As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Uploading Scan Files 3.X
- Daniel Colon
You will learn
How to begin uploading vulnerability scans.
Prerequisites
Audience: IT Professional, or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: Sample scan file w3af-demo-site.xml (optional)
Upload Scan
Expand the application and click the Upload Scan button to open an Upload Scan dialog. Either drag and drop a scan file into the dialog or click Browse to navigate to the file. A sample scan file, w3af-demo-site.xml, has been provided.
Alternately, click on the application's link to navigate to its Application Details page and either drag and drop a scan file into it or click the Action button and select Upload Scan to open the same dialog shown below.
Note the Upload Scan pop-up below:Note if ThreadFix is under maintenance, scans will not be able to be uploaded until the maintenance period has concluded.
Once maintenance is complete, a notification will appear at the top of the screen.
Below are the current allowed file types that can be uploaded as scans:
.csv
.digest
.fpr - Note: any .fpr file containing a non-allowed file type will be rejected
.json
.nessus
.ozasmt
.xml
Multiple Scan Upload
Users can upload more than one scan file at a time into ThreadFix by dragging them into the Application Details page or the Upload Scan dialog. ThreadFix will ask the user to choose between uploading them as a single scan (combining all of the scans' findings into a single scan) or as multiple scans. Note the example use cases for each option below:
Single scan: If an application was scanned in parts (e.g., microservices) by the same scanning tool, the user can upload all of the scans encompassing the entire application as a single scan. Note that all subsequent uploads will need to include the newest available scan for all of the parts, whether they've all been re-scanned or not.
Multiple scans: If a single application was scanned by more than one scanning tool, the user can upload all of the scans as multiple scans, which will result in ThreadFix aggregating and/or merging the findings from all of the scans.
Scan Queue
The uploaded scan will be put into a queue. Progress can be checked from the Application Details page by clicking on the application.
A banner at the top will indicate that changes are pending. Clicking the banner will expand it to show the scan upload being executed. When complete, the banner at the top will indicate as such.
Click the banner to refresh the page which will show the result of the uploaded scan.
Table of Contents
- 1 You will learn
- 1.1 Prerequisites
- 1.2 Upload Scan
- 1.2.1 Multiple Scan Upload
- 1.3 Scan Queue
- 2 Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.