This table defines the available fields for building policy conditions when you select Finding Type option.
Pretty Name (FIELD_PRETTY_NAME)
Field Name (SEARCH_FIELD)
Data Type (DATA_TYPE)
Allowed SEARCH_TYPE Values
Possible SEARCH_VALUE
Description
Relevant Finding Types
Relevant For (code/image/both)
Affected Software
Affected Software
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters findings based on the specific software components impacted by a vulnerability (for example, OpenSSL)
VULNERABILITY
image
AppSec Rule
AppSec Rule
ENUM
EQ, NEQ
Dynamic (loaded from detection rules)
Filters findings generated by a specific AppSec detection rule
SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT
code
AppSec Rule Category
AppSec Rule Category
ENUM
EQ, NEQ
Dynamic (loaded from detection rules)
Filters based on the category of findings generated by the rule
SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT
code
AppSec Rule Label
AppSec Rule Label
ARRAY
EQ, NEQ
Dynamic (loaded from detection rules)
Filters findings based on labels attached to the matched AppSec rules, allowing you to filter and select multiple rules at once
SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT
code
Backlog Status
Backlog Status
ENUM
EQ, NEQ
Backlog, New
Indicates whether a finding is part of the security technical debt or newly introduced
VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, DRIFT
code
Base Image Vulnerability
Base Image Vulnerability
BOOLEAN
EQ, NEQ
true, false
Identifies whether a vulnerability was inherited from the base image (True) or introduced by application layers
VULNERABILITY
image
Compliance Controls
Compliance Controls
ENUM
CONTAINS, NCONTAINS
Dynamic (loaded from compliance rules)
Specific security controls related to the finding within a compliance standard (for example, "Encryption at Rest")
IAC_MISCONFIGURATION, CICD_RISKS
code
Compliance Standards
Compliance Standards
ENUM
CONTAINS, NCONTAINS
Dynamic (loaded from compliance rules)
Filters findings based on specific regulatory frameworks like PCI-DSS, SOC2, or HIPAA
IAC_MISCONFIGURATION, CICD_RISKS
code
CVE Description
CVE Description
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters findings by searching for specific keywords within the official vulnerability summary (for example, "buffer overflow")
VULNERABILITY
both
CVE Fix Available Date
CVE Fix Available Date
TIMESTAMP
EQ, NEQ, LT, LTE, GT, GTE, RELATIVE_TIMESTAMP
Timestamp / relative timestamp
Filters based on the date a fix or patch was first released for the vulnerability
VULNERABILITY
both
CVE ID
CVE ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example CVE-2021-44228)
Filters by the unique Common Vulnerabilities and Exposures identifier (for example, CVE-2021-44228)
VULNERABILITY
both
CVE Publish Date
CVE Publish Date
TIMESTAMP
EQ, NEQ, LT, LTE, GT, GTE, RELATIVE_TIMESTAMP
Timestamp / relative timestamp
Filters based on the date the vulnerability was officially added to the CVE registry
VULNERABILITY
both
CVE Risk Factors
CVE Risk Factors
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Critical severity, High severity, Medium severity, Has fix, Remote execution, DoS - Low, DoS - High, Recent vulnerability, Exploit exists - in the wild, Exploit exists - POC, Attack complexity: low, Attack vector: network
Targets specific characteristics of a vulnerability's impact or ease of use (for example, Remote Execution, DoS - High)
VULNERABILITY
both
CVSS
CVSS
FLOAT
EQ, NEQ, LT, LTE, GT, GTE
Numeric 0.0–10.0
Filters findings based on their numerical CVSS score, typically ranging from 0.0 to 10.0
VULNERABILITY
both
CVSS Severity
CVSS Severity
FLOAT
EQ, NEQ, LT, LTE, GT, GTE
Numeric
Filters by the CVSS impact level, often derived from a numerical score
VULNERABILITY
both
CWE ID
CWE ID
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Free STRING (for example, CWE-79, CWE-89)
Filters by the specific Common Weakness Enumeration identifier
CODE_WEAKNESS
code
Deprecated
Deprecated
BOOLEAN
EQ, NEQ
true (Yes), false (No)
Whether the package is officially deprecated
OPERATIONAL_RISK
code
Detection Method
Detection Method
ENUM
EQ, NEQ
Dynamic
Filters findings based on the specific scanning engine or technique used to identify them
