ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.
ThreadFix requires JDK 1.7.
ThreadFix is licensed under the Mozilla Public License (MPL) version 2.0.
The main GitHub site for ThreadFix can be found here:
https://github.com/denimgroup/threadfix/
The Google Group for ThreadFix can be found here:
https://groups.google.com/forum/#!forum/threadfix
Instructions on setting up a development environment can be found here:
https://github.com/denimgroup/threadfix/wiki/Environment-Setup
Further documentation can be found online here:
https://github.com/denimgroup/threadfix/wiki/
Submit bugs to the GitHub issue tracker: