Search Modifiers

You can use a search modifier to specify which attribute of an issue the search term should apply to. To use a modifier that contains a space in the name, such as the name of the custom tag, you must delimit the modifier with brackets. For example, to search for issues that are new, enter [issue age]:new.

A search that you do not qualify using a modifier matches the search string based on the following attributes: kingdom, primary rule id, analyzer, filename, severity, class name, function name, instance id, package, confidence, type, subtype, taint flags, category, sink, and source.

To apply the search to all modifiers, enter a string such as control flow. This searches all modifiers and returns any result that contains the specified string.

To apply the search to a specific modifier, type the modifier name and the string as follows: analyzer:control flow. This returns all results whose analyzer is control flow.

The following table lists the search modifiers. A few of these have a shortened names, which are indicated in parentheses. You can use either modifier string.

Modifier	Description
`[issue age]`	Searches for the issue age, which is `new`, `updated`, `reintroduced`, or `removed`.
`<custom_tagname>`	Searches the specified custom tag. Note that tag names that contain spaces must be delimited by square brackets. Example: `[my tag]:value`
`analysis`	Searches for issues that have the specified audit analysis value (such as `exploitable`, `not an issue`, and so on).
`analyzer`	Searches the issues for the specified analyzer
`audience`	Searches for issues by intended audience. Valid values are `targeted`, `medium`, and `broad`. Note: This metadata is legacy information that is no longer used and will be removed in a future release. Fortify recommends that you not use this search modifier.
`audited`	Searches the issues to find `true` if the primary custom tag is set and `false` if the primary custom tag is not set. The default primary tag is the Analysis tag.
`category` `(cat)`	Searches for the given category or category substring.
`comments` `(comment, com)`	Searches for issues that contain the search term in the comments that have been submitted on the issue.
`commentuser`	Searches for issues with comments from the specified user.
`confidence (con)`	Searches for issues that have the specified confidence value. Fortify Static Code Analyzer calculates the confidence value based on the number of assumptions made in code analysis. The more assumptions made, the lower the confidence value.
[engine priority]	Searches for issues based on the original priority value determined by the engine that identified the issue.
`file`	Searches for issues where the primary location or sink node function call occurs in the specified file.
`[fortify priority order]`	Searches for issues that have a priority level that matches the specified priority. Valid values are `critical`, `high`, `medium`, and `low`.
`historyuser`	Searches for issues that have audit data modified by the specified user.
`kingdom`	Searches for all issues in the specified kingdom.
`maxconf`	Searches for all issues that have a confidence value equal to or less than the number specified as the search term.
`<metadata_listname>`	Searches the specified metadata external list. Metadata external lists include [OWASP Top 10 2013], [SANS Top 25 2011], and [PCI <version>], and others. Square braces delimit field names that include spaces.
`minconf`	Searches for all issues that have a confidence value equal to or greater than the number specified as the search term.
`package`	Searches for issues where the primary location occurs in the specified package or namespace. For dataflow issues, the primary location is the sink function.
`[primary context]`	Searches for issues where the primary location or sink node function call occurs in the specified code context. Also see sink and [source context].
`primaryrule (rule)`	Searches for all issues related to the specified sink rule.
`sink`	Searches for issues that have the specified sink function name. Also see [primary context].
`source`	Searches for dataflow issues that have the specified source function name. Also see [source context].
`[source context]`	Searches for dataflow issues that have the source function call contained in the specified code context Also see source and [primary context].
`sourcefile`	Searches for dataflow issues with the source function call that the specified file contains. Also see file.
`status`	Searches issues that have the status reviewed, not reviewed, or under review.
`suppressed`	Searches for suppressed issues.
`taint`	Searches for issues that have the specified taint flag.

For examples of search queries that use modifiers, see Search Query Examples.

See Also

Searching Issues