Searching Issues

You can create search queries to refine the list of issues displayed for an application versionClosedA particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed..

To create a query to search issues:

  1. Access the AUDIT page for the applicationClosedA customer codebase evaluated by Fortify software. The top-level container for one or more application versions. When you work with a new codebase, the application and first application version are automatically created. An application includes one or more application versions that users create and configure. version. (See Accessing the AUDIT Page from the Issue Stats Page of the Dashboard or Accessing the AUDIT Page from the Issue Stats Page of the Dashboard.)

  2. In the Search Issues box, type a search query using the following syntax. To indicate the type of comparison to perform, wrap search terms with delimiters.

    Comparison Description
    contains Searches for a term without any special qualifying delimiters
    equals Searches for an exact match if the term is enclosed in quotation marks ("")
    number range

    Uses standard mathematical syntax, such as “(” and “)” for exclusive range and “[” and “]” for inclusive range where (2,4] means greater than two less than or equal to four
    not equal

    Excludes issues specified by the string by preceding the string with an exclamation character (!) Example: file:!Main.java returns all issues that are not in Main.java

    Note: To see example search strings, click the Syntax Guide link.

    You can further qualify your search terms with modifiers using the syntax modifier:<search_term>. (See Search Modifiers.)

    Note: If an application version is assigned a date-type custom tag, and you want to search for issues based on the date assigned to the issue, you must specify the date in the format
    <DateCustomTag>: yyyy-mm-dd    .

    A search string can contain multiple modifiers and search terms. If you specify more than one modifier, Fortify Software Security Center returns only issues that match all of the modified search terms. For example, file:ApplicationContext.java category:SQL Injection returns only SQL injectionClosedA technique to exploit Web applications that use client-supplied data in SQL queries without first removing potentially harmful characters. The vulnerability allows code injection and exploits a security vulnerability in the database layer of an application. issues found in ApplicationContext.java.

    If you use the same modifier more than once in a search string, then the search terms qualified by those modifiers are treated as an OR comparison. For example, file:ApplicationContext.java category:SQL Injection category:Cross-Site Scripting returns SQL injection issues and cross-site scripting issues found in ApplicationContext.java.

    For complex searches, you can also insert the AND or the OR keyword between your search queries. Note that AND and OR operations have the same priority in searches.

  3. Click Find.

    Fortify Software Security Center lists all issues that match your search string.

  4. To return to the complete issues list, clear the text in the search box.

See Also

Filtering Issues for Display on the OVERVIEW and AUDIT Pages

Search Query Examples

Searching Globally in Fortify Software Security Center