Running Fixinator on Travis CI

You can setup your Travis CI build script to run the fixinator command to test your code for ColdFusion / CFML security vulnerabilities.

Set the FIXINATOR_API_KEY Environment Variable in Travis CI

Go to the travis-ci page for your repository
Click on Settings under the More Options drop down
Under Environment Variables enter FIXINATOR_API_KEY as the name, and your API Key as the value. Be sure that Display Value in Build log is turned off, and click Add

Create or Add to a .travis.yml

Here is a sample .travis.yml file:

language: java
sudo: false
jdk:
- oraclejdk8
before_install:
- curl --location -o /tmp/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin
- unzip /tmp/box.zip -d /tmp/
- chmod a+x /tmp/box
install:
- /tmp/box install fixinator
script:
- /tmp/box fixinator path=. confidence=high

If any issue are found the travis build will fail. Here's an example of a build that is failing because it doesn't pass the Fixinator scan (it is a repository Foundeo uses for security training so it is full of holes).

Add a Fixinator Badge

Please consider adding a fixinator badge to your repository README.

Example:

Markdown Code:

[![Scanned with Fixinator](https://fixinator.app/img/fixinator-badge.svg)](https://fixinator.app/)

Fixinator

Visit fixinator.app to obtain an API Key.

Getting Started Guide
Continuous Integration Guide

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Running Fixinator on Travis CI

Set the FIXINATOR_API_KEY Environment Variable in Travis CI

Create or Add to a .travis.yml

Add a Fixinator Badge

Clone this wiki locally