Versions Compared

Old Version 4

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated per TFDEV-4253/4524

📙 You will learn

How to begin uploading vulnerability scans.

Prerequisites

Audience: IT Professional, or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: Sample scan file w3af-demo-site.xml(optional)

View file
namew3af-demo-site.xml

Widget Connector
overlayyoutube
_templatecom/atlassian/confluence/extra/widgetconnector/templates/youtube.vm
width400px
urlhttps://www.youtube.com/watch?v=f-5Cwh2Y3Ic
height300px

Upload Scan

  1. Expand the application and click the Upload Scan button to open an Upload Scan dialog. Either drag and drop a scan file into the dialog or click Browse to navigate to the file. A sample scan file, w3af-demo-site.xml, has been provided.

  2. Alternately, click on the application's link to navigate to its Application Details page and either drag and drop a scan file into it or click the Action button and select Upload Scan to open the same dialog shown below.


    Note the Upload Scan pop-up below:

    Image Removed


    image-20240426-212820.pngImage Added

    Note if ThreadFix is under maintenance, scans will not be able to be uploaded until the maintenance period has concluded.

    image-20240426-213437.pngImage Added

    Once maintenance is complete, a notification will appear at the top of the screen.
    image-20240429-182451.pngImage Added

Below are the current allowed file types that can be uploaded as scans:

  • .csv

  • .digest

  • .fpr - Note: any .fpr file containing a non-allowed file type will be rejected

  • .json

  • .nessus

  • .ozasmt

  • .xml

Multiple Scan Upload

Users can upload more than one scan file at a time into ThreadFix by dragging them into the Application Details page or the Upload Scan dialog. ThreadFix will ask the user to choose between uploading them as a single scan (combining all of the scans' findings into a single scan) or as multiple scans. Note the example use cases for each option below:

  • Single scan: If an application was scanned in parts (e.g., microservices) by the same scanning tool, the user can upload all of the scans encompassing the entire application as a single scan. Note that all subsequent uploads will need to include the newest available scan for all of the parts, whether they've all been re-scanned or not.

  • Multiple scans: If a single application was scanned by more than one scanning tool, the user can upload all of the scans as multiple scans, which will result in ThreadFix aggregating and/or merging the findings from all of the scans.

Scan Queue

The uploaded scan will be put into a queue. Progress can be checked from the Application Details page by clicking on the application.

  1. A banner at the top will indicate that changes are pending. Clicking the banner will expand it to show the scan upload being executed. When complete, the banner at the top will indicate as such.

  2. Click the banner to refresh the page which will show the result of the uploaded scan.

    Image Removedimage-20240426-213021.pngImage Added

Table of Contents

Table of Contents