Uploading Scan Files

You will learn

How to begin uploading vulnerability scans.

Prerequisites

Audience: IT Professional, or End User
Difficulty: Basic
Time needed: Approximately 15 minutes
Tools required: Sample scan file w3af-demo-site.xml (optional)

This section is a simple demo that walks through the basic ThreadFix setup and functionality after having set up ThreadFix per the Installation and Upgrade Guide and starting Tomcat.

Upload Scan

  1. Expand the application and click the Upload Scan button to open an Upload Scan dialog. Either drag and drop a scan file into the dialog or click Browse to navigate to the file. A sample scan file, w3af-demo-site.xml, has been provided.

  2. Alternately, click on the application's link to navigate to its Application Details page and either drag and drop a scan file into it or click the Action button and select Upload Scan to open the same dialog shown below.


    Note the Upload Scan pop-up below:

Multiple Scan Upload

Users can upload more than one scan file at a time into ThreadFix by dragging them into the Application Details page or the Upload Scan dialog. ThreadFix will ask the user to choose between uploading them as a single scan (combining all of the scans' findings into a single scan) or as multiple scans. Note the example use cases for each option below:

  • Single scan: If an application was scanned in parts (e.g., microservices) by the same scanning tool, the user can upload all of the scans encompassing the entire application as a single scan. Note that all subsequent uploads will need to include the newest available scan for all of the parts, whether they've all been re-scanned or not.

  • Multiple scans: If a single application was scanned by more than one scanning tool, the user can upload all of the scans as multiple scans, which will result in ThreadFix aggregating and/or merging the findings from all of the scans.

Scan Queue

The uploaded scan will be put into a queue. Check its progress from the Application Details page by clicking on the application.

  1. A banner at the top will indicate that changes are pending. Clicking the banner will expand it to show the scan upload being executed. When complete, the banner at the top will indicate as such.

  2. Click the banner to refresh the page which will show the result of the uploaded scan.