Filtering Submissions

You can use filters to view submissions that match a particular set of criteria. For example, you can query submissions that you may need to follow up on, such as ones that still need to be reviewed or fixed.

Filter Options: You can use the filter options on both the Submissions and Insights pages.

Filter Keys

Filter keys narrow your submissions down to a specific set of results.

The following filter keys and possible values are available.

Key Value Description
assignee me, none, or any email of a User on the program Matches on a User’s email who has permissions on the program.
duplicate true or false Matches based on whether the submission is a duplicate of another submission or not.
payments none or present Matches if there is any payment on a submission.
state new, triaged, wont-fix, not-applicable, not-reproducible, out-of-scope, unresolved, and resolved Matches on submission state. Supports negative search.
sort payment, points, severity, submitted, or updated Appends -asc or -desc depending on how you want it to be sorted.
severity 1-5, none, or present Matches the severity assigned to the submission. Supports negative search.
source api, csv, email, external_form, platform, or qualys Matches the origin of the submission. Supports negative search.
target none Matches on the target name. Supports negative search.
target-type android, api, hardware, ios, iot, other, or website Matches the target type. Supports negative search.
researcher   Returns submissions based on the researcher’s username who submitted them. Supports negative search.
submitted YYYY-MM-DD, < YYYY-MM-DD, or >YYYY-MM-DD Returns submissions that were submitted during the specified date range. Click the calendar icon to select the required date range. For information about the calendar icon, see search submissions for date range.
points none or present Return submissions that have been awarded points or not.
blocked-by none, present, bugcrowd-operations, customer, researcher Return submissions that are currently blocked and need additional action from a specific user.
custom-fields none or present Return custom fields that have values entered or not. This filter option is available only if you have defined at least one custom label in Settings > Fields and Settings > Data Fields. For information about defining the custom labels, see additional fields.
disclosure-request none, approved, cancelled, denied, draft, requested Return disclosure request fields from different action states
vrt application-level-denial-of-service-(dos), application-level-denial-of-service-(dos)/app-crash, application-level-denial-of-service-(dos)/critical-impact-and-or-easy-difficulty, application-level-denial-of-service-(dos)/high-impact-and-or-medium-difficulty, broken-access-contro-(bac), broken-access-contro-(bac)/exposed-sensitive-android-content, broken-access-contro-(bac)/exposed-sensitive-android-content, broken-access-contro-(bac)/insecure-direct-object-references-(idor), broken-access-contro-(bac)/server-side-request-forgery-(ssrf), broken-access-contro-(bac)/username-enumeration, broken-authetication-and-session-management, broken-authentication-and-session-management/authentication-bypass Matches the VRT category or subcategory. For information about VRT classifications, see https://bugcrowd.com/vulnerability-rating-taxonomy.

Filter Syntax

To create a query, you need to use the following syntax: <filter key>:<value>. Make sure you include a colon after the filter key and do not include any spaces between the filter key and value.

You can enter multiple filter key/value pairs in the query, such as: state:unresolved severity:1. By default, the query includes sort:submitted-desc, which sorts your submissions in descending order based on the dates they were submitted. You can remove or replace this filter key/value.

Filter Logic

There is an AND operator between unique filter keys; however, multiple instances of the same filter key use the OR operator. For example, state:unresolved severity:1 returns all P1 submissions that have been triaged but have not been fixed. The query state:unresolved severity:1 severity:2 returns all P1 and P2 submissions that have been triaged but have not fixed.

Certain filters allow negative search, which allows you to find values that do not meet the specified value. You can think of a negative search like a deny list. To perform a negative search, add a - before the key, like -state:triaged.

You can perform a negative search with the following filter keys: state, program, and target.

Building a Query

To help you build a submissions query, a list of available filter keys will appear when you click in the search field. After you select a filter key, the search field will show you possible values based on what you’ve selected.

building-query

Remember, you can use as many key/value combinations you need, and there is an AND operator between unique filter keys and an OR operator between multiple instances of the same filter key. As you add filter key/value pairs to the query, the results automatically refresh to show you the latest results.

If you input an invalid filter key or query, no submissions will be returned. Please review your queries for any errors if the results do not show the submissions you expect to see.

Using Multiple “Sort” Queries

The tokenized search bar allows for multiple sorting criteria. Sorting parameters will be applied to search results in the order they are declared in tokens. Below an example sorted first by priority and second by old to new:

sort-queries

Preset Queries

There are preset queries available that let you quickly find submissions that are new, need to be reviewed, need to be fixed, or have been fixed. Click on the filter and the query will display in the search field.

preset-queries

The following preset queries are available:

Query Filters Description
Processing state:new Finds new submissions that need to be reviewed.
Blocked blocked-by:customer Shows submissions that are blocked by the customer and are waiting for information from Bugcrowd’s ASEs or researchers.
To review state:triaged Returns submissions that have been triaged and need to be accepted or rejected.
To fix state:unresolved Shows submissions that are valid and need to be resolved.
Fixed state:resolved Looks for submissions that have been fixed and may need to be retested by the researcher.

Search Submissions for Date Range

Filtering based on submitted date: While other date filters are available within submission filtering, only filtering by a submission’s submitted date is available through the calendar icon.

To specify a date range:

  1. Click the calendar icon. The calendar for two consecutive months is displayed at a time. You can use both or one calendar to specify a date range as per your requirement.”
  2. In the first calendar, change the year, select the month, and select a date to indicate the start date (example, July 25, 2019).
  3. In the second calendar, the consecutive month is displayed. For example, in the first calendar if month and year is July 2019, then in the second calendar the month and year is August 2019. Change the year, select a month, and select a date to indicate the end date (example, September 18, 2019. You can also move the month and year using the back arrow and forward arrow icons.

    When you select the end date, the calendar closes and the selected date range is displayed in the filter box. The submissions submitted for this date range are displayed.

    calendar

    Click ? icon at the bottom right corner of the calendar to view the following information about the keyboard shortcut keys, which you can use to specify the date range.

    Keyboard Shortcut Key Description
    Select the date in focus.
    ←/→ Move backward (left) and forward (right) by one day.
    ↑/↓ Move backward (up) and forward (down) by one week.
    PgUp/PgDn Switch months.
    Home/End Go to the first or last day of a week.
    Esc Return to the date input field.

Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management