Vulnerability Search
Use the Advanced Search feature in Sonatype IQ Server to locate all application reports that contain a vulnerability.
Example:
vulnerabilityId:CVE-2020-28052This will return all Sonatype Lifecyle application reports that contain the vulnerability.
Component Search
To find reports that were generated before a component vulnerability was discovered search by component coordinates.
Example:
componentCoordinateGroupId:"log4j" componentCoordinateArtifactId:"log4j-core"
REST API Search
You can use REST API's to automate the above searches.
Advanced Search REST API: https://help.sonatype.com/en/advanced-search-rest-api.html
Component search REST API: https://help.sonatype.com/en/component-search-rest-api.html
Tip: Enable Continuous Monitoring
New vulnerabilities are constantly being found. Enabling continuous monitoring to ensure your reports always have the latest data.
https://help.sonatype.com/en/continuous-monitoring.html