Query: flexSearchFindings
Queries for Findings using FlexSearch.
Return Type
Related Types
Related Filters
Args
Name | Type | Description |
---|---|---|
after | String | If this is set to the value of the |
filter | FindingFilter | Renamed to postFilter. Use postFilter instead. |
first | Int | The number of items to include in the result. If omitted, all remaining items will be included (which can cause performance problems on large collections). |
flexSearchExpression | String | |
flexSearchFilter | FindingFlexSearchFilter | |
orderBy | FindingOrderBy | Specifies the how this collection should be sorted. If omitted, the result order is not specified. If cursor-based pagination is used (i.e., the |
postFilter | FindingFilter | Filters that will be applied in memory after the flexSearchFilter. This will not use any indices and will only work if applied on less than 10 000 objects. |
skip | Int | The number of items in the list or collection to skip. Is applied after the |
Properties
Name | Type | Description |
---|---|---|
_affectsMeta | _QueryMeta | The software components affected by this finding |
_commentsMeta | _QueryMeta | The user-added comments for this Finding |
_cursor | String | Provides a value that can be supplied to the |
_cvesMeta | _QueryMeta | CVEs associated with this finding |
_cwesMeta | _QueryMeta | The CWE numbers associated with this flaw. |
_findingLocationsMeta | _QueryMeta | Locations of this Finding. A finding may have multiple files or services associated with it. |
_originalFindingsCommentsMeta | _QueryMeta | The collection comments associated with the original findings that led to the creation of this merged finding |
_originalFindingsFindingLocationsMeta | _QueryMeta | The collection of finding locations associated with the original findings that led to the creation of this merged finding |
_originalFindingsMeta | _QueryMeta | If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents |
_originalFindingsSourcesMeta | _QueryMeta | The collection of test tools associated with original findings that led to the creation of this merged finding |
_originalFindingsStatusesMeta | _QueryMeta | The collection of statuses associated with the original findings that led to the creation of this merged finding |
_patchesMeta | _QueryMeta | All patches for this finding. |
_processingStatusesMeta | _QueryMeta | Any kind of processing currently occurring on this finding |
_propertiesMeta | _QueryMeta | The properties associated with this Finding |
_revision | ID | An identifier that is updated automatically on each update of this root entity (but not on relation changes) |
_statusesMeta | _QueryMeta | All status changes associated with this Finding. |
_tagsMeta | _QueryMeta | User-assigned tags used to arbitrarily group or classify related findings. |
_uniqueComponentsMeta | _QueryMeta | The collection of unique software components associated with this finding |
active | Boolean | Denotes if this flaw is active or not. |
affectedReferenceIds | [String] | An optional list of reference IDs of components that this finding affects. This is used to link findings to components when the components are not fully specified within the same document. For example, if a pure CycloneDX VDR document is parsed then this field should contain the bom-refs of the components that this finding affects, letting the finding be linked to the appropriate component at a later time when the corresponding CycloneDX SBOM document is uploaded. |
affects | [SoftwareComponentInstance] | The software components affected by this finding |
alternateTerms | [String] | Alternate terms that are used to describe the finding, e.g. "RIPPLE 20" for CVE-2020-11896 |
assetVersion | AssetVersion | The asset version this finding is associated with |
assetVersionRefId | ID | The asset version id this finding is associated with |
category | FindingCategory | The applicable category for this finding |
comments | [FindingComment] | The user-added comments for this Finding |
confidence | FindingConfidence | The confidence that this finding is correct as specified by the tool that created the finding information |
createdAt | DateTime | The instant this object has been created |
createdByCveUpdateJobRefId | ID | If the finding was created by a CVE update job, this is the reference ID for the job's summary document |
ctx | RelationEntityCtx | Context contains fields that are accessible to the permissions profile. This is an internal field related to user permissions. |
currentStatus | FindingStatus | The current status of this Finding. |
cves | [Cve] | CVEs associated with this finding |
cvssScore | Float | The CVSS base score. This is a number between 0.0 and 10.0. |
cvssSeverity | FindingSeverity | The CVSS base severity. This has a value of either 'None (N)', 'Low (L)', 'Medium (M)', 'High (H)', or 'Critical (C)'. |
cwes | [Cwe] | The CWE numbers associated with this flaw. |
date | DateTime | The date the finding was first discovered |
dedupeHash | String | A hash over a configurable set of fields that is used for findings deduplication. |
deletedAt | DateTime | Timestamp of when this finding was deleted |
description | String | Extended description of the finding. May contain Markdown. |
