As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

System Navigation

Application Menu

The Application menu contains the Dashboard, Portfolio, Scans, Analytics, Integrations, and Customize pages.


The Dashboard is a high-level view of applications, depending on the user’s role in the system. To an Administrator, the Dashboard will show trending vulnerabilities, applications with the most vulnerabilities, the most recent scans uploaded, and any recent comments made. This view is customizable, allowing placement of different types of ThreadFix vulnerability data here. This view is governed by ThreadFix’s role-based access control, so it will only contain data the authenticated user is authorized to view.

The Dashboard is divided into four UI elements:

  • Application data

  • Vulnerability trends

  • Recent uploads

  • Recent comments



The Portfolio page allows for the organization of teams in ThreadFix. An administrator assigns applications to teams. From the Portfolio page users can create new teams, add applications to them, view vulnerabilities that team's applications have, and see the progress made in addressing them. Through the drop-down menu users can select Team View or Applications View.

Team View

Particular team details can be expanded to view further information:

Application View

Risk Weights- Optional Portfolio View - Beta

If Risk Ratings have been enabled, the Portfolio page will contain an added drop-down view for Relative Risks.

Applications will be sorted according to their overall risk level.


From the Scans page the user can view a list, by date, of all the scans uploaded to ThreadFix with links to see the details of any individual scan. The user can identify scans by date, application, team, and scanner. Also listed are the number of vulnerabilities and their severity.


Analytics is the reporting and metrics part of ThreadFix, featuring real-time charting and filtering, enabling the user options to display data any way necessary. The Analytics page is divided into the following five tabs: Trending, Snapshot, Remediation, Vulnerability Search, and Hotspot.

The Trending tab offers a graphic Trending Report display for totals of vulnerabilities across teams, applications, and tags across a period of time.


The Snapshot tab offers users multiple selectable quick views of application and/or vulnerability data. The snapshots display reports for, among others, Vulnerability Progress By Type, Most Vulnerable Applications, and a Scan Comparison Summary.


The Remediation tab provides a count of severities, categorized by level, along with detailing the starting and ending counts.

Open / Closed Vulnerabilities

The Remediation tab also displays lists for Open and Closed vulnerabilities. Each list details the vulnerabilities’ name, severity level, associated application, and team name. Each vulnerability can be selected to view more details.

The Vulnerability Search tab lists all vulnerabilities found and allows the user to view detailed information behind each. The vulnerability tree is categorized by the primary and secondary pivots, with the default pivots being Severity and Issue Type respectively.


The Hotspot tab displays summaries of shared static vulnerabilities analyzed across applications for any overlapping vulnerabilities which may indicate the likelihood of shared vulnerable source code.

Integrations Sub-Menu

The Integrations sub-menu contains the Remote Providers, Defect Trackers, GRC Tools, and Scan Agent Tasks pages.

Remote Providers

The Remote Providers page contains tabs for Remote Providers, Scheduled Imports, and Scheduled Sync Tasks.

Remote Providers Tab

The Remote Providers tab gives users the means to create new providers, create associated ThreadFix applications, sync Remote Provider applications, and import scans. Applications can also be mapped from this tab.

Scheduled Imports Tab

The Scheduled Imports Tab allows users to create new scheduled Remote Provider Imports.

Scheduled Sync Tasks

The Scheduled Sync Tasks tab allows users to create new scheduled Remote Provider syncs.

Defect Trackers

The Defect Trackers page consists of the Defect Trackers tab and the Scheduled Updates tab.

Defect Trackers Tab

The Defect Trackers tab lets users create and set credentials for new Defect Trackers.

Scheduled Updates Tab

The Scheduled Updates tab is where users can schedule the frequency and time for Defect Trackers to update.

GRC Tools

The GRC Tools page consists of the GRC Tools tab and the Scheduled Updates tab.

GRC Tools Tab

The GRC Tools tab lets users create and set credentials for new GRC Tools.


Scheduled Updates Tab

The Scheduled Updates tab is where users can schedule the frequency and time for GRC Tools to update.


Scan Agent Tasks

Scan Agents are agents that reside on the same server as the scanner and waits for commands (Scan Agent Tasks) from ThreadFix to scan a target, a preconfigured application, and sends the scan results back to ThreadFix for import.

Application Menu Customize Sub-Menu

ThreadFix provides users multiple options to customize performance for the desired environment.

ThreadFix Vulnerability Types

The Severity Mappings tab gives users the means to map a vulnerability type to a severity level.

The Custom Text tab lets users create customized text that will display alongside a designated CWE.

Scanner Vulnerability Types

The Scanner Vulnerability Types page contains the Severity Mappings tab, CWE Mappings tab, and the Deny List/Allow List tab.

