Consolidate Scan Results

Escape spreadsheets and
PDF reports forever

ThreadFix automatically consolidates, de-duplicates, and merges imported results from commercial and open source dynamic (DAST), static (SAST), and interactive (IAST) application scanning tools. It also tracks the results of manual testing and threat modeling, providing a unified view of the security state of all your applications.


Import Results from Multiple Scanning Tools

ThreadFix currently integrates with more than 30 SAST, DAST, and IAST application scanning tools, including IBM AppScan, HP Fortify, and HP WebInspect. Learn more about ThreadFix integrations.


Merge Vulnerabilities across SAST, DAST and IAST Application Scans

ThreadFix’s patent-pending Hybrid Analysis Mapping (HAM) technology saves security analysts time by removing the need to manually merge the results of static and dynamic testing activities using inefficient tools, such as Excel. See the full list of scanning tools ThreadFix currently supports.


Track Manual Findings

In addition to vulnerabilities identified by scanners, ThreadFix tracks vulnerabilities identified by manual testing and other assurance activities, such as penetration tests, code reviews, and threat modeling.


Consolidate and De-Duplicate Vulnerabilities

ThreadFix normalizes vulnerability data to identify duplicate SAST and DAST scan results, according to the industry standard, MITRE Common Weakness Enumeration (CWE). Vulnerability metadata, such as attack surface location and source code control flows, are also tracked to help support vulnerability analysis and resolution.


Scheduling Scan Orchestration with Scan Agents

ThreadFix maintains an internal queue of upcoming scans and configurations allowing security teams to automate the task of scheduling and importing data with multiple DAST scanning technologies. See the full list of DAST scanning technologies ThreadFix currently supports


Scanner Seeding

Using ThreadFix’s Hybrid Analysis Mapping (HAM) technology, ThreadFix performs lightweight static scans of an application’s source code to generate a list of hidden URL paths, injection points and parameters that the application may not expose to a standard scanner crawling engine. This data kickstarts the spidering process offering better scan coverage for applications that expose these sorts of hidden capabilities.

Are You Ready?

Get Started