Running Fixinator on Travis CI
You can setup your Travis CI build script to run the
fixinator command to test your code for ColdFusion / CFML security vulnerabilities.
Set the FIXINATOR_API_KEY Environment Variable in Travis CI
- Go to the travis-ci page for your repository
- Click on Settings under the More Options drop down
- Under Environment Variables enter
FIXINATOR_API_KEYas the name, and your API Key as the value. Be sure that Display Value in Build log is turned off, and click Add
Create or Add to a .travis.yml
Here is a sample
language: java sudo: false jdk: - oraclejdk8 before_install: - curl --location -o /tmp/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin - unzip /tmp/box.zip -d /tmp/ - chmod a+x /tmp/box install: - /tmp/box install fixinator script: - /tmp/box fixinator path=. confidence=high
If any issue are found the travis build will fail. Here's an example of a build that is failing because it doesn't pass the Fixinator scan (it is a repository Foundeo uses for security training so it is full of holes).
Add a Fixinator Badge
Please consider adding a fixinator badge to your repository README.
[![Scanned with Fixinator](https://fixinator.app/img/fixinator-badge.svg)](https://fixinator.app/)