You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Contents:

Related pages:

 

 

Integrating Kiuwan with ThreadFix 

ThreadFix is a software vulnerability aggregation and management system that helps organizations to aggregate vulnerability data, automatically consolidating and merging imported results from scanning tools.

Kiuwan allows you to upload Kiuwan analyses results to ThreadFix for further analysis and action.

 

 

Basic usage of Kiuwan-ThreadFix integration consists on

  1. downloading the Kiuwan results (in ThreadFix format), 
  2. and uploading those results to ThreadFix platform.

 

There are some different ways to download Kiuwan results in ThreadFix format:

  1. Code Security dashboard (web interface)
  2. Kiuwan Local Analyzer (command-line interface)
  3. Kiuwan REST-API (programmatic interface)

 

Code Security dashboard

 

Click on "Export to ThreadFix" menu option at Code Security >> Vulnerabiltities 

Then you will get a JSON file with the Kiuwan results exported in ThreadFix format.

The exported results will be those of the selected analysis.

 

 

 

Kiuwan Local Analyzer 

You can use Kiuwan Local Analyzer's Command Line Interface (CLI) to download the results of any Kiuwan analysis.

Bear in mind that exporting the results is a different KLA invocation that analyzing.

That is:

  • first, execute the analysis
  • second, download the results

 

To download the results in ThreadFix format, you must use following KLA command-line-interface options:

    --retrieve-data
       Download data from Kiuwan. An app name (-n) must be specified.
       If no analysis code (-ac) is specified, data from the last available baselines will be retrieved.
       An export format must be spceified (-f).
       Default: false
    -n, --softwareName
       Name of the target application
    -ac, --analysis-code
       In retrieve data mode, code that indentifies the analysis to get data from
    -f, --format
       In retrieve data mode, the export fomat. Available formats [threadfix]
       Available formats [threadfix]
    -o, --output-file
       In retrieve data mode, the output file location
 
Example: 
./agent.sh --retrieve-data -n myApplication -ac A-7e2-163d5623a78 -f threadfix -o /home/john/myfile.threadfix

 

 

 

Kiuwan REST-API 

 

 

 

 



  • No labels