As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Generate Results

After launching Audit Workbench, select Scan Java Project...:


Select the directory containing the Java Project to be scanned and select OK:


Select the version of Java the project uses and select OK:


Answer the following for the selected project(the defaults work for a majority of projects) and select Scan:


After the scan has finished select File → Save Project As... and save the results to the desired directory:

Filter Set

To see all vulnerabilities within Audit Workbench before uploading them to ThreadFix, go to Tools -> Project Configuration > Filter sets and make “Security auditor view” the default filter set before saving. 

Upload Results

After generating the report, log in to ThreadFix and navigate to the Teams tab. Expand the Team that the report will be uploaded to:


After picking one of the Team's Application, select Upload Scan and drag the report into the Pane:


Once ThreadFix has finish processing the report, the results can be viewed on the Application's page:


Finding Status Processing

The following list indicates how finding statuses from Fortify are marked within ThreadFix when ingesting a scan:

  • Not an issue or Suppressed - False Positive
  • Exploitable or Need more information - Open
  • Hidden - not ingested into ThreadFix

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.