ThreadFix gives you the ability to "tag" applications, vulnerabilities, and comments to provide another method of manipulating the application vulnerability data you view.

ThreadFix has two predefined tags: HIPAA (Health Insurance Portability and Accountability Act) and PCI (Payment Card Industry, specifically the PCI’s Data Security Standard, or DSS). These can segregate applications with regulatory compliance demands in the medical or payment-processing spheres from the rest of the organization’s application portfolio. When you tag applications with the HIPAA or PCI tag, they become viewable in the Compliance Report section of Analytics.

ThreadFix’s tagging mechanisms are also useful beyond PCI and HIPAA. You can also create custom tags, organizing your applications, vulnerabilities and comments according to whatever schema you wish. You will see this demonstrated in the following examples of tag creation and assignment.

Below are articles describing each type of tag: