As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Hotspot Report 3.X
Introduction
Reporting in ThreadFix provides the ability to view application vulnerability data from many different angles. There are several different report types, each with its own filter set. These filters include limiting the view of data by date range, merged vulnerabilities, and various other metrics that allow users to control the visualization of application vulnerability data. Reports can be exported in various formats, such as PDF, CSV and SSVL. This allows for easy sharing of vulnerability data amongst teams and stakeholders. The following is a breakdown of each report and the data it displays.
Hotspot
The Hotspot tab displays summaries of shared static vulnerabilities analyzed across applications for any overlapping vulnerabilities which may indicate the likelihood of shared vulnerable source code. For information on creating a Shared Vulnerability Schedule please see the System Settings guide.
The Hotspot tab displays two time stamps, the first is the time the last update began and the second is when said scan completed. The Severity level, Confidence score, Vulnerability Count as well as Vulnerability Type will display for all vulnerabilities that have been found.
The Shared Vulnerability Schedule feature allows a user to select a time to calculate the Shared Vulnerability report in the Hotspot section of the Analytics page. This patented calculation analyses data flows from static results across all applications within ThreadFix to find areas of overlap indicating a likelihood of shared vulnerable source code. Due to the very large memory and processing requirements of this feature, users interested in the Shared Vulnerability Schedule should contact ThreadFix Support for recommendations when large sets of vulnerabilities exist within their instance.
To gain further details for any of the vulnerability types, click on View Details. Details will display for each of the vulnerability findings including the associated Scanner Name, Finding Name, Application, and Team.
Table of Contents
- 1.1 Introduction
- 1.1.1 Hotspot
- 1.1 Introduction
- 2 Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.