Performing a Search

An IQ Server user can perform an advanced search either via the Advanced Search REST API or via IQ Server's UI by clicking on the Search icon in the main header, typing their query into the search bar, and clicking the search button.

Search Item Types, Field Names, and Examples

Each of the search types has an associated item type and field names that can be searched on, which are shown in the following table.

Item TypeField NameExample
ORGANIZATIONorganizationIdorganizationId:ROOT_ORGANIZATION_ID
organizationNameorganizationName:"Root Organization"
APPLICATIONapplicationIdapplicationId:22951997a36045ab8593e3b6aafb9745
applicationNameapplicationName:"My Application Name"
applicationPublicIdapplicationPublicId:MyApplicationPublicId
APPLICATION_CATEGORYapplicationCategoryIdapplicationCategoryId:319cde35ef9749f4ab99a6473ad10b74
applicationCategoryNameapplicationCategoryName:Distributed
applicationCategoryColorapplicationCategoryColor:yellow
applicationCategoryDescriptionapplicationCategoryDescription:"outside the company"
COMPONENT_LABELcomponentLabelIdcomponentLabelId:0d3f4015332e4b298ac1ed95c12ff3a3
componentLabelNamecomponentLabelName:Architecture-Cleanup
componentLabelColorcomponentLabelColor:orange
componentLabelDescriptioncomponentLabelDescription:"relics of a build"
POLICYpolicyIdpolicyId:b4ca64a8b8264f03b65127016859b2a2
policyNamepolicyName:Component-Unknown
policyThreatCategorypolicyThreatCategory:security
policyThreatLevelpolicyThreatLevel:10
SECURITY_VULNERABILITYreportIdreportId:a6860277aa844ab5af8bfef041f7e6e5
policyEvaluationStagepolicyEvaluationStage:Build
componentHashcomponentHash:f5149f0aaf01daf4bb2f
componentFormatcomponentFormat:maven
componentNamecomponentName:"javax.mail : mailapi : 1.4.2"
componentCoordinateGroupIdcomponentCoordinateGroupId:commons-fileupload
componentCoordinateArtifactIdcomponentCoordinateArtifactId:mailapi
componentCoordinateVersioncomponentCoordinateVersion:1.2.16
componentCoordinateClassifiercomponentCoordinateClassifier:dist
componentCoordinateExtensioncomponentCoordinateExtension:jar
componentCoordinateNamecomponentCoordinateName:"org.webjars bootstrap"
componentCoordinateQualifiercomponentCoordinateQualifier:cp37-cp37m-win32
componentCoordinatePackageIdcomponentCoordinatePackageId:loadash
componentCoordinateArchitecturecomponentCoordinateArchitecture:x86_64
componentCoordinatePlatformcomponentCoordinatePlatform:ruby
vulnerabilityIdvulnerabilityId:CVE-2014-3625
vulnerabilityStatusvulnerabilityStatus:Open
vulnerabilitySeverityvulnerabilitySeverity:7.1
vulnerabilityDescriptionvulnerabilityDescription:"directory traversal"
N/AitemTypeitemType:ORGANIZATION

Security vulnerabilities are only indexed for the latest  application composition reports .

Search Syntax

Single Field

We support searching on a specific field i.e.

fieldName:value

finds results where each result has fieldName with exactly value.

If no fieldName is specified, then the default fieldName is used, which is vulnerabilityId i.e. searching for

value

is equivalent to searching for

vulnerabilityId:value

Boolean Operators

We support the following boolean operator for single fields

  • +  meaning each result must satisfy this condition i.e.
    +fieldName:value

Multiple Fields

We support searching on multiple fields i.e.

fieldName1:value1 AND fieldName2:value2

finds results where each result has fieldName1 with exactly value1 and has fieldName2 with exactly value2

Boolean Operators

We support the following boolean operators for multiple fields

  • AND  or && meaning each result must satisfy both conditions i.e.
    fieldName1:value1 AND fieldName2:value2
    fieldName1:value1 && fieldName2:value2
  • OR  or || meaning each result must satisfy one condition or the other condition i.e.
    fieldName1:value1 OR fieldName2:value2
    fieldName1:value1 || fieldName2:value2
  • NOT  or ! or - meaning each result must not satisfy the condition i.e.
    fieldName1:value1  NOT fieldName2:value2
    fieldName1:value1 ! fieldName2:value2
    fieldName1:value1 - fieldName2:value2

Note that boolean operators are case-sensitive.

If no boolean operator is specified, then the default boolean operator OR is used i.e.

fieldName1:value1 fieldName2:value2

is equivalent to searching for

fieldName1:value1 OR fieldName2:value2

Boosting Operator

We support boosting a term within a query to increase its relevance making it more likely to appear in results i.e.

fieldName1:value1^x OR fieldName2:value2

finds results where each result has fieldName1 with exactly value1 boosted by x or has fieldName2 with exactly value2.

Note that x, must be positive, may be fractional, and is by default one.

Whitespace

To include whitespace use quotes i.e.

fieldName:"value1 value2"

finds results where each result has fieldName with a value containing the exact phrase "value1 value2".

Note that this particular example only makes sense for fields which can have multiple words such as descriptions.

Wildcards

We support the wildcards

  • * meaning zero or more of any character
  • ? meaning any single character

such that

fieldName:v*

finds results where each result has fieldName with a value starting with v and following with zero or more of any character

fieldName:v?

finds results where each result has fieldName with a value starting with v and following with any single character

Regular Expressions

We support regular expressions i.e.

fieldName:/regularExpression/ 

finds results where each result has fieldName with a value matching regularExpression

Fuzzy Expressions

We support fuzzy expressions i.e.

fieldName:value~x 

finds results where each result has fieldName with some value within x edits of value.

Note that the maximum number of edits can range between zero and two i.e. 0 ≤ x ≤ 2.

If no maximum number of edits is specified, then the default maximum number of edits of two is used i.e.

fieldName:value~

is equivalent to

fieldName:value~2

Proximity Expressions

We support proximity expressions i.e.

fieldName:"value1 value2"~x

finds results where each result has fieldName with value1 and value2 within x words of each other.

Note that this particular example only makes sense for fields which can have multiple words such as descriptions.

Range Searches

We support range expressions i.e.

fieldName:[value1 TO value2]

finds results where each result has fieldName with a value between value1 and value2 inclusive.

fieldName:{value1 TO value2}

finds results where each result has fieldName with a value between value1 and value2 exclusive.

Grouping

We support grouping using parentheses within a single field e.g.

fieldName:((value1 OR value2) AND value3)

finds results where each result has fieldName with value3 as well as value1 or value2.

Note that this particular example only makes sense for fields which can have multiple words such as descriptions.

Grouping can also be used between fields e.g.

(fieldName1:value1 OR (fieldName2:value2 AND fieldName3:value3))

finds results where each result has either fieldName1 with value1 or fieldName2 with value2 alongside fieldName3 with value3.

Escaping

On some occasions you may want to search for characters that are part of the search syntax, to do so you need to escape them.

The current list of special characters, delimited by spaces, is:

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /

To escape any one of these, use a single backslash \ before it e.g. special character + becomes \+.