As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Frequently Asked Questions

  1. What are the requirements to deploy ThreadFix?

    ThreadFix has varying environment System Recommendations depending on the scale the user intends to deploy in:

  2. How is ThreadFix Installed and how is it upgraded?

  3. Can ThreadFix be scaled up or down after deployment?

    Yes, users can adjust their service’s scale. Note not all services in ThreadFix can be safely scaled, please consult the Configurations and Tuning Guide for more information on what services can be scaled and what values may be appropriate for the user case.

  4. What data needs to be backed-up?

    The only persistent data held by ThreadFix is stored in the database. Consult the "Backup & Restore guide for how to backup this data. Other data stores used by ThreadFix are only used for transient data and do not need back up policies.

  5. Can ThreadFix Support assist with third-party components, applications, tools, and/or services?

    Yes, however ThreadFix Support’s assistance with third-party components, applications, tools, and/or services is provided/ limited to what is necessary to install, upgrade, troubleshoot ThreadFix.

  6. What API is available for users to integrate with?

    ThreadFix offers a robust list of API for customers to integrate into their environments.

  7. What kind of reporting can ThreadFix provide?

    ThreadFix provides a variety of vulnerability Analytics & Reports containing metrics which can be exported to common formats such as PDF, CSV and SSVL.



disregard below

Getting Started with ThreadFix 3.X


How to handle cycling of certs/secrets (pod recycling)?1) Capacity sizing of clusters and other resources PVs, DBs, in consideration with Navy Federal needs

  1. capacity sizing of clusters and other resources PVs, DBs

  2. Recovery approach of persistent data for Stateful sets, if any node goes down or in upgrade / patching scenarios

    1. nothing to change, its transient data. Data stored in sql server, recommend to scale it up.

    2. if node goes down persistent volume should be fine and the node will remap onto a new node.

  3. Design of High availability setup of the application within the same region

  4. Any performance testing indicators required

  5. Integration endpoints to other applications and any networking changes required

  6. Enable Authentication / SSO functionality

  7. Any specific concerns or issues (known) of having ThreadFix deployed in a separate Namespace while other tools to be deployed in their own namespaces and in the same AKS cluster

  8. Product updates/ tool security patches update with helm charts and impact on the downtime

  9. Active-Passive application configuration (if any)

10) DB sync if active-passive model HA deployment model
11) Heartbeat kind of utilities support HA deployment (if any)
12) Custom extension APIs and Certificate Transparency, if we will use TLS 1.2/ 1.3

Table of Contents

  • No labels