Performing a Search

Getting Started
Search for vulnerable components
Search Item types, field names and examples
Search syntax examples:

Getting Started with Advanced Search

You can fine-tune the search query by using a combination of multiple search terms/item types in conjunction with the supported search syntax. Such queries can be used to find specific organizations, applications, components and policies by names, IDs, etc. Advanced Search results do not return policy violations. Use the Violations View on the Dashboard to view policy violations.

Steps to use Advanced Search:

Go to Advanced Search in the main left navigation bar.
Click on the Add Search Terms button to start building your query.
Click on the required search item types and enter the corresponding search value to complete the search criteria.
Hit Search to view the results

To perform advanced searches using REST API, use Advanced Search REST API.

NEW IN RELEASE 136 Advanced Search for Components with Vulnerabilities

Selecting any search item type from the Component category will give an option to retrieve:

All components that match the search criteria or
Only components that match the search criteria and have security vulnerabilities

NEW IN RELEASE 170 Search for Components in Applications from a Specific Organization

You can search for components or vulnerabilities in applications that belong to a specific organization by including the organizationName or organizationID in the search query.
The results will show the occurrences of the component found in the applications and the organization to which it belongs.

When using this feature for the first time, a Re-Index will be required, after upgrading IQ Server/Lifecycle. The Re-Index button is located on the Advanced Search Configuration page, accessible from the System Preferences menu.

Currently, organization hierarchy is not supported by Advanced Search. Including an organization in the search query will not retrieve results for its child organizations, if any exist. The search will retrieve components and vulnerabilities in applications that belong to the organization specified in the search query.

Search Item Types, Field Names, and Examples

Refer table below for more information on search item types, field names and corresponding examples to build your search criteria.

Item Type	Field Name	Example
`ORGANIZATION`	`organizationId`	`organizationId:ROOT_ORGANIZATION_ID`
`ORGANIZATION`	`organizationName`	`organizationName:"Root Organization"`
`APPLICATION`	`applicationId`	`applicationId:22951997a36045ab8593e3b6aafb9745`
	`applicationName`	`applicationName:"My Application Name"`
	`applicationPublicId`	`applicationPublicId:MyApplicationPublicId`
`APPLICATION_CATEGORY`	`applicationCategoryId`	`applicationCategoryId:319cde35ef9749f4ab99a6473ad10b74`
	`applicationCategoryName`	`applicationCategoryName:Distributed`
	`applicationCategoryColor`	`applicationCategoryColor:yellow`
	`applicationCategoryDescription`	`applicationCategoryDescription:"outside the company"`
`COMPONENT`	`componentHash`	`componentHash:f5149f0aaf01daf4bb2f`
	`componentFormat`	`componentFormat:maven`
	`componentName`	`componentName:"javax.mail : mailapi : 1.4.2"`
	`componentCoordinateGroupId`	`componentCoordinateGroupId:commons-fileupload`
	`componentCoordinateArtifactId`	`componentCoordinateArtifactId:mailapi`
	`componentCoordinateVersion`	`componentCoordinateVersion:1.2.16`
	`componentCoordinateClassifier`	`componentCoordinateClassifier:dist`
	`componentCoordinateExtension`	`componentCoordinateExtension:jar`
	`componentCoordinateName`	`componentCoordinateName:"org.webjars bootstrap"`
	`componentCoordinateQualifier`	`componentCoordinateQualifier:cp37-cp37m-win32`
	`componentCoordinatePackageId`	`componentCoordinatePackageId:loadash`
	`componentCoordinateArchitecture`	`componentCoordinateArchitecture:x86_64`
	`componentCoordinatePlatform`	`componentCoordinatePlatform:ruby`
`COMPONENT_LABEL`	`componentLabelId`	`componentLabelId:0d3f4015332e4b298ac1ed95c12ff3a3`
	`componentLabelName`	`componentLabelName:Architecture-Cleanup`
	`componentLabelColor`	`componentLabelColor:orange`
	`componentLabelDescription`	`componentLabelDescription:"relics of a build"`
`POLICY`	`policyId`	`policyId:b4ca64a8b8264f03b65127016859b2a2`
	`policyName`	`policyName:Component-Unknown`
	`policyThreatCategory`	`policyThreatCategory:security`
	`policyThreatLevel`	`policyThreatLevel:10`
`SECURITY_VULNERABILITY`	`reportId`	`reportId:a6860277aa844ab5af8bfef041f7e6e5`
	`policyEvaluationStage`	`policyEvaluationStage:Build`
	`vulnerabilityId`	`vulnerabilityId:CVE-2014-3625`
	`vulnerabilityStatus`	`vulnerabilityStatus:Open`
	`vulnerabilitySeverity`	`vulnerabilitySeverity:7.1`
	`vulnerabilityDescription`	`vulnerabilityDescription:"directory traversal"`
N/A	`itemType`	`itemType:ORGANIZATION`