externalReferences | [String] | External references to this particular Finding |
falsePositive | Boolean | Denotes if this flaw has been deemed a false positive by the tester. |
findingClass | FindingClass | The class of the finding (e.g. information vs. weakness vs. vulnerability) |
findingLocations | [FindingLocation] | Locations of this Finding. A finding may have multiple files or services associated with it. |
id | ID | An auto-generated string that identifies this root entity uniquely among others of the same type |
impact | String | Text describing the impact this flaw has on systems, products, enterprise, etc. |
linkedFindingHash | String | A hash represents the identical findings in other AssetVersions. This is used for linked issues across builds/versions. |
linkedFindingRefIds | [String] | Identical findings in other AssetVersions. This is used for linked issues across builds/versions. |
mergedFinding | Finding | If populated, this field points to the 'merged Finding' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding. |
mergedFindingRefId | ID | If populated, this field points to the 'merged Finding ID' that represents this finding. This field is only populated if this finding is a 'merged finding'. For example, multiple security scanners may find the same issue in an Artifact. In this case, the findings from each scanner would be merged into a single finding. |
mitigation | String | Text describing how to best fix the flaw. May contain Markdown. |
numAffected | Int | Number of SoftwareComponentInstances this Finding affects |
numOccurences | Int | Number of occurrences in the source tool when several vulnerabilities were found and aggregated by the scanner. |
origin | FindingOrigin | The origin of this finding (e.g. a security scanner, user-added, generated from an automated or user merge, found by FiniteState, etc.) |
originalFindings | [Finding] | If this Finding is a 'merged finding', this list contains the underlying findings that this finding represents |
originalFindingsComments | [FindingComment] | The collection comments associated with the original findings that led to the creation of this merged finding |
originalFindingsFindingLocations | [FindingLocation] | The collection of finding locations associated with the original findings that led to the creation of this merged finding |
originalFindingsSources | [TestingTool] | The collection of test tools associated with original findings that led to the creation of this merged finding |
originalFindingsStatuses | [FindingStatus] | The collection of statuses associated with the original findings that led to the creation of this merged finding |
outOfScope | Boolean | Denotes if this flaw falls outside the scope of the test. |
patches | [Patch] | All patches for this finding. |
processingStatuses | [ProcessingStatus] | Any kind of processing currently occurring on this finding |
properties | [KeyValuePair] | The properties associated with this Finding |
regression | Boolean | If this finding had been fixed in a previous version but has regressed in this version, this field will be set to true. |
remediationGuidance | String | Text describing how to fix the flaw. May contain Markdown. |
riskAccepted | Boolean | Denotes if this finding has been marked as an accepted risk. |
riskScore | Float | The risk associated with this Finding as determined by the CVE exploitability score or CWSS score |
severity | FindingSeverity | Severity ranking of the finding |
severityJustification | String | Text describing why a certain severity was associated with this flaw. |
sourceTypes | [FindingSourceType] | Source of the Finding -- this list can expand over time. |
statuses | [FindingStatus] | All status changes associated with this Finding. |
stepsToReproduce | String | Text describing the steps that must be followed in order to reproduce the flaw. |
subcategory | FindingSubcategory | The applicable subcategory for this finding |
summary | String | Summary description of the finding |
tags | [Tag] | User-assigned tags used to arbitrarily group or classify related findings. |
test | Test | The test that this finding was generated from. |
title | String | A short title or description of the finding |
toolReference | String | URL to link back to the finding in the original tool |
uniqueComponents | [SoftwareComponent] | The collection of unique software components associated with this finding |
uniqueIdFromTool | String | The original unique id of the finding from the imported Test information |
updatedAt | DateTime | The instant this object has been updated the last time (not including relation updates) |
verified | Boolean | Denotes if this flaw has been manually verified by the tester. |
vulnIdFromTool | String | The original non-unique id of the finding from the imported Test information. This ID may be a CVE id, or specific to the tool, such or SNYK id. |
vulnerabilityContext | VulnerabilityContext | Vulnerability Context contains all of the data related to the inherent severity of the vulnerability |
vulnerabilityIds | [String] | Vulnerability IDs associated with this test record (such as CVE-2022-1234). These IDs are typically not unique to the tool. |
This page was generated: 2024-11-06