SECRETS, MALWARE
image
EPSS
EPSS
FLOAT
EQ, NEQ, LT, LTE, GT, GTE
Numeric 0.0–1.0
Filters based on the Exploit Prediction Scoring System probability score, estimating the likelihood of exploitation in the next 30 days
VULNERABILITY
both
Exploit Level
Exploit Level
ENUM
EQ, NEQ
Dynamic
Filters findings based on the maturity and availability of exploit code (for example, None, Proof of Concept, Weaponized)
VULNERABILITY
both
Exploitable
Exploitable
BOOLEAN
EQ, NEQ
true, false
Filters for vulnerabilities with known, documented exploits available in the wild
VULNERABILITY
both
File Group ID
File Group ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, 1001)
Filters by the numeric Group ID (GID) assigned to the file
SECRETS, MALWARE
image
File Group Name
File Group Name
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, sudo, docker, users)
Filters by the name of the primary group assigned to the file
SECRETS, MALWARE
image
File Line
File Line
INT
EQ, NEQ, LT, LTE, GT, GTE
Numeric
Identifies the specific line number within a file where the finding was detected
SECRETS, MALWARE
image
File Name
File Name
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters by the specific name of a file discovered in a scan (for example, id_rsa, passwd)
SECRETS, MALWARE
image
File Owner ID
File Owner ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, 0 for root)
Filters by the numeric User ID (UID) of the file owner
SECRETS, MALWARE
image
File Owner Name
File Owner Name
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, root, admin, www-data)
Filters by the username of the account that owns the file
SECRETS, MALWARE
image
File Path
File Path
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Targets specific files or directories within a container image filesystem
VULNERABILITY, SECRETS, MALWARE
image
File Permissions - group
File Permissions - group
STRING
EQ, NEQ
Free STRING (for example, r, rw, rwx)
Filters by the access rights granted to members of the file's assigned group
SECRETS, MALWARE
image
File Permissions - others
File Permissions - others
STRING
EQ, NEQ
Free STRING (for example, rw)
Filters by World permissions — access granted to any user on the system
SECRETS, MALWARE
image
File Permissions - owner
File Permissions - owner
STRING
EQ, NEQ
Free STRING (for example, rwx, rw, r)
Filters by the access rights granted to the file's owner
SECRETS, MALWARE
image
File SHA256
File SHA256
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (SHA-256 hash)
Filters findings by the file's unique cryptographic hash
MALWARE
image
File Size
File Size
INT
EQ, NEQ, LT, LTE, GT, GTE
Numeric
Filters based on the total data size of the file
SECRETS, MALWARE
image
Finding Category
Finding Category
ENUM
EQ, NEQ
Configuration, Vulnerability, Malware, Identity, Data, Code, Posture, Brand Protection
The category of detected security findings. A category can include multiple finding types
VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, MALWARE
both
Finding ID
Finding ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters by a specific, unique finding identifier
MALWARE
image
Finding Type
Finding Type
ENUM
EQ
CICD_RISKS, VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, MALWARE, DRIFT
The type of the detected security finding
All
both
Fix Versions
Fix Versions
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Free STRING (for example, 1.2.4, 2.0.1)
Identifies the specific version(s) where the vulnerability has been patched
VULNERABILITY
both
Grace Period
Grace Period
INT
EQ
Numeric (days)
The number of days a finding is allowed to exist before blocking PRs or builds. Calculated from Fix Date or Publish Date
VULNERABILITY
both
Has A Fix
Has A Fix
BOOLEAN
EQ, NEQ
true (Yes), false (No)
Filter findings with a documented resolution or patch available
VULNERABILITY
both
Has An Automated Fix
Has An Automated Fix
BOOLEAN
EQ, NEQ
true (Yes), false (No)
Identifies findings that can be resolved automatically via a generated Pull Request or automated patch
IAC_MISCONFIGURATION
code
Iac Tag
Iac Tag
JSON
JSON_WILDCARD, JSON_WILDCARD_NOT
JSON key-value (for example, {"key": "Environment", "value": "Production"})
