Performing a Search
An IQ Server user can perform an advanced search either via the Advanced Search REST API or via IQ Server's UI by clicking on the Search icon in the main header, typing their query into the search bar, and clicking the search button.
Search Item Types, Field Names, and Examples
Each of the search types has an associated item type and field names that can be searched on, which are shown in the following table.
| Item Type | Field Name | Example |
|---|---|---|
ORGANIZATION | organizationId | organizationId:ROOT_ORGANIZATION_ID |
organizationName | organizationName:"Root Organization" | |
APPLICATION | applicationId | applicationId:22951997a36045ab8593e3b6aafb9745 |
applicationName | applicationName:"My Application Name" | |
applicationPublicId | applicationPublicId:MyApplicationPublicId | |
APPLICATION_CATEGORY | applicationCategoryId | applicationCategoryId:319cde35ef9749f4ab99a6473ad10b74 |
applicationCategoryName | applicationCategoryName:Distributed | |
applicationCategoryColor | applicationCategoryColor:yellow | |
applicationCategoryDescription | applicationCategoryDescription:"outside the company" | |
COMPONENT_LABEL | componentLabelId | componentLabelId:0d3f4015332e4b298ac1ed95c12ff3a3 |
componentLabelName | componentLabelName:Architecture-Cleanup | |
componentLabelColor | componentLabelColor:orange | |
componentLabelDescription | componentLabelDescription:"relics of a build" | |
POLICY | policyId | policyId:b4ca64a8b8264f03b65127016859b2a2 |
policyName | policyName:Component-Unknown | |
policyThreatCategory | policyThreatCategory:security | |
policyThreatLevel | policyThreatLevel:10 | |
SECURITY_VULNERABILITY | reportId | reportId:a6860277aa844ab5af8bfef041f7e6e5 |
policyEvaluationStage | policyEvaluationStage:Build | |
componentHash | componentHash:f5149f0aaf01daf4bb2f | |
componentFormat | componentFormat:maven | |
componentName | componentName:"javax.mail : mailapi : 1.4.2" | |
componentCoordinateGroupId | componentCoordinateGroupId:commons-fileupload | |
componentCoordinateArtifactId | componentCoordinateArtifactId:mailapi | |
componentCoordinateVersion | componentCoordinateVersion:1.2.16 | |
componentCoordinateClassifier | componentCoordinateClassifier:dist | |
componentCoordinateExtension | componentCoordinateExtension:jar | |
componentCoordinateName | componentCoordinateName:"org.webjars bootstrap" | |
componentCoordinateQualifier | componentCoordinateQualifier:cp37-cp37m-win32 | |
componentCoordinatePackageId | componentCoordinatePackageId:loadash | |
componentCoordinateArchitecture | componentCoordinateArchitecture:x86_64 | |
componentCoordinatePlatform | componentCoordinatePlatform:ruby | |
vulnerabilityId | vulnerabilityId:CVE-2014-3625 | |
vulnerabilityStatus | vulnerabilityStatus:Open | |
vulnerabilitySeverity | vulnerabilitySeverity:7.1 | |
vulnerabilityDescription | vulnerabilityDescription:"directory traversal" | |
| N/A | itemType | itemType:ORGANIZATION |
Security vulnerabilities are only indexed for the latest application composition reports .
Search Syntax
Single Field
We support searching on a specific field i.e.
fieldName:value
finds results where each result has fieldName with exactly value.
If no fieldName is specified, then the default fieldName is used, which is vulnerabilityId i.e. searching for
value
is equivalent to searching for
vulnerabilityId:value
Boolean Operators
We support the following boolean operator for single fields
+meaning each result must satisfy this condition i.e.+fieldName:value
Multiple Fields
We support searching on multiple fields i.e.
fieldName1:value1 AND fieldName2:value2
finds results where each result has fieldName1 with exactly value1 and has fieldName2 with exactly value2
Boolean Operators
We support the following boolean operators for multiple fields
ANDor&&meaning each result must satisfy both conditions i.e.fieldName1:value1 AND fieldName2:value2
fieldName1:value1 && fieldName2:value2ORor||meaning each result must satisfy one condition or the other condition i.e.fieldName1:value1 OR fieldName2:value2
fieldName1:value1 || fieldName2:value2NOTor!or-meaning each result must not satisfy the condition i.e.fieldName1:value1NOT fieldName2:value2fieldName1:value1 ! fieldName2:value2
fieldName1:value1 - fieldName2:value2
Note that boolean operators are case-sensitive.
If no boolean operator is specified, then the default boolean operator OR is used i.e.
fieldName1:value1 fieldName2:value2
is equivalent to searching for
fieldName1:value1 OR fieldName2:value2
Boosting Operator
We support boosting a term within a query to increase its relevance making it more likely to appear in results i.e.
fieldName1:value1^x OR fieldName2:value2
finds results where each result has fieldName1 with exactly value1 boosted by x or has fieldName2 with exactly value2.
Note that x, must be positive, may be fractional, and is by default one.
Whitespace
To include whitespace use quotes i.e.
fieldName:"value1 value2"
finds results where each result has fieldName with a value containing the exact phrase "value1 value2".
Note that this particular example only makes sense for fields which can have multiple words such as descriptions.
Wildcards
We support the wildcards
- * meaning zero or more of any character
- ? meaning any single character
such that
fieldName:v*
finds results where each result has fieldName with a value starting with v and following with zero or more of any character
fieldName:v?
finds results where each result has fieldName with a value starting with v and following with any single character
Regular Expressions
We support regular expressions i.e.
fieldName:/regularExpression/
finds results where each result has fieldName with a value matching regularExpression
Fuzzy Expressions
We support fuzzy expressions i.e.
fieldName:value~x
finds results where each result has fieldName with some value within x edits of value.
Note that the maximum number of edits can range between zero and two i.e. 0 ≤ x ≤ 2.
If no maximum number of edits is specified, then the default maximum number of edits of two is used i.e.
fieldName:value~
is equivalent to
fieldName:value~2
Proximity Expressions
We support proximity expressions i.e.
fieldName:"value1 value2"~x
finds results where each result has fieldName with value1 and value2 within x words of each other.
Note that this particular example only makes sense for fields which can have multiple words such as descriptions.
Range Searches
We support range expressions i.e.
fieldName:[value1 TO value2]
finds results where each result has fieldName with a value between value1 and value2 inclusive.
fieldName:{value1 TO value2}
finds results where each result has fieldName with a value between value1 and value2 exclusive.
Grouping
We support grouping using parentheses within a single field e.g.
fieldName:((value1 OR value2) AND value3)
finds results where each result has fieldName with value3 as well as value1 or value2.
Note that this particular example only makes sense for fields which can have multiple words such as descriptions.
Grouping can also be used between fields e.g.
(fieldName1:value1 OR (fieldName2:value2 AND fieldName3:value3))
finds results where each result has either fieldName1 with value1 or fieldName2 with value2 alongside fieldName3 with value3.
Escaping
On some occasions you may want to search for characters that are part of the search syntax, to do so you need to escape them.
The current list of special characters, delimited by spaces, is:
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
To escape any one of these, use a single backslash \ before it e.g. special character + becomes \+.