As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Upgrade Validation Checklist

You will learn

How to validate a ThreadFix instance after upgrading from a previous version.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 25 minutes
Tools required: MySQLWorkbench (optional), SSMS (optional)

Before any upgrade, perform a backup for the Database as well as system and environment settings. ThreadFix recommends allowing all processing to complete and/or following the system Backup & Restore guide.

Prior to beginning any upgrades or migration, ThreadFix strongly recommends users review the Upgrade & Migration Guidelines.

Validation

  1. Validate the server startup. Refer to the validation steps in the following guide: Install with Helm.

    1. Check if all containers are up by running kubectl get pods. This will show all the pods, when their statuses all show as Running, the database migration is complete.

    2. Check the server logs for errors.

  2. For Admin only - Connect to the Database and validate the following databases. ThreadFix recommends using MySQLWorkbench for MySQL and SSMS for MsSQLServer.

    1. threadfix

    2. network

    3. provider

  3. For Admin only - Validate the migration script by running the following script from the database. ThreadFix Support will provide the latest script version based on the database version. Please validate the success flags, which should all be set to 1.
    Note: The following commands do not apply when the database is hosted within Docker. The user needs to Shell into the container and run the commands.
    select * from threadfix.flyway_schema_history where version is not null;
    select * from network.flyway_schema_history where version is not null;
    select * from provider.flyway_schema_history where version is not null;

  4. Validate the version by logging into the UI. Validate all UI screens and reports by navigating the application.

  5. Use ThreadFix Network API endpoints to to take account of how many Network, Asset, Finding, and Vulnerabilityare found within the environment being validated. Example: ‘GET https://{server}/api/network/assets’ will retrieve the first page. However, the return value for totalCount retrieves the count in ThreadFix’s system.
     

  6. Simulate an import of a scan file, if there is an existing test import file available, start an import for such a file. Note: This step may affect reporting and vulnerability calculation, therefore, please make sure this is an import that is desirable or can be quickly removed.

    1. If a file was imported in the previous step that needs to be removed from the system, deleting said file is also a valid testing method.

  7. Navigate to the Integrations - Remote Providers menu to validate all the provider settings that were previously created are still valid. If this is the first time, perform a set up, please refer to the Remote Providers document for further instructions.

  8. Navigate to the Integrations - Defect Trackers menu to validate the settings. Please refer to the Software Defect Trackers document for further instructions.

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.