Filters IaC resources based on metadata tags (for example, Environment: Production, Owner: DevOps)
IAC_MISCONFIGURATION, DRIFT
code
Image Provider
Image Provider
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, Docker Hub, JFrog Artifactory, AWS ECR)
Identifies the source or registry where the package was retrieved
VULNERABILITY
image
Is AI/ML
Is AI/ML
BOOLEAN
EQ, NEQ
true, false
Identifies libraries and frameworks associated with AI and Machine Learning (for example, PyTorch, TensorFlow)
VULNERABILITY
code
Is derived
Is derived
BOOLEAN
EQ, NEQ
true, false
Whether the vulnerability is derived
VULNERABILITY
image
Is Kev
Is Kev
BOOLEAN
EQ, NEQ
true (Yes), false (No)
Filters for vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog
VULNERABILITY
both
Is Root
Is Root
BOOLEAN
EQ, NEQ
true, false
Whether the vulnerability is in the root layer
VULNERABILITY
image
Language
Language
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, Java, Python, Go, JavaScript)
Filters findings based on the programming language where the issue was detected
CODE_WEAKNESS
code
Layer ID
Layer ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (SHA-256 hash)
Filters findings based on the specific filesystem layer of a container image
VULNERABILITY
image
License Category
License Category
ENUM
EQ, NEQ
Weak copyleft, Strong copyleft, Non permissive
Groups packages by their legal risk or permission category
LICENSES
code
License Type
License Type
ENUM
EQ, NEQ
Artistic-1.0, Artistic-2.0, APSL, AGPL-1.0, AGPL-3.0, GPL-2.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, MPL-1.1, MPL-2.0, EPL-1.0, EPL-2.0, CDDL-1.0, BUSL-1.1, MS-RL, OSL-3.0, CC-BY-SA-4.0, and more
Filters by the specific name of the legal license assigned to a package
LICENSES
code
Maintained
Maintained
ENUM
EQ, NEQ
Infrequently Maintained, Moderately Maintained, Frequently Maintained
Package maintenance activity level
OPERATIONAL_RISK
code
Malware Verdict
Malware Verdict
ENUM
EQ, NEQ
Malware, Grayware
Indicates whether detected software is confirmed malicious (Malware) or potentially unwanted (Grayware)
MALWARE
image
Operating System
Operating System
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, Linux, Windows)
The broad name of the OS
VULNERABILITY
image
Operating System Distribution
Operating System Distribution
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, Ubuntu, RedHat, Debian)
The specific flavor of the OS
VULNERABILITY
image
Operating System Distro Release
Operating System Distro Release
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, 22.04, 8.5)
The specific version or point release of the distribution
VULNERABILITY
image
Operating System Family
Operating System Family
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, Debian-based, RHEL-based)
Groups OS versions by their common ancestry
VULNERABILITY
image
OWASP Category
OWASP Category
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Free STRING (for example, A01:2021-Broken Access Control)
Maps findings to the OWASP Top 10 web application security risks
CODE_WEAKNESS
code
Package Dependency
Package Dependency
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Allows filtering by the relationship of a package — whether it is a direct dependency or a transitive (indirect) one
VULNERABILITY
code
Package Deprecated
Package Deprecated
BOOLEAN
EQ, NEQ
true (Yes), false (No)
Filters for packages officially marked as deprecated or end-of-life by their maintainers
VULNERABILITY, LICENSES
code
Package File Creation Time
Package File Creation Time
TIMESTAMP
EQ, NEQ, LT, LTE, GT, GTE
Timestamp
Filters based on when the package file was first generated or built
VULNERABILITY
image
Package Licenses
Package Licenses
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Free STRING (for example, MIT, Apache 2.0)
Filters by the specific legal license assigned to a package
VULNERABILITY
image
Package Maintained
Package Maintained
ENUM
EQ, NEQ
Infrequently Maintained, Moderately Maintained, Frequently Maintained
Filters based on the activity level of the package's repository
VULNERABILITY, LICENSES
code
Package Name
Package Name
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, openssl, lodash, log4j-core)
Filters by the name of the specific library or software component
