This module contains domain classes used by all of the other modules.
Group: com.github.secdec.astam-correlator - All Dependencies
threadfix-ham · HAM stands for Hybrid Analysis Mapping. The module originated in research done for DHS to improve static-to-dynamic vulnerabilty matching. It is now a generalized system primarily for parsing source code into Endpoint objects and performing lookups based on partial information. This code is most easily accessed by creating an EndpointDatabase with EndpointDatabaseFactory.getDatabase. The database can be searched using queries created with EndpointQueryBuilder.
ThreadFix · ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts. ThreadFix is developed and maintained by Denim Group, Ltd (http://www.denimgroup.com) For information about commercial support and other services, contact Denim Group about ThreadFix http://www.denimgroup.com/threadfix/ The ASTAM Correlator is a branch of the public Community Edition of the ThreadFix software. This branch is maintained by Secure Decisions (http://www.securedecisions.com), a Division of Applied Visions, Inc (http://www.avi.com).
This module contains library classes for accessing the ThreadFix REST API. The ThreadFix IDE plugins use this library to retrieve application and vulnerability marker information, and in the ThreadFix scanner plugins to get endpoint information and upload scans to ThreadFix applications. The easiest way to start using the library is with the PluginClient or ThreadFixRestClient classes. Both have constructors that take a PropertiesManager instance, which holds the ThreadFix API key and url information. The default PropertiesManager implementation stores these properties in threadfix.properties, but the ThreadFix plugins extend the default PropertiesManager class to override this behavior for the target platform.