As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

CI/CD Pass Criteria 3.0

Owned by Daniel Colon
Last updated: Jan 29, 2022
3 min read

You will learn

How to create Pass Criteria Groups and add associated applications.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: If any

Introduction

Pass Criteria allows users to evaluate applications based on the amount of vulnerabilities a severity has, or the amount of vulnerabilities for a severity introduced since a point in time. These are primarily meant to be used with the Evaluate CI/CD Pass Criteria REST call, found at: Evaluate CI/CD Pass Criteria - API

Creating Pass Criteria

  1. Pass Criteria can be found by expanding the Application menu from the Navigation sidebar, opening the Customize sub-menu, select the Policies page and clicking on the Pass Criteria tab.

  2. Click on the Create Pass Criteria Group button.

     

  3. A modal will appear, enter a name for the Pass Criteria Group to be created. Click the Add Criterion button.

     

  4. Select a value for either Not Allowed or Not Introduced, this is required but one of the two can be left blank. Click the Create Pass Criteria Group button.

    Note a selection must be made otherwise it cannot be created and will result in an error.


    Note the example below has both options selected.

     

  5. The new Pass Criteria Group will be added to the list, it can be clicked on to expand and see its details. From here the Pass Criteria can edited or deleted and Applications can be associated with the criteria using the Manage Applications button.

Managing Applications

  1. After creating Pass Criteria, click the Manage Applications button next to each in order to attach Applications and view their evaluation status.

  2. From the Manage Applications modal, begin entering the name of a desired team/application and select it from the autofill displaying list. Click the Add Application button.

     

  3. The application will be added, and from the same modal it can be removed or additional applications can be mapped.

     

  4. After adding Applications, users can run the REST call to evaluate their status (Evaluate CI/CD Pass Criteria - API).  From the Manage Applications modal for the Pass Criteria users can see the status of the evaluation; hovering a mouse cursor over the status will display the Pass Criteria rules at the time of evaluation.  This will inform why an application passed or failed even if users edit the rules of the Pass Criteria.

Evaluation Automation

To get the most use out of Pass Criteria, users may want to have automated processes run evaluations on applications and return information based on the results. Aside from REST calls used to manage CI/CD Pass Criteria, users can also utilize the ThreadFix Jenkins Plugin (Jenkins Plugin). 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.