VULNERABILITY, LICENSES, OPERATIONAL_RISK
code
Package Operational Risk
Package Operational Risk
ENUM
EQ, NEQ
Low, Medium, High
Evaluates the long-term viability of a package based on community health, update frequency, and maintenance history
VULNERABILITY, LICENSES
code
Package Popularity
Package Popularity
ENUM
EQ, NEQ
Low, Medium, High
Identifies packages based on their adoption metrics. Low popularity can signal higher supply chain risk
VULNERABILITY, LICENSES
code
Package PURL
Package PURL
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, pkg:npm/lodash@4.17.21)
Filters by the Package URL (PURL), a standardized package identifier
VULNERABILITY
image
Package Type
Package Type
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, npm, PyPI, Maven, Go)
The ecosystem the package belongs to
VULNERABILITY
image
Package Version
Package Version
STRING
EQ, NEQ, LT, GT
Free STRING (for example, 1.2.3, <2.0.0)
Targets specific versions or ranges of a software package
VULNERABILITY, LICENSES, OPERATIONAL_RISK
code
PackageName
PackageName
STRING
N/A (hidden)
Free STRING
Package name
VULNERABILITY
both
PackageVersion
PackageVersion
STRING
N/A (hidden)
Free STRING
Package version
VULNERABILITY
both
Platform ID
Platform ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, x86_64, arm64)
Filters by the specific underlying hardware or cloud architecture
VULNERABILITY
image
Popularity
Popularity
ENUM
EQ, NEQ
Low, Medium, High
Package popularity based on adoption metrics
OPERATIONAL_RISK
code
Provider
Provider
ENUM
EQ, NEQ
Gitlab CI, Azure Pipelines, Github Actions, Circle CI, Jenkins
CI/CD provider
CICD_RISKS
code
Remediation
Remediation
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters by the action required to resolve a vulnerability
VULNERABILITY
image
Repository File Path
Repository File Path
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters based on the specific location of a file within your source code repository
VULNERABILITY, SECRETS
code
Respect Developer Suppression
Respect Developer Suppression
ENUM
EQ
true (Yes), false (No)
Determines whether findings suppressed by developers are considered during policy evaluation. Yes: Suppressed findings are excluded. No: All findings are evaluated, including developer-suppressed ones
VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK
code
Risk Factors
Risk Factors
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Targets specific characteristics of a risk impact (for example, CWE Top 25, Found in History, Has a Fix)
VULNERABILITY
code
RiskFactors
RiskFactors
ARRAY
EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
Critical severity, High severity, Medium severity, Has fix, Remote execution, DoS - Low, DoS - High, Recent vulnerability, Exploit exists - in the wild, Exploit exists - POC, Attack complexity: low, Attack vector: network
Risk factors from normalized vulnerability fields
VULNERABILITY
both
Secret Type
Secret Type
ENUM
EQ, NEQ
Dynamic
Filters findings by the category of the exposed secret or the service it belongs to (for example, AWS Access Key, Stripe API Token)
SECRETS, MALWARE
image
Secret Validity
Secret Validity
ENUM
EQ, NEQ
No Validation, Privileged, Valid, Invalid, Unavailable
Filters based on whether the detected secret is still active and usable
SECRETS
code
Severity
Severity
ENUM
EQ, NEQ
Critical, High, Medium, Low
Filters findings by their assigned risk impact level (for example, Critical, High, Medium, or Low)
VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, DRIFT
code
Software Package Name
Software Package Name
STRING
N/A (hidden)
Free STRING
Software package name
OPERATIONAL_RISK
code
Software Package Version
Software Package Version
STRING
N/A (hidden)
Free STRING
Software package version
OPERATIONAL_RISK
code
Source
Source
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING (for example, semgrep, checkmarx)
Identifies the origin tool that reported the finding
CODE_WEAKNESS
code
Type ID
Type ID
STRING
EQ, NEQ, CONTAINS, NCONTAINS
Free STRING
Filters by the unique identifier for a specific category of finding (finding type id)
VULNERABILITY
image
This table defines the available fields for building policy conditions when you select Finding Type option.
