As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Software Defect Tracker

Owned by Daniel Colon
Last updated: Oct 13, 2023Version comment
2 min read

 

This section outlines the ThreadFix Defect Tracker (tool) support.

Introduction

ThreadFix currently supports these Defect Trackers:

As of ThreadFix versions 2.8.9, integration support has been discontinued for Bugzilla (ver 4.x & 5.x), IBM ClearQuest, and VersionOne.

 

This support involves two primary functions. The first is to bundle and export ThreadFix vulnerabilities into the tracker's defect format. The second is to get the current status of the defect from the tracker and update the ThreadFix vulnerabilities.

HP Quality Center

Hewlett-Packard's Quality Center is quality management software featuring defect and requirements tracking. It is available as a free, open-source Community Edition or as a paid Enterprise version. The Enterprise version has an expanded feature set and technical support. Installation of HPQC Enterprise can be on premise, or is available in a SaaS implementation. More information regarding HP Quality Center is available on the HP website.

JIRA

Atlassian's JIRA is a project management and issue tracking application, geared toward agile development. You can install JIRA on your own server, or use a hosted, SaaS solution. You can find more information on the Atlassian website. OAuth is supported in Threadfix for JIRA.

To be able to submit defects, the JIRA user account must have these permissions: Browse Projects, Create IssuesAssign Issues and, if the project does not allow non-assigned issues, at least one user must have the Assignable User permission.

ThreadFix leverages JIRA’s Status and Status Category* fields to determine if a defect is Open (red) or Closed (green). Note: If the Status Category is available, ThreadFix prioritizes it over Status.

JIRA has three status categories: To Do, In Progress, and Done. If a defect has a Status Category of “Done”, it is considered Closed in ThreadFix. The status of “Resolved” falls under the “Done” category.

JIRA allows users to create and map various statuses to different categories but does not allow users to create new categories.

Azure DevOps (formerly Microsoft Visual Studio Team Foundation Server / VSTS)

Azure DevOps is a version control and project management platform aimed at developing Windows applications.  More information can be found on Azure DevOps Services | Microsoft Azure. This application shares the same API as Visual Studio Team Services.

Note 2.X supports pulling a maximum of 100 projects for an organization.

Rally (CA Agile Central)

Rally (now CA Agile Central) is an enterprise-class platform that's purpose-built for scaling agile development practices. It provides a hub for teams to collaboratively plan, prioritize and track work on a synchronized cadence. You can read more about its features and capabilities on the CA Technologies website.



 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.