ThreadFix is a software vulnerability aggregation and management system that helps organizations to aggregate vulnerability data, automatically consolidating and merging imported results from scanning tools.
Kiuwan allows you to upload Kiuwan analyses results to ThreadFix for further analysis and action.
Basic usage of Kiuwan-ThreadFix integration consists of two steps:
Download the Kiuwan results (in ThreadFix format)
Upload the results to the ThreadFix platform
There are different ways to download Kiuwan results in ThreadFix format:
Code Security dashboard (web interface)
Kiuwan Local Analyzer (command-line interface)
Kiuwan REST-API (programmatic interface)
How to download the results of the analysis
Code Security dashboard
Go to Code Security > Vulnerabilities, then open the hamburger menu and select Export to ThreadFix.
A JSON File will download, containing results of the Kiuwan analysis in ThreadFix format.
The exported results will be those of the selected analysis.
Kiuwan Local Analyzer CLI
You can use Kiuwan Local Analyzer's Command Line Interface (CLI) to download the results of any Kiuwan analysis.
Remember that exporting the results is a different KLA invocation from the one that runs the analysis.
first, execute the analysis
second, download the results
To indicate the analysis to be exported, you can either specify the application name (and last baseline analysis will be chosen) or the analysis Id (it can be a baseline analysis or a delivery analysis).
To download the results in ThreadFix format, you must use the following KLA command-line-interface options:
Download data from Kiuwan. An app name (-n) must be specified.
If no analysis code (-ac) is specified, data from the last available baselines will be retrieved.
An export format must be spceified (-f).
Name of the target application
In retrieve data mode, code that indentifies the analysis to get data from
In retrieve data mode, the export fomat. Available formats [threadfix]