As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

This page details how to manually map unmapped Findings in ThreadFix.

Introduction

Occasionally, you will upload a scan into ThreadFix and find that no Findings seem to have been uploaded into the system. Now, how can this be so when you know your scan file had vulnerabilities listed in it? It's because none of those vulnerabilities were able to be mapped to a CWE. In this scenario, you'll notice that you have a few items under the 'Unmapped Findings' tab on the Application detail page.


These are the Findings generated by ThreadFix that have yet to be mapped to a CWE ID.


Map Findings

The following functionality requires the user to have the ‘Manage Vulnerability Types’ permission at the global role level, since the CWE mapping needs to be applied to all vulnerabilities that have findings with the same scanner vulnerability type across your entire portfolio of teams/apps.


  1. Click 'Create Mapping'.

  2. Either start typing in the CWE ID or CWE description that matches the Finding vulnerability type then submit.



  3. Notice how the finding now shows up under the Vulnerabilities tab.



  4. Continue mapping the remaining Findings until you have completed the list.
Remapping a Vulnerability is deprecated as of version 2.8.4.



  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.