As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Custom Defect Templates (Kubernetes) (ThreadFix 3.0)

Owned by Daniel Colon
Last updated: Jan 29, 2022
3 min read

You will learn

How to create custom Defect templates in a Kubernetes environment.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 15 minutes
Tools required: N/A

This guide covers how to create custom Defect templates using Persistent Volumes and custom Defect templates using ConfigMaps, however, only one of the following sections should be utilized in an environment. The following guide assumes an instance using the default release name tf, if using a custom release name, replace tf with the appropriate release name. For example, if using the release name tf-qa, replace instances of tf-appsec with tf-qa-appsec.

Custom Defect Templates Using Persistent Volumes:

ThreadFix AppSec must be running before running the following commands.

  1. Create a file named velocity-templates.yaml with the following content:

    apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tf-appsec-velocity-templates spec: accessModes: - ReadWriteOnce resources: requests: storage: 1G

     

  2. Create the Persistent Volume Claim:

    kubectl apply -f velocity-templates.yaml

     

  3. Create a file named appsec-patch.yaml with the following content (<tf_version> should be replaced with the user’s current version of ThreadFix):

    spec: template: spec: initContainers: - name: tf-appsec-init image: docker.io/denimgroup/appsec:<tf_version> volumeMounts: - mountPath: /opt/velocityTemplates name: velocity-templates command: - bash - -c - | cp -r /usr/local/tomcat/webapps/threadfix/velocityTemplates/* /opt/velocityTemplates containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates name: velocity-templates volumes: - name: velocity-templates persistentVolumeClaim: claimName: tf-appsec-velocity-templates

     

  4. Apply the AppSec patch (Re-run this step anytime the configuration is changed via helm, for example helm upgrade...):

     

  5. Follow the Customize Defect Descriptions guide to create additional velocity templates.

  6. Set the ThreadFix AppSec Pod with the following:

     

  7. Copy templates to the ThreadFix container ( <new_template> should be replaced with the name of the user’s new or modified template):

     

  8. Restart the ThreadFix AppSec container:

Custom Defect Templates Using ConfigMaps

ThreadFix AppSec must be running before running the following commands.

  1. Set the ThreadFix AppSec Pod with the following:

     

  2. Copy existing templates to the local machine:

     

  3. Add new velocity templates to the ./defectTemplates directory. Follow the Customize Defect Descriptions guide for more information.

  4. Remove existing velocity templates ConfigMap (if necessary):

     

  5. Create ConfigMap from velocity templates:

     

  6. Create appsec-patch.yaml with the following content:

     

  7. Add the patch to AppSec (repeat this step on every helm upgrade):

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.