following with zero or more of any character

fieldName:v?

fetches results where each result has fieldName with a value starting with v and following with any single character

Example for search using regular expressions (regex)

fieldName:/regularExpression/ 

fetches results where each result has fieldName with a value matching regularExpression

Example for search using fuzzy expressions

fieldName:value~x 

fetches results where each result has fieldName with some value within x edits of value.

Note that the maximum number of edits can range between zero and two i.e. 0 ≤ x ≤ 2. If no maximum number of edits is specified, then the default maximum number of edits of two is used i.e.

fieldName:value~ is equivalent to fieldName:value~2

Example for search using proximity expressions

fieldName:"value1 value2"~x

fetches results where each result has fieldName with value1 and value2 within x words of each other. These kinds of searches are most effective with fields consisting of multiple words, like description fields.

Examples for search based on range 

Example 1:

fieldName:[value1 TO value2]

fetches results where each result has fieldName with a value between value1 and value2 inclusive.

Example 2:

fieldName:{value1 TO value2}

fetches results where each result has fieldName with a value between value1 and value2 exclusive.

Examples for search by grouping values

Example 1:

fieldName:((value1 OR value2) AND value3)

fetches results where each result has fieldName with value3 as well as value1 or value2

Example 2:

(fieldName1:value1 OR (fieldName2:value2 AND fieldName3:value3))

fetches results where each result has either fieldName1 with value1 or fieldName2 with value2 in addition to fieldName3 with value3.

These kinds of searches are most effective with fields consisting of multiple words, like description fields. 

Example to escape characters while building the search query

The current list of special characters, delimited by spaces is:

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /

To escape any one of these, use a single backslash \ before it e.g. to escape + use \+