ThreadFix 1.0 Beta 17 Released.

Changes ThreadFix 1.0 Beta 17 :
– Added Scan deletion
– Added the ability to remove Remote Provider credentials
– Bugzilla now loads more dynamic fields
– Small bug fixesThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.
Threadfix database describes Vulnerability format :

Data Types
These are sorted in a logical progression through from Scan to Vulnerability.
This is the highest level item included in this diagram. Above Scans are Applications, which have 0 or more scans. Scans hold collections of Findings, which are parsed out of scan files by the importer.
A Finding holds specific information about a vulnerability that a scanner found. In the actual Finding, the channel-specific severity and vulnerability information is stored. The rest of the information is handled in linked objects.
Setup and Configuration

We recommend downloading 4 things (if you don’t have them already, of course):

Java JDK
The latest Spring Source Tool Suite
The latest Tomcat 6 server
The latest Git for Windows client.
The Java JDK can be found here:

Java 7 will work, although Java 6 was used during development.

The Spring Source download will be at their website:

Spring requires a JDK upon installation.

Tomcat 6 is here:

and Git for Windows is here:

Vanilla settings for all of these programs should work.

Importing the code to Spring. In Spring Source:

Click File/Import… and select Git / Projects from Git
Click Clone…
Enter into the URI field
Click Next
Pick a local directory
Click Next
Pick the repository that you just created
Click Finish
Set up the database
In Spring, select the file src/main/resources/threadfix-backup.script. Copy it.
Find the location on your filesystem where Spring is installed. On my install, it was C:Program Filesspringsourcests-2.8.1.RELEASE.
Create a folder named database in the sts-2.8.1.RELEASE folder.
Copy the threadfix-backup.script file into that folder, then rename it to threadfix.script.
If these steps don’t work or you aren’t on a Windows machine, try these steps:

Open src/main/resources/
Edit line 10 and replace “update” with “create”
Start the server
You may need to edit the time limit for starting the server if it doesn’t finish. You’ll also want to change it back to update after this initial creation.

Importing / starting the server Only a few more steps:

  • In the servers box in the bottom left, right click and select New / Server
  • Select Apache/Tomcat v6.0 Server, select the location where you saved the download (or had it installed), then click Finish.
  • Right click the server in the servers box, then click Add and Remove…
  • Select stonemill, then click Add, then click Finish
  • Select the Tomcat server and click the play button in the server bar.
  • Post-Configuration
  • Log in and edit the user accounts
  • In a web browser, navigate to


If you don’t see a login screen with the ThreadFix logo, something went wrong.

Try to log in with the credentials:

Username : user
Password : password
If you don’t get an error message, then your database is also set up correctly and you have set up ThreadFix correctly. The first item of business is to delete the “user” account and create one for yourself and anyone else who is using the system. To add a new user, click the “Configuration” link in the header bar, then “Manage Users,” then “Add User,” pick a name and password, and submit the form. To delete the user “user”, click the “Configuration” link in the header bar, then “Manage Users,” then the name in table “user,” then “Delete.”

Getting Started !!

Download : (109 MB)

Find Other Version |
Read more in here :