| Pretty Name (FIELD_PRETTY_NAME) | Field Name (SEARCH_FIELD) | Data Type (DATA_TYPE) | Allowed SEARCH_TYPE Values | Possible SEARCH_VALUE | Description | Relevant Finding Types | Relevant For (code/image/both) |
|---|---|---|---|---|---|---|---|
| Affected Software | Affected Software | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters findings based on the specific software components impacted by a vulnerability (for example, OpenSSL) | VULNERABILITY | image |
| AppSec Rule | AppSec Rule | ENUM | EQ, NEQ | Dynamic (loaded from detection rules) | Filters findings generated by a specific AppSec detection rule | SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT | code |
| AppSec Rule Category | AppSec Rule Category | ENUM | EQ, NEQ | Dynamic (loaded from detection rules) | Filters based on the category of findings generated by the rule | SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT | code |
| AppSec Rule Label | AppSec Rule Label | ARRAY | EQ, NEQ | Dynamic (loaded from detection rules) | Filters findings based on labels attached to the matched AppSec rules, allowing you to filter and select multiple rules at once | SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, CICD_RISKS, DRIFT | code |
| Backlog Status | Backlog Status | ENUM | EQ, NEQ | Backlog, New | Indicates whether a finding is part of the security technical debt or newly introduced | VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, DRIFT | code |
| Base Image Vulnerability | Base Image Vulnerability | BOOLEAN | EQ, NEQ | true, false | Identifies whether a vulnerability was inherited from the base image (True) or introduced by application layers | VULNERABILITY | image |
| Compliance Controls | Compliance Controls | ENUM | CONTAINS, NCONTAINS | Dynamic (loaded from compliance rules) | Specific security controls related to the finding within a compliance standard (for example, "Encryption at Rest") | IAC_MISCONFIGURATION, CICD_RISKS | code |
| Compliance Standards | Compliance Standards | ENUM | CONTAINS, NCONTAINS | Dynamic (loaded from compliance rules) | Filters findings based on specific regulatory frameworks like PCI-DSS, SOC2, or HIPAA | IAC_MISCONFIGURATION, CICD_RISKS | code |
| CVE Description | CVE Description | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters findings by searching for specific keywords within the official vulnerability summary (for example, "buffer overflow") | VULNERABILITY | both |
| CVE Fix Available Date | CVE Fix Available Date | TIMESTAMP | EQ, NEQ, LT, LTE, GT, GTE, RELATIVE_TIMESTAMP | Timestamp / relative timestamp | Filters based on the date a fix or patch was first released for the vulnerability | VULNERABILITY | both |
| CVE ID | CVE ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example CVE-2021-44228) | Filters by the unique Common Vulnerabilities and Exposures identifier (for example, CVE-2021-44228) | VULNERABILITY | both |
| CVE Publish Date | CVE Publish Date | TIMESTAMP | EQ, NEQ, LT, LTE, GT, GTE, RELATIVE_TIMESTAMP | Timestamp / relative timestamp | Filters based on the date the vulnerability was officially added to the CVE registry | VULNERABILITY | both |
| CVE Risk Factors | CVE Risk Factors | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Critical severity, High severity, Medium severity, Has fix, Remote execution, DoS - Low, DoS - High, Recent vulnerability, Exploit exists - in the wild, Exploit exists - POC, Attack complexity: low, Attack vector: network | Targets specific characteristics of a vulnerability's impact or ease of use (for example, Remote Execution, DoS - High) | VULNERABILITY | both |
| CVSS | CVSS | FLOAT | EQ, NEQ, LT, LTE, GT, GTE | Numeric 0.0–10.0 | Filters findings based on their numerical CVSS score, typically ranging from 0.0 to 10.0 | VULNERABILITY | both |
| CVSS Severity | CVSS Severity | FLOAT | EQ, NEQ, LT, LTE, GT, GTE | Numeric | Filters by the CVSS impact level, often derived from a numerical score | VULNERABILITY | both |
| CWE ID | CWE ID | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Free STRING (for example, CWE-79, CWE-89) | Filters by the specific Common Weakness Enumeration identifier | CODE_WEAKNESS | code |
| Deprecated | Deprecated | BOOLEAN | EQ, NEQ | true (Yes), false (No) | Whether the package is officially deprecated | OPERATIONAL_RISK | code |
| Detection Method | Detection Method | ENUM | EQ, NEQ | Dynamic | Filters findings based on the specific scanning engine or technique used to identify them | SECRETS, MALWARE | image |
| EPSS | EPSS | FLOAT | EQ, NEQ, LT, LTE, GT, GTE | Numeric 0.0–1.0 | Filters based on the Exploit Prediction Scoring System probability score, estimating the likelihood of exploitation in the next 30 days | VULNERABILITY | both |
| Exploit Level | Exploit Level | ENUM | EQ, NEQ | Dynamic | Filters findings based on the maturity and availability of exploit code (for example, None, Proof of Concept, Weaponized) | VULNERABILITY | both |
| Exploitable | Exploitable | BOOLEAN | EQ, NEQ | true, false | Filters for vulnerabilities with known, documented exploits available in the wild | VULNERABILITY | both |
