SinhTran
commented
10 years ago Right now I see if there is no scans in remote application, then this remote application still can be linked to ThreadFix application
Closed dancornell closed 10 years ago
SinhTran
commented
10 years ago Right now I see if there is no scans in remote application, then this remote application still can be linked to ThreadFix application
SinhTran
commented
10 years ago Tested again in Qualys/WhiteHat/Veracode, they all allow application to link. I close this issue out.
Currently, when configuring a RemoteProvider to import scan data to ThreadFix applications, if a remote application exists but has not scan data then that application is not available for linking (at least for Qualys; possibly Veracode and WhiteHat as well)
The preferred behavior would be to allow remote applications with no scans to be linked to ThreadFix applications so that when scan data becomes available it will be imported the next time the RemoteProvider is contacted.
(It might also be nice if we had a way to represent the number of scans/vulns that a remote application has when it is being linked to a ThreadFix application, but perhaps that should be a separate issue if that requires extra API calls, etc.)