As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Scan Date Integration (2.X)
The following Scan Date Integration details apply only to ThreadFix 2.8.3 or newer.
Scanner Import Time Zone Logic
Generally speaking, ThreadFix can derive and display a timestamp containing a time zone from a scanner result in the following scenarios:
If a scanner provides date/time along with a time zone, ThreadFix will store it in the database in UTC and and display it in the UI based on the user's browser’s local time zone
If a scanner provides a date/time but not a time zone, in order to maintain consistency with prior releases ThreadFix will continue to treat the time to be displayed as based on ThreadFix server’s local time
If a scanner does not provide a date/time, ThreadFix uses the current date/time in UTC for the scan date
Submitting a Scheduled Pen Test with Time Zones
Introduced in 2.8.3, when submitting a Pen Test, a time zone drop down will allow users to set a desired time zone region. When viewing a Pen Test result, the time zone on the display will be based on the user’s browser’s local time.
Application Versioning with Time Zones
Introduced in 2.8.3, when creating versioning for an application, a time zone drop down will allow users to set a desired time zone region. When viewing a scan result, the time zone on the display will be based on the user’s browser’s local time.
Configuring the Time Zone for Scheduled Jobs
Introduced in 2.8.3, when scheduling a Remote Provider Import, a time zone drop down will allow users to set a desired time zone region for the scheduled job. This is applicable for both Select and Cron Expression scheduling methods.
Time Zone Displayed on UI
Note the time zone displayed next to the date and time on the far right of the UI.
Scanners Scan Date Time Zone Integration by ThreadFix
The following color-coded chart illustrates the manner in which scanners provide a time zone in ThreadFix.
Scanner Name | Scan Date Time Zone in ThreadFix |
Acunetix WVS | ThreadFix Server Time Zone Assumed |
Acuentix 360 | Scanner Provides Time Zone |
Application Security On Cloud | Scanner Provides Time Zone |
AppScan Dynamic | ThreadFix Server Time Zone Assumed |
AppScan Enterprise | Scanner Provides Time Zone* |
AppScan Source | ThreadFix Server Time Zone Assumed |
AppSpider | ThreadFix Server Time Zone Assumed |
Arachni | Scanner Provides Time Zone |
Barracuda Vulnerability Manager | Upload Date |
Black Duck | Upload Date |
Brakeman | Scanner Provides Time Zone |
Burp Suite Pro | Scanner Provides Time Zone |
Checkmarx | ThreadFix Server Time Zone Assumed |
Clang | ThreadFix Server Time Zone Assumed |
CodeProfiler | N/A |
Contrast | Upload Date |
Coverity | Upload Date |
CppCheck | Upload Date |
Dependency Check | ThreadFix Server Time Zone Assumed |
Dependency Track | Upload Date |
FindBugs | ThreadFix Server Time Zone Assumed |
Fortify On Demand | Scan Date = ThreadFix Server Time Zone and Assumed, Updated Date = Scanner Provides Time Zone |
Fortify SSC | Scan Date = ThreadFix Server Time Zone and Assumed, Updated Date = Scanner Provides Time Zone |
FortifySCA | Scan Date = ThreadFix Server Time Zone and Assumed, Updated Date = Scanner Provides Time Zone |
Kiuwan | Scanner Provides Time Zone |
Mavituna Security Netsparker | ThreadFix Server Time Zone Assumed |
Microsoft CAT.NET | ThreadFix Server Time Zone Assumed |
Nessus | ThreadFix Server Time Zone Assumed |
Netsparker Enterprise | Scanner Provides Time Zone |
NowSecure | Upload Date |
OWASP Zed Attack Proxy | ThreadFix Server Time Zone Assumed |
Pen Tests | Scanner Provides Time Zone |
PMD | ThreadFix Server Time Zone Assumed |
QualysGuard WAS | Scanner Provides Time Zone |
Skipfish | ThreadFix Server Time Zone Assumed |
Snyk | Scanner Provides Time Zone |
SonarQube | Upload Date |
Sonatype | Scanner Provides Time Zone |
SSVL | Scanner Provides Time Zone |
SWAMP SCRAF | Upload Date |
ThreadFix File | Scanner Provides Time Zone |
Trustwave Hailstorm | ThreadFix Server Time Zone Assumed |
Veracode | Scanner Provides Time Zone |
w3af | ThreadFix Server Time Zone Assumed |
WebInspect | Scanner Provides Time Zone |
WhiteHat Sentinel | Scanner Provides Time Zone |
WhiteHat Sentinel Source | Scanner Provides Time Zone (at midnight) |
WhiteSource | Scanner Provides Time Zone |
\* ThreadFix will attempt to extract the time zone, if this is not successful ThreadFix will default to the ThreadFix Server time.
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.