- New vulnerability search capability lets you slice and dice vulnerability data in a much more flexible way than was possible with the previous reports functionality. You can also save filters for later use. In addition, you can access this new vulnerability search via the REST API and command-line client.
- Scan importers are now pluggable and get reloaded when ThreadFix starts. This should be a huge help as we work to keep these up to date with changing file formats and the inclusion of new scanners. Also we’ve started importing more data from the original scan files such as attack requests and responses. This should provide better context about imported vulnerabilities and help with vulnerability triage. It will take some time to get all of the importers updated, but we’re working on it and making progress.
- User interface and user experience updates to better show progress during potentially long operations. Also drag-and-drop file uploads – fun!
- Vulnerability taxonomy updated to MITRE CWE 2.6
- Support for new scanners – Cenzic/Trustwave Hailstorm and Checkmarx.
- Support for new defect trackers – HP Quality Center and VersionOne.
So please pull down the 2.1M1 build from the ThreadFix download site and take it for a spin. As always, please submit any feature requests and bug reports to the GitHub issue tracker and feel free to reach out to the ThreadFix community via the ThreadFix Google Group.