Integrating Burp Suite with ThreadFix

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

The ThreadFix extension in the BApp Store provides an interface between Burp and ThreadFix, allowing you to upload Burp Scans to ThreadFix for further analysis and action.


With threadFix installed and configured, install the ThreadFix extension from the BApp Store.


Having used Burp Scanner on the web application you are testing, you can now export the scan results to ThreadFix.

Go to the ThreadFix "Main" tab and click "Export Scan".


Unless you have configured these settings in options, you will be asked to enter the URL you are using for ThreadFix and the API key.



You can generate an API key by going to the ThreadFix options menu.


Click "Create New Key".

Enter a name you would like to associate with your API key and click "Create Key".


ThreadFix should inform you that the Key has been successfully created.

Select and copy the key.


Enter the key in to the "API Key" box and click "Ok".


You will now be able to upload the scan to Threadfix.


You can use the ThreadFix "Options" tab to configure the settings above and to select an Application that the uploaded scan will be associated with.


Any uploaded scans will be now be available via the ThreadFix application.