Skip to content

Running Fixinator on Travis CI

Pete Freitag edited this page Mar 4, 2019 · 3 revisions

You can setup your Travis CI build script to run the fixinator command to test your code for ColdFusion / CFML security vulnerabilities.

Set the FIXINATOR_API_KEY Environment Variable in Travis CI

  1. Go to the travis-ci page for your repository
  2. Click on Settings under the More Options drop down
  3. Under Environment Variables enter FIXINATOR_API_KEY as the name, and your API Key as the value. Be sure that Display Value in Build log is turned off, and click Add

Create or Add to a .travis.yml

Here is a sample .travis.yml file:

language: java
sudo: false
jdk:
- oraclejdk8
before_install:
- curl --location -o /tmp/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin
- unzip /tmp/box.zip -d /tmp/
- chmod a+x /tmp/box
install:
- /tmp/box install fixinator
script:
- /tmp/box fixinator path=. confidence=high

If any issue are found the travis build will fail. Here's an example of a build that is failing because it doesn't pass the Fixinator scan (it is a repository Foundeo uses for security training so it is full of holes).

Add a Fixinator Badge

Please consider adding a fixinator badge to your repository README.

Example:

Scanned with Fixinator

Markdown Code:

[![Scanned with Fixinator](https://fixinator.app/img/fixinator-badge.svg)](https://fixinator.app/)
You can’t perform that action at this time.