| File Group ID | File Group ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, 1001) | Filters by the numeric Group ID (GID) assigned to the file | SECRETS, MALWARE | image |
| File Group Name | File Group Name | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, sudo, docker, users) | Filters by the name of the primary group assigned to the file | SECRETS, MALWARE | image |
| File Line | File Line | INT | EQ, NEQ, LT, LTE, GT, GTE | Numeric | Identifies the specific line number within a file where the finding was detected | SECRETS, MALWARE | image |
| File Name | File Name | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters by the specific name of a file discovered in a scan (for example, id_rsa, passwd) | SECRETS, MALWARE | image |
| File Owner ID | File Owner ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, 0 for root) | Filters by the numeric User ID (UID) of the file owner | SECRETS, MALWARE | image |
| File Owner Name | File Owner Name | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, root, admin, www-data) | Filters by the username of the account that owns the file | SECRETS, MALWARE | image |
| File Path | File Path | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Targets specific files or directories within a container image filesystem | VULNERABILITY, SECRETS, MALWARE | image |
| File Permissions - group | File Permissions - group | STRING | EQ, NEQ | Free STRING (for example, r, rw, rwx) | Filters by the access rights granted to members of the file's assigned group | SECRETS, MALWARE | image |
| File Permissions - others | File Permissions - others | STRING | EQ, NEQ | Free STRING (for example, rw) | Filters by World permissions — access granted to any user on the system | SECRETS, MALWARE | image |
| File Permissions - owner | File Permissions - owner | STRING | EQ, NEQ | Free STRING (for example, rwx, rw, r) | Filters by the access rights granted to the file's owner | SECRETS, MALWARE | image |
| File SHA256 | File SHA256 | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (SHA-256 hash) | Filters findings by the file's unique cryptographic hash | MALWARE | image |
| File Size | File Size | INT | EQ, NEQ, LT, LTE, GT, GTE | Numeric | Filters based on the total data size of the file | SECRETS, MALWARE | image |
| Finding Category | Finding Category | ENUM | EQ, NEQ | Configuration, Vulnerability, Malware, Identity, Data, Code, Posture, Brand Protection | The category of detected security findings. A category can include multiple finding types | VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, MALWARE | both |
| Finding ID | Finding ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters by a specific, unique finding identifier | MALWARE | image |
| Finding Type | Finding Type | ENUM | EQ | CICD_RISKS, VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, MALWARE, DRIFT | The type of the detected security finding | All | both |
| Fix Versions | Fix Versions | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Free STRING (for example, 1.2.4, 2.0.1) | Identifies the specific version(s) where the vulnerability has been patched | VULNERABILITY | both |
| Grace Period | Grace Period | INT | EQ | Numeric (days) | The number of days a finding is allowed to exist before blocking PRs or builds. Calculated from Fix Date or Publish Date | VULNERABILITY | both |
| Has A Fix | Has A Fix | BOOLEAN | EQ, NEQ | true (Yes), false (No) | Filter findings with a documented resolution or patch available | VULNERABILITY | both |
| Has An Automated Fix | Has An Automated Fix | BOOLEAN | EQ, NEQ | true (Yes), false (No) | Identifies findings that can be resolved automatically via a generated Pull Request or automated patch | IAC_MISCONFIGURATION | code |
| Iac Tag | Iac Tag | JSON | JSON_WILDCARD, JSON_WILDCARD_NOT | JSON key-value (for example, {"key": "Environment", "value": "Production"}) | Filters IaC resources based on metadata tags (for example, Environment: Production, Owner: DevOps) | IAC_MISCONFIGURATION, DRIFT | code |
| Image Provider | Image Provider | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, Docker Hub, JFrog Artifactory, AWS ECR) | Identifies the source or registry where the package was retrieved | VULNERABILITY | image |
| Is AI/ML | Is AI/ML | BOOLEAN | EQ, NEQ | true, false | Identifies libraries and frameworks associated with AI and Machine Learning (for example, PyTorch, TensorFlow) | VULNERABILITY | code |
| Is derived | Is derived | BOOLEAN | EQ, NEQ | true, false | Whether the vulnerability is derived | VULNERABILITY | image |
| Is Kev | Is Kev | BOOLEAN | EQ, NEQ | true (Yes), false (No) | Filters for vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog | VULNERABILITY | both |
| Is Root | Is Root | BOOLEAN | EQ, NEQ | true, false | Whether the vulnerability is in the root layer | VULNERABILITY | image |
| Language | Language | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, Java, Python, Go, JavaScript) | Filters findings based on the programming language where the issue was detected | CODE_WEAKNESS | code |
