The ThreadFix team has been hard at work since our 2.1 release a couple of months back. We’ve added some development and QA muscle to the ThreadFix engineering team and we’re rolling toward a 2.2 final release – probably in about two months with a solid release candidate available 30 days prior.
We’ve been posting milestone builds along the way, but haven’t talked about them much so I wanted to get this blog post up with some details about what we’ve been working on. Here are the sorts of things you can expect from the upcoming ThreadFix 2.2 release that you can see now in the ThreadFix 2.2M6 build, now available online for download:
- All the reporting and analytics have been redone in D3.js which allow for much more flexibility in creating and saving custom filters. (They look way better than our previous reports.)
- Initial support for importing results from IAST tools – specifically Contrast.
- Application tagging – allows you to tag applications with various attributes for easier management and reporting (internal-facing versus external-facing, Java-based, mobile versus web, subject to PCI compliance, etc).
- New reports such as the OWASP Top 10 report.
- Hybrid Analysis Mapping (HAM) support now includes ASP.NET WebForms and ASP.NET MVC (for C#)
- Lots of bug fixes, feature enhancements and general all-around cleanup.
We have a couple more tricks up our sleeve before the final 2.2 release, but there’s a lot of great stuff in this milestone build for folks to check out. So head on over to the ThreadFix downloads page.