As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

📙 You will learn

How to begin uploading vulnerability scans.

Prerequisites

Audience: IT Professional, or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: Sample scan file w3af-demo-site.xml (optional)

Upload Scan

  1. Expand the application and click the Upload Scan button to open an Upload Scan dialog. Either drag and drop a scan file into the dialog or click Browse to navigate to the file. A sample scan file, w3af-demo-site.xml, has been provided.

  2. Alternately, click on the application's link to navigate to its Application Details page and either drag and drop a scan file into it or click the Action button and select Upload Scan to open the same dialog shown below.


    Note the Upload Scan pop-up below:

Multiple Scan Upload

Users can upload more than one scan file at a time into ThreadFix by dragging them into the Application Details page or the Upload Scan dialog. ThreadFix will ask the user to choose between uploading them as a single scan (combining all of the scans' findings into a single scan) or as multiple scans. Note the example use cases for each option below:

  • Single scan: If an application was scanned in parts (e.g., microservices) by the same scanning tool, the user can upload all of the scans encompassing the entire application as a single scan. Note that all subsequent uploads will need to include the newest available scan for all of the parts, whether they've all been re-scanned or not.

  • Multiple scans: If a single application was scanned by more than one scanning tool, the user can upload all of the scans as multiple scans, which will result in ThreadFix aggregating and/or merging the findings from all of the scans.

Scan Queue

The uploaded scan will be put into a queue. Progress can be checked from the Application Details page by clicking on the application.

  1. A banner at the top will indicate that changes are pending. Clicking the banner will expand it to show the scan upload being executed. When complete, the banner at the top will indicate as such.

  2. Click the banner to refresh the page which will show the result of the uploaded scan.


Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.