Skip to content

Getting Started

Pete Freitag edited this page Apr 4, 2019 · 18 revisions

Step 1 - Obtain an API Key

Obtain an API Key by visiting:

Step 2 - Download and Install CommandBox

Mac Users

If you are on a Mac with homebrew, simply run the following:

brew install commandbox

If you do not use homebrew please follow the Windows / Linux instructions below.

Windows / Linux

Download (box.exe) and add it to your system PATH (optional). ( Installation Instructions)

What is CommandBox?

CommandBox is a command line tool for CFML developers it is very powerful, fixinator uses it to write a command line tool to run scans. Learn More about CommandBox here.

Step 3 - Install the fixinator command

First make sure you have an API key (visit ), and have installed box (also know as CommandBox, see Step 2 above for details).

Now you can install the fixinator CommandBox command by running:

box install fixinator

in your Terminal or Command Prompt

Step 4 - Set your API key

You can set the API key by running the following command:

box config set modules.fixinator.api_key=YOUR_API_KEY

You can also set the API key by setting an environment variable named FIXINATOR_API_KEY

Step 5 - Scan Some Code

Now use the fixinator command to scan some code:

box fixinator /some/folder


Getting more results

If you are not seeing many results, you can try changing the confidence level to low or medium. Fixinator defaults to high confidence mode which means it will have a very low false positive rate, but it will also skip over issues it is less confident about. To run a scan with low confidence try this:

box fixinator confidence=low path=/some/folder

You should see more results.

Getting less results

If you are getting too many results you can try switching the severity mode to high or medium. The severity level defaults to low which means it will show issues which are low, medium or high. To see only high severity issues try this:

box fixinator severity=high path=/some/folder 

You can also ignore files or folders by creating a .fixinator.json file. Documentation

Keep box running

You can just run box or box.exe without any arguments and then you will have a CommandBox shell. From the box shell you can cd to a directory and run the fixinator command. It will be faster to keep the box shell open, rather than starting / stopping box each time you run a scan.

More Info

Here are a few more guides you might find useful:

You can’t perform that action at this time.