Search

Several of the Trustification services give you the ability to search for documents by using a simple query language. Trustification uses the sikula simple query language, which is similar to the query language used when searching GitHub issues.

The Single Pane of Glass user interface

The Single Pane of Glass (SPoG) UI is where you can search for vulnerability information in advisories, or packages. You can also search for Common Vulnerability Exposure (CVE) information. If you have an Software Bill of Materials (SBOM) for your application, you can use the SPoG UI to scan your SBOM for vulnerability information within your application stack.

You can start searching at trustification.dev. From the Advisories page, try searching by typing openssl in the search field, and you can see the results. You can also refine your search criteria by filtering based on the Severity, and by Products.

Trustification REST APIs

Trustification has two REST APIs that you can use for searching. They differ in what kind of data they search for, and the qualifiers they permit:

Bombastic - This API searches SBOM data.
Vexination - This API searches VEX data.

Search syntax

Referencing fields in the query string depends on the search source. You can use free-form text query to do searches in the default fields as set by the search index. When specifying multiple terms a logical AND applies.

Logical operators

You can use the following logical operators:

Operator

Example

id:foo OR this in:that

AND

id:foo AND date:>2020-01-01

NOT

id:foo NOT type:oci

Qualifiers

Using qualifiers, you can search on a particular field such as title. See the bombastic or vexination list of qualifiers you can use.

A qualifer can have four different types of matching. Which matching type depends on the qualifier, but the possible types are:

Exact - Has an exact value.
Partial - Prefix matching of a value.
Term - Inverse index, also known as text matching.
Range - Matches within a range of values

You can use ranges for the date fields. For example, release:2022-01-01..2022-12-31.

If the search term has a reserved character, such as :, you can add quotes.

When making Trustification REST API calls, verify your query is properly URL-encoded.

Predicates

If defined, an index can define a set of short-hand predicates that you can use in the form of is:<predicate>. Such as qualifiers, the possible predicates depend on the Trustification service.