Severity Mappings

The Severity Mappings tab allows scanner vulnerability types to be mapped with a source scanner vulnerability and a generic severity type.

CWE Mappings

The CWE Mappings tab allows users to export mappings as well create mappings for unmapped vulnerability types.

Deny List / Allow List

The Deny List/Allow List tab gives users a quick way to select which scanner vulnerability types are added or removed from Deny or Allow lists. Note: Scan findings that match a Deny mode criteria are not imported into ThreadFix.

ThreadFix Severities

By utilizing the Custom Name tab along with the Show and Hide tab, ThreadFix allows uses to customize severity levels and customize which severity levels are visible.

Custom Name

Through the Custom Name tab, ThreadFix allows users to edit the default name for the various severity levels.

Show and Hide

Users can select which severity levels are displayed through the Show and Hide tab.

Scanner Severities

The Customize Scanner Severities page contains the ThreadFix Severity Mappings tab and the Suppress Scanner Results tab.

ThreadFix Severity Mappings

The ThreadFix Severity Mappings tab lets users map customized Scanner Severities to Generic Severity levels and allows the option to exclude any desired level.

Suppress Scanner Results

The Suppress Scanner Results tab allows users to create new scan result filters based on scanner type and severity.

Metadata Keys

The Metadata Keys page gives users the options to create Scan Metadata Keys and/or Application Metadata Keys.


The Tags page allows users to create tags that can be associated with Applications, Vulnerabilities, or Vulnerability Comments.



The Policies page holds the Filter Policies tab, Pass Criteria tab, Defect Reporters tab, and Time to Remediate Policies tab.

Filter Policies

The Filter Policies tab lets users create a policy with an associated filter as well as enable/disable email notifications per policy.

Pass Criteria

The Pass Criteria tab provides the means to create Pass Criteria Groups with associated severities and map applications to them.

Defect Reporters

The Defect Reporters tab lets users set up a new Defect Reporter with an associated severity and grouping option.

Time to Remediate Policies

The Time to Remediate Policies tab allows users to create and modify Time to Remediate Policies along with adding associated Applications, Teams, and Tags. Email notifications can also be enabled/disabled.


The Filters page allows users to create and modify filters based on multiple categories and criteria.


The Global menu has an Administration sub-menu which contains the System Settings, Identity Management, API Keys, Email Reports, Email Lists, and Queue Management pages.

Administration Sub-menu

System Settings

The System Settings page provides user customization settings for Login, Reports, Scanners, Exports, Scan Files, and Other available options through their respective tabs.

Login Settings

The Login Settings tab allows users to customize login defaults as well as adjust SAML settings.

Report Settings

The Report Settings tab lets users customize the information displayed, including the option to select which kinds of reports appear by default on the Dashboard page’s widgets. The report widgets for the Application Detail and Team Detail pages also provide selective options.

Scanner Settings

Vulnerability information from scanners can be prioritized by as desired in the Scanner Settings tab. New scanners can also be created from this tab.

Export Settings

By selecting specific values in the Export Settings tab, users can customize what information is displayed in exported reports.


Other Settings

The Other Settings tab hosts a collection of settings for users to adjust Proxy, Email, and Vulnerability Close Settings. It also includes other options that can be toggled on/off such as the ability to Enable Risk Ratings or Remote Provider Bidirectional Communication.

Scan File Settings

Users can set the location on a file system for Scan Files to be uploaded to and create Retention Policies from the Scan File Settings tab.

Identity Management

The Identity Management page provides user the ability to manage Users, Roles, Groups, Pen Test Teams, and generate User Audits.

Manage Users

Through the Manage Users tab, User profiles can be created and added to Roles, Groups, and Pen Test Teams.

Manage Roles

The Manage Roles tab allows users to create Roles and adjust permission levels, add Users, and Groups.

Manage Groups

Through the Manage Groups tab, users, Pen Test Teams, Team and Application Roles can be added to Groups.

Manage Pen Test Teams

Users can add Users and Groups to Pen Test Teams through the Manage Pen Test Teams tab.

User Audit

The User Audit tab gives users the ability to export reports detailing user access details and associated Groups and Roles.


API Keys

The API Keys page allows the user to create, edit, or delete API Keys.

Email Reports

The Email Reports page allows the user to create and edit email reports, add recipients, and manage report scheduling.

Email Lists

The Email Lists page allows the user to create and populate an email distribution list.

Queue Management

The Queue Management page allows the user to view various available Scan Queue Management values, statuses, source types, and cancellation options. These are displayed similarly across the Vulnerability Queue, Scheduled Task Queue, and Defect Queue tabs.


Table of Contents |
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.