diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
index 3575d76e076..31f0b31dd16 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
@@ -51,12 +51,17 @@
 public class CentralSearch {
 
     /**
-     * The URL for the Central service
+     * The URL for the Central service.
      */
     private final String rootURL;
 
     /**
-     * Whether to use the Proxy when making requests
+     * The Central Search Query.
+     */
+    private final String query;
+
+    /**
+     * Whether to use the Proxy when making requests.
      */
     private final boolean useProxy;
 
@@ -84,6 +89,14 @@ public CentralSearch(Settings settings) throws MalformedURLException {
             throw new MalformedURLException(String.format("The configured central analyzer URL is invalid: %s", searchUrl));
         }
         this.rootURL = searchUrl;
+        final String queryStr = settings.getString(Settings.KEYS.ANALYZER_CENTRAL_QUERY);
+        LOGGER.debug("Central Search Query: {}", queryStr);
+        if (!queryStr.matches("^%s.*%s.*$")) {
+            final String msg = String.format("The configured central analyzer query parameter is invalid (it must have two %%s): %s", queryStr);
+            throw new MalformedURLException(msg);
+        }
+        this.query = queryStr;
+        LOGGER.debug("Central Search Full URL: {}", String.format(query, rootURL, "[SHA1]"));
         if (null != settings.getString(Settings.KEYS.PROXY_SERVER)) {
             useProxy = true;
             LOGGER.debug("Using proxy");
@@ -94,7 +107,7 @@ public CentralSearch(Settings settings) throws MalformedURLException {
     }
 
     /**
-     * Searches the configured Central URL for the given sha1 hash. If the
+     * Searches the configured Central URL for the given SHA1 hash. If the
      * artifact is found, a <code>MavenArtifact</code> is populated with the
      * GAV.
      *
@@ -108,7 +121,7 @@ public List<MavenArtifact> searchSha1(String sha1) throws IOException {
             throw new IllegalArgumentException("Invalid SHA1 format");
         }
         List<MavenArtifact> result = null;
-        final URL url = new URL(String.format("%s?q=1:%%22%s%%22&wt=xml", rootURL, sha1));
+        final URL url = new URL(String.format(query, rootURL, sha1));
 
         LOGGER.debug("Searching Central url {}", url);
 
@@ -184,10 +197,10 @@ public List<MavenArtifact> searchSha1(String sha1) throws IOException {
     }
 
     /**
-     * Tests to determine if the gien URL is <b>invalid</b>.
+     * Tests to determine if the given URL is <b>invalid</b>.
      *
-     * @param url the url to evaluate
-     * @return true if the url is malformed; otherwise false
+     * @param url the URL to evaluate
+     * @return true if the URL is malformed; otherwise false
      */
     private boolean isInvalidURL(String url) {
         try {
diff --git a/dependency-check-core/src/main/resources/dependencycheck.properties b/dependency-check-core/src/main/resources/dependencycheck.properties
index 4a88ed96258..0a6053d365d 100644
--- a/dependency-check-core/src/main/resources/dependencycheck.properties
+++ b/dependency-check-core/src/main/resources/dependencycheck.properties
@@ -77,6 +77,9 @@ analyzer.nexus.proxy=true
 # the URL for searching search.maven.org for SHA-1 and whether it's enabled
 analyzer.central.enabled=true
 analyzer.central.url=https://search.maven.org/solrsearch/select
+# Note - the central query is used in a String.format(query, url, sha1)).
+# As such, it must have two %s and any other % must be escapped by doubling it
+analyzer.central.query=%s?q=1:%%22%s%%22&wt=xml
 
 # the URL for searching api.nodesecurity.io
 analyzer.nsp.url=https://api.nodesecurity.io/check
diff --git a/dependency-check-core/src/test/resources/dependencycheck.properties b/dependency-check-core/src/test/resources/dependencycheck.properties
index e64ebe81a52..94a2cdd2545 100644
--- a/dependency-check-core/src/test/resources/dependencycheck.properties
+++ b/dependency-check-core/src/test/resources/dependencycheck.properties
@@ -72,6 +72,9 @@ analyzer.nexus.proxy=true
 # the URL for searching search.maven.org for SHA-1 and whether it's enabled
 analyzer.central.enabled=true
 analyzer.central.url=https://search.maven.org/solrsearch/select
+# Note - the central query is used in a String.format(query, url, sha1)).
+# As such, it must have two %s and any other % must be escapped by doubling it
+analyzer.central.query=%s?q=1:%%22%s%%22&wt=xml
 
 # the URL for searching api.nodesecurity.io
 analyzer.nsp.url=https://api.nodesecurity.io/check
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 9e1392c4b46..dff45002713 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -348,6 +348,10 @@ public static final class KEYS {
          * The properties key for the Central search URL.
          */
         public static final String ANALYZER_CENTRAL_URL = "analyzer.central.url";
+        /**
+         * The properties key for the Central search query.
+         */
+        public static final String ANALYZER_CENTRAL_QUERY = "analyzer.central.query";
         /**
          * The path to mono, if available.
          */