Skip to content

Running Fixinator on Travis CI

Pete Freitag edited this page Mar 4, 2019 · 3 revisions

You can setup your Travis CI build script to run the fixinator command to test your code for ColdFusion / CFML security vulnerabilities.

Set the FIXINATOR_API_KEY Environment Variable in Travis CI

  1. Go to the travis-ci page for your repository
  2. Click on Settings under the More Options drop down
  3. Under Environment Variables enter FIXINATOR_API_KEY as the name, and your API Key as the value. Be sure that Display Value in Build log is turned off, and click Add

Create or Add to a .travis.yml

Here is a sample .travis.yml file:

language: java
sudo: false
- oraclejdk8
- curl --location -o /tmp/
- unzip /tmp/ -d /tmp/
- chmod a+x /tmp/box
- /tmp/box install fixinator
- /tmp/box fixinator path=. confidence=high

If any issue are found the travis build will fail. Here's an example of a build that is failing because it doesn't pass the Fixinator scan (it is a repository Foundeo uses for security training so it is full of holes).

Add a Fixinator Badge

Please consider adding a fixinator badge to your repository README.


Scanned with Fixinator

Markdown Code:

[![Scanned with Fixinator](](
You can’t perform that action at this time.