Secure DevOps with ThreadFix 2.3

Thanks to everyone who attended our Secure DevOps with ThreadFix 2.3 webinar today and thanks to all the great ThreadFix contributors who help make it possible. Hopefully folks enjoyed the presentation, and I certainly enjoyed all the Q&A.

An expanded set of slides and a recording of the presentation can be found here:

In addition to the material in the slides, there were some great issues brought up during the Q&A. I wanted to address a subset of those here – so here we go:

How Can ThreadFix Handle Results From Currently Unsupported Dynamic Scanning Engines?

Firstly – if you are interested in seeing support for a new scanning technology, you can contact the ThreadFix team and we will take a look. If you are interested in building support for a new scanner on your own, we have documentation available as well as sample source code:

How Does the Correlation Process for Different Scan Engines Work?

At the moment, these documents are a bit out of date, but should provide a baseline understanding of how the merge process works. We have:

What Services Are Available for ThreadFix?

Check out our online documentation for the ThreadFix enablement services that Denim Group provides.

When Will Some of the New Functionality Discussed In This Webinar Be Available?

ThreadFix 2.3 should be released in the September-ish time frame. In the meantime, we will be releasing milestone and RC builds and those should be starting shortly (within the next week or so). Keep an eye on this blog, the ThreadFix Google Group, and the @ThreadFix Twitter account.

Contact us for help putting application security into your DevOps pipeline.


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.