| Layer ID | Layer ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (SHA-256 hash) | Filters findings based on the specific filesystem layer of a container image | VULNERABILITY | image |
| License Category | License Category | ENUM | EQ, NEQ | Weak copyleft, Strong copyleft, Non permissive | Groups packages by their legal risk or permission category | LICENSES | code |
| License Type | License Type | ENUM | EQ, NEQ | Artistic-1.0, Artistic-2.0, APSL, AGPL-1.0, AGPL-3.0, GPL-2.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, MPL-1.1, MPL-2.0, EPL-1.0, EPL-2.0, CDDL-1.0, BUSL-1.1, MS-RL, OSL-3.0, CC-BY-SA-4.0, and more | Filters by the specific name of the legal license assigned to a package | LICENSES | code |
| Maintained | Maintained | ENUM | EQ, NEQ | Infrequently Maintained, Moderately Maintained, Frequently Maintained | Package maintenance activity level | OPERATIONAL_RISK | code |
| Malware Verdict | Malware Verdict | ENUM | EQ, NEQ | Malware, Grayware | Indicates whether detected software is confirmed malicious (Malware) or potentially unwanted (Grayware) | MALWARE | image |
| Operating System | Operating System | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, Linux, Windows) | The broad name of the OS | VULNERABILITY | image |
| Operating System Distribution | Operating System Distribution | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, Ubuntu, RedHat, Debian) | The specific flavor of the OS | VULNERABILITY | image |
| Operating System Distro Release | Operating System Distro Release | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, 22.04, 8.5) | The specific version or point release of the distribution | VULNERABILITY | image |
| Operating System Family | Operating System Family | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, Debian-based, RHEL-based) | Groups OS versions by their common ancestry | VULNERABILITY | image |
| OWASP Category | OWASP Category | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Free STRING (for example, A01:2021-Broken Access Control) | Maps findings to the OWASP Top 10 web application security risks | CODE_WEAKNESS | code |
| Package Dependency | Package Dependency | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Allows filtering by the relationship of a package — whether it is a direct dependency or a transitive (indirect) one | VULNERABILITY | code |
| Package Deprecated | Package Deprecated | BOOLEAN | EQ, NEQ | true (Yes), false (No) | Filters for packages officially marked as deprecated or end-of-life by their maintainers | VULNERABILITY, LICENSES | code |
| Package File Creation Time | Package File Creation Time | TIMESTAMP | EQ, NEQ, LT, LTE, GT, GTE | Timestamp | Filters based on when the package file was first generated or built | VULNERABILITY | image |
| Package Licenses | Package Licenses | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Free STRING (for example, MIT, Apache 2.0) | Filters by the specific legal license assigned to a package | VULNERABILITY | image |
| Package Maintained | Package Maintained | ENUM | EQ, NEQ | Infrequently Maintained, Moderately Maintained, Frequently Maintained | Filters based on the activity level of the package's repository | VULNERABILITY, LICENSES | code |
| Package Name | Package Name | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, openssl, lodash, log4j-core) | Filters by the name of the specific library or software component | VULNERABILITY, LICENSES, OPERATIONAL_RISK | code |
| Package Operational Risk | Package Operational Risk | ENUM | EQ, NEQ | Low, Medium, High | Evaluates the long-term viability of a package based on community health, update frequency, and maintenance history | VULNERABILITY, LICENSES | code |
| Package Popularity | Package Popularity | ENUM | EQ, NEQ | Low, Medium, High | Identifies packages based on their adoption metrics. Low popularity can signal higher supply chain risk | VULNERABILITY, LICENSES | code |
| Package PURL | Package PURL | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, pkg:npm/lodash@4.17.21) | Filters by the Package URL (PURL), a standardized package identifier | VULNERABILITY | image |
| Package Type | Package Type | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, npm, PyPI, Maven, Go) | The ecosystem the package belongs to | VULNERABILITY | image |
| Package Version | Package Version | STRING | EQ, NEQ, LT, GT | Free STRING (for example, 1.2.3, <2.0.0) | Targets specific versions or ranges of a software package | VULNERABILITY, LICENSES, OPERATIONAL_RISK | code |
| PackageName | PackageName | STRING | N/A (hidden) | Free STRING | Package name | VULNERABILITY | both |
| PackageVersion | PackageVersion | STRING | N/A (hidden) | Free STRING | Package version | VULNERABILITY | both |
| Platform ID | Platform ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, x86_64, arm64) | Filters by the specific underlying hardware or cloud architecture | VULNERABILITY | image |
| Popularity | Popularity | ENUM | EQ, NEQ | Low, Medium, High | Package popularity based on adoption metrics | OPERATIONAL_RISK | code |
