Versions Compared

Old Version 4

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 11

changes.mady.by.user Wara Hermosa Fernández

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide will show you how to integrate Kiuwan with ThreadFix. 

Contents: 

Table of Contents

Related pages:

 

 

...

Introduction to Kiuwan in ThreadFix

ThreadFix is a software vulnerability aggregation and management system that helps organizations to aggregate vulnerability data, automatically consolidating and merging imported results from scanning tools.

Kiuwan allows you to upload Kiuwan analyses results to ThreadFix for further analysis and action.

...

 

 

...

Basic usage of Kiuwan-ThreadFix integration consists

...

of two steps:

  1. Download the Kiuwan

...

  1. results (in ThreadFix format)

...

 

...

  2. Upload the results to the ThreadFix platform

There are

different ways to download Kiuwan results in ThreadFix format:

  1. Code Security

...

  1. dashboard (web interface)
  2. Kiuwan Local

...

  1. Analyzer (command-line interface)
  2. Kiuwan REST-

...

  1. API (programmatic interface)

...

How to download the results of the analysis

Code Security dashboard

 

Click on "Export to ThreadFix" menu option at Code Security >> Vulnerabiltities 

...

Go to Code Security > Vulnerabilities, then open the hamburger menu and select Export to ThreadFix.

A JSON File will download, containing results of the Kiuwan analysis in ThreadFix format. 

The exported results will be those of the selected analysis.

 

...

Image Modified

...

 

...

Kiuwan Local

...

Analyzer CLI

You can use Kiuwan Local Analyzer's Command Line Interface (CLI) to download the results of any Kiuwan analysis.

...

Remember that exporting the results is a different KLA invocation

...

from the one that runs the analysis.

That is:

  • first, execute the analysis
  • second, download the results

...

To indicate the analysis to be exported, you can either specify the application name (and last baseline analysis will be chosen) or the analysis Id (it can be a baseline analysis or a delivery analysis).

To download the results in ThreadFix format, you must use the following KLA command-line-interface options:

Info
    --retrieve-data
       Download data from Kiuwan. An app name (-n) must be specified.
       If no analysis code (-ac) is specified, data from the last available baselines will be retrieved.
       An export format must be spceified (-f).
       Default: false
    -n, --softwareName
       Name of the target application
    -ac, --analysis-code
       In retrieve data mode, code that indentifies the analysis to get data from
    -f, --format
       In retrieve data mode, the export fomat. Available formats [threadfix]
       Available formats [threadfix]
    -o, --output-file
       In retrieve data mode, the output file location

...


Example: 
./agent.sh --retrieve-data -n myApplication -ac A-7e2-163d5623a78 -f threadfix -o /home/john/myfile.threadfix

...

 

...

 


Kiuwan REST 
...
 API 
 
 
 
...
Please visit the following URL for further details : Results of analysis#-«»ExportanalysisresultstoThreadFix