Blog

Blog: Automated Testing for the ThreadFix CLI

The Task ThreadFix offers a command line interface jar to create teams, add applications, assign tags, search for vulnerabilities, and much, much more from the shell or command prompt. The number of actions available in the CLI has grown over... Read more…

Blog: HaaM: HAM as a Module

ThreadFix has several modules, including one for Hybrid Analysis Mapping. Using HAM as a module provides us a good degree of flexibility in several areas: 1. Decoupling data types from ThreadFix allows database-free unit testing 2. The module can be... Read more…

Blog: ThreadFix, Sonar and Hibernate Java Annotations

SonarQube is “an open platform to manage code quality.” As security is certainly an aspect of code quality, we wrote a Sonar plugin to allow Sonar users to view ThreadFix security issues alongside results from other Sonar sensors. See Everything... Read more…

Blog: Analyzing Hybrid Analysis Mapping (HAM) – Part 2

As part 2 of the Analyzing HAM series, this week I’ll try to summarize the main strategy behind HAM. Or, as one ThreadFix developer once referred to the HAM system, the Matrix. [caption id="attachment_2591" align="aligncenter" width="570"] Wake up, HAM data.[/caption] The... Read more…

Blog: Secure DevOps with ThreadFix 2.3

Thanks to everyone who attended our Secure DevOps with ThreadFix 2.3 webinar today and thanks to all the great ThreadFix contributors who help make it possible. Hopefully folks enjoyed the presentation, and I certainly enjoyed all the Q&A. An expanded... Read more…

Blog: ThreadFix 2.2.7.1 Release

The ThreadFix team has been hard at work to bring you the best of their efforts and those of the community via the ThreadFix Community Edition for application vulnerability management. We are excited to announce that the latest version is... Read more…