This page may be out of date

We haven't updated it for a while because we're busy working on new, improved content to help you get the most out of Burp Suite. In the meantime, please note that the information on this page may no longer be accurate.

Visit our Support Center

Integrating Burp Suite with ThreadFix

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

The ThreadFix extension in the BApp Store provides an interface between Burp and ThreadFix, allowing you to upload Burp Scans to ThreadFix for further analysis and action.


With threadFix installed and configured, install the ThreadFix extension from the BApp Store.


Having used Burp Scanner on the web application you are testing, you can now export the scan results to ThreadFix.

Go to the ThreadFix "Main" tab and click "Export Scan".


Unless you have configured these settings in options, you will be asked to enter the URL you are using for ThreadFix and the API key.



You can generate an API key by going to the ThreadFix options menu.


Click "Create New Key".

Enter a name you would like to associate with your API key and click "Create Key".


ThreadFix should inform you that the Key has been successfully created.

Select and copy the key.


Enter the key in to the "API Key" box and click "Ok".


You will now be able to upload the scan to Threadfix.


You can use the ThreadFix "Options" tab to configure the settings above and to select an Application that the uploaded scan will be associated with.


Any uploaded scans will be now be available via the ThreadFix application.