As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Users can configure severities for CWE types, such as "all XSS vulnerabilities are now Critical." Users can also configure custom remediation text for a CWE that will be included in any defects submitted for that vulnerability.

Severity Mappings

Severity Mappings in ThreadFix give the administrator the ability to remap vulnerabilities to standard CWE types. First, click the Create New Mapping button to the left. This brings up a modal dialog for the mapping. Start typing, for example, "CSRF" into the Source Vulnerability Type field and you will see a dropdown with CWE types that match your text, as seen below.


In the Target Severity Type field, you will see the severity types for applications available to apply to the chosen vulnerability, High, Low, Medium, Critical, Info and Ignore.

Setting the severity to Ignore will cause all vulns with the selected CWE to have a status of Hidden; they will thus not be included in your vulnerability count.

You can view these in a vuln tree by expanding the Field Controls filter and checking the Hidden box within the Status section.

To undo this change, simply delete the mapping created above (click Edit/Delete and then Delete).



Click Save Mapping and you will see your newly created mapping in the Vulnerability Types list.


Custom Severity Text

An administrator can add custom text to vulnerability types as well. These could be general notes, instructions to developers, or any useful information for that particular vulnerability. This custom text will be included in any defects submitted for that vulnerability.

To set custom text for a vulnerability, first click the Custom Text tab. This will display a modal dialog. As in the mappings section, begin typing the name of the vulnerability and you will be presented with matching CWE types. Select the vulnerability that requires custom text.


Next, type in the text you would like to add.


Click the Set Custom Text button. This saves the text and attaches it to your vulnerability.

Next to the new entry is an Edit/Delete button that allows for editing or removal of custom text entries.


  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.