As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Fortify Audit Workbench
- Daniel Hall (Unlicensed)
- Daniel Colon
- Hector Ruiz (Unlicensed)
You will learn
How to generate a Fortify Audit Workbench report and upload it to ThreadFix.
Prerequisites
Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A
Generate Results
After launching Audit Workbench, select Scan Java Project...:
Select the directory containing the Java Project to be scanned and click OK:
Select the version of Java the project uses and click OK:
Select the appropriate options from for the project (the defaults work for a majority of projects) and select Scan:
After the scan has finished, from the File menu select Save Project As... and save the results to the desired directory:
Filter Set
To see all vulnerabilities within Audit Workbench before uploading them to ThreadFix, go to Tools -> Project Configuration > Filter sets and make “Security auditor view” the default filter set before saving.
Upload Results
After generating a report, log in to ThreadFix and navigate to the Portfolio page, found on the Navigation sidebar under the Application sub-menu.
Expand the Team the report will be uploaded to:
After picking one of the Team's applications, select Upload Scan and drag the report into the pane:
Once ThreadFix finishes processing the report, the results can be viewed on the individual application's page:
Finding Status Processing
The following list indicates how finding statuses from Fortify are marked within ThreadFix when ingesting a scan:
Not an issue or Suppressed - False Positive
Exploitable or Need more information - Open
Hidden - not ingested into ThreadFix
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.