| Provider | Provider | ENUM | EQ, NEQ | Gitlab CI, Azure Pipelines, Github Actions, Circle CI, Jenkins | CI/CD provider | CICD_RISKS | code |
| Remediation | Remediation | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters by the action required to resolve a vulnerability | VULNERABILITY | image |
| Repository File Path | Repository File Path | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters based on the specific location of a file within your source code repository | VULNERABILITY, SECRETS | code |
| Respect Developer Suppression | Respect Developer Suppression | ENUM | EQ | true (Yes), false (No) | Determines whether findings suppressed by developers are considered during policy evaluation. Yes: Suppressed findings are excluded. No: All findings are evaluated, including developer-suppressed ones | VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK | code |
| Risk Factors | Risk Factors | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Targets specific characteristics of a risk impact (for example, CWE Top 25, Found in History, Has a Fix) | VULNERABILITY | code |
| RiskFactors | RiskFactors | ARRAY | EQ, NEQ, ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | Critical severity, High severity, Medium severity, Has fix, Remote execution, DoS - Low, DoS - High, Recent vulnerability, Exploit exists - in the wild, Exploit exists - POC, Attack complexity: low, Attack vector: network | Risk factors from normalized vulnerability fields | VULNERABILITY | both |
| Secret Type | Secret Type | ENUM | EQ, NEQ | Dynamic | Filters findings by the category of the exposed secret or the service it belongs to (for example, AWS Access Key, Stripe API Token) | SECRETS, MALWARE | image |
| Secret Validity | Secret Validity | ENUM | EQ, NEQ | No Validation, Privileged, Valid, Invalid, Unavailable | Filters based on whether the detected secret is still active and usable | SECRETS | code |
| Severity | Severity | ENUM | EQ, NEQ | Critical, High, Medium, Low | Filters findings by their assigned risk impact level (for example, Critical, High, Medium, or Low) | VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, CICD_RISKS, DRIFT | code |
| Software Package Name | Software Package Name | STRING | N/A (hidden) | Free STRING | Software package name | OPERATIONAL_RISK | code |
| Software Package Version | Software Package Version | STRING | N/A (hidden) | Free STRING | Software package version | OPERATIONAL_RISK | code |
| Source | Source | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING (for example, semgrep, checkmarx) | Identifies the origin tool that reported the finding | CODE_WEAKNESS | code |
| Type ID | Type ID | STRING | EQ, NEQ, CONTAINS, NCONTAINS | Free STRING | Filters by the unique identifier for a specific category of finding (finding type id) | VULNERABILITY | image |
SEARCH_FIELDstringrequiredDefines the field the condition filter should match. To see which fields are allowed for each type, see the Supported Condition Fields table.
Defines the field the condition filter should match. To see which fields are allowed for each type, see the Supported Condition Fields table.
SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
booleanValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
numberdoubleValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
stringValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
ANDarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
Recursive model
ORarray
Recursive model
ORarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
Recursive model
ORarray
Recursive model
ORarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
Recursive model
ORarray
Recursive model
ORarray
[SEARCH_FIELDstringrequired
SEARCH_TYPEstring (Enum)required
SEARCH_VALUEobjectrequired
boolean
fromnumberdouble
tonumberdouble
keystring
valuestring
numberdouble
string
ANDarray
ORarray
]
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
Example:
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
Allowed values:"ARRAY_CONTAINS""ARRAY_NOT_CONTAINS""CONTAINS""CONTAINS_IN_LIST""EQ""GT""GTE""IN""JSON_WILDCARD""JSON_WILDCARD_NOT""LTE""LT""NCONTAINS""NEQ""NIN""NOT_CONTAINS_IN_LIST""RANGE""RELATIVE_TIMESTAMP""WILDCARD""WILDCARD_NOT""withinGracePeriod"
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
Recursive model
ORarray
Recursive model
scopeobjectDefines the type of assets to be evaluated by the policy (the scope). You can combine multiple conditions to create complex rules for when the policy should be applied.
Note:
- When used in
AND, all conditions within this array must be met.
- When used in
OR, at least one condition within this array must be met.
- Cannot be used if
assetGroupIds are set.
Defines the type of assets to be evaluated by the policy (the scope). You can combine multiple conditions to create complex rules for when the policy should be applied.
Note:
- When used in
AND, all conditions within this array must be met. - When used in
OR, at least one condition within this array must be met. - Cannot be used if
assetGroupIdsare set.