Search Syntax

Example for single field search

fieldName:value

fetches results where each result has fieldName exactly matching value.

Default search term for single field search is vulnerabilityId. If no fieldName is specified, then the vulnerabilityId is used, and the equivalent search term is considered to be:

vulnerabilityId:value

Boolean operators for single fields is + meaning each result must satisfy this condition +fieldName:value

Example for multiple fields search

fieldName1:value1 AND fieldName2:value2

fetches results where each result has fieldName1 with exactly value1 and has fieldName2 with exactly value2

Boolean operators for multiple fields are listed below:

AND or && meaning each result must satisfy both conditions i.e.
fieldName1:value1 AND fieldName2:value2 fieldName1:value1 && fieldName2:value2
OR or || meaning each result must satisfy one condition or the other condition i.e.
fieldName1:value1 OR fieldName2:value2 fieldName1:value1 || fieldName2:value2
NOT or ! or - meaning each result must not satisfy the condition i.e.
fieldName1:value1 NOT fieldName2:value2
fieldName1:value1 ! fieldName2:value2 fieldName1:value1 - fieldName2:value2

Boolean operators are case-sensitive.

Default operator: If no boolean operator is specified, then the default boolean operator OR is used. Example:

fieldName1:value1 fieldName2:value2

is equivalent to searching for

fieldName1:value1 OR fieldName2:value2

Example for using Boosting Operator

A boosting operator is used to specify the relevancy order for the search results. You can boost a term within a query to increase its relevance by changing the order in which it appears in the results. Example:

fieldName1:value1^x OR fieldName2:value2

fetches results where each result has fieldName1 with exactly value1 boosted by x or has fieldName2 with exactly value2.

Note that x, must be positive, may be fractional, and is by default one.

Example for searching for multiple phrases separated by whitespace

fieldName:"value1 value2"

Using quotes encasing the values fetches results where each fieldName matches the exact phrase "value1 value2".

This can be used for fields like descriptions.

Example for search using wildcards * and ?

fieldName:v*

fetches results where each result has fieldName with a value starting with v and following with zero or more of any character

fieldName:v?

fetches results where each result has fieldName with a value starting with v and following with any single character

Example for search using regular expressions (regex)

fieldName:/regularExpression/

fetches results where each result has fieldName with a value matching regularExpression

Example for search using fuzzy expressions

fieldName:value~x

fetches results where each result has fieldName with some value within x edits of value.

Note that the maximum number of edits can range between zero and two i.e. 0 ≤ x ≤ 2. If no maximum number of edits is specified, then the default maximum number of edits of two is used i.e.

fieldName:value~ is equivalent to fieldName:value~2

Example for search using proximity expressions

fieldName:"value1 value2"~x

fetches results where each result has fieldName with value1 and value2 within x words of each other. These kinds of searches are most effective with fields consisting of multiple words, like description fields.

Examples for search based on range

Example 1:

fieldName:[value1 TO value2]

fetches results where each result has fieldName with a value between value1 and value2 inclusive.

Example 2:

fieldName:{value1 TO value2}

fetches results where each result has fieldName with a value between value1 and value2 exclusive.

Examples for search by grouping values

Example 1:

fieldName:((value1 OR value2) AND value3)

fetches results where each result has fieldName with value3 as well as value1 or value2.

Example 2:

(fieldName1:value1 OR (fieldName2:value2 AND fieldName3:value3))

fetches results where each result has either fieldName1 with value1 or fieldName2 with value2 in addition to fieldName3 with value3.

These kinds of searches are most effective with fields consisting of multiple words, like description fields.

Example to escape characters while building the search query

The current list of special characters, delimited by spaces is:

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /

To escape any one of these, use a single backslash \ before it e.